CWE-74— Improper Neutralization of Special Elements in Output Used by a Downstream Component (Injection)
The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.— MITRE CWE catalog
5,091 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-74page 37 of 102
- CVE-2025-11316HIGHCVSS 7.3EG 7.32025-10-06
A vulnerability was determined in Tipray 厦门天锐科技股份有限公司 Data Leakage Prevention System 天锐数据泄露防护系统 1.0. Affected by this issue is the function findCategoryPage of the file findCategoryPage.do. Execu…
- CVE-2025-11317HIGHCVSS 7.3EG 7.32025-10-06
A vulnerability was identified in Tipray 厦门天锐科技股份有限公司 Data Leakage Prevention System 天锐数据泄露防护系统 1.0. This affects the function findRolePage of the file findSingConfigPage.do. The manipulation of …
- CVE-2025-11319MEDIUMCVSS 6.3EG 6.32025-10-06
A weakness has been identified in nahiduddinahammed Hospital-Management-System-Website up to e6562429e14b2f88bd2139cae16e87b965024097. This issue affects some unknown processing of the file /delete.php. This manipulation of the argument ai…
- CVE-2025-11329HIGHCVSS 7.3EG 7.32025-10-06
A flaw has been found in code-projects Online Course Registration 1.0. Impacted is an unknown function of the file /admin/manage-students.php. This manipulation of the argument ID causes sql injection. The attack can be initiated remotely.…
- CVE-2025-11330MEDIUMCVSS 6.3EG 6.32025-10-06
A vulnerability has been found in PHPGurukul Beauty Parlour Management System 1.1. The affected element is an unknown function of the file /admin/sales-reports-detail.php. Such manipulation of the argument fromdate/todate leads to sql inje…
- CVE-2025-11331MEDIUMCVSS 4.7EG 4.72025-10-06
A vulnerability was found in IdeaCMS up to 1.8. The impacted element is an unknown function of the file app/common/logic/admin/Config.php of the component Website Name Handler. Performing manipulation of the argument 网站名称 results i…
- CVE-2025-11334HIGHCVSS 7.3EG 7.32025-10-06
A security flaw has been discovered in Campcodes Online Apartment Visitor Management System 1.0. Affected is an unknown function of the file /visitor-detail.php. The manipulation of the argument editid results in sql injection. The attack …
- CVE-2025-11335MEDIUMCVSS 4.7EG 4.72025-10-06
A weakness has been identified in D-Link DI-7100G C1 up to 20250928. Affected by this vulnerability is the function sub_46409C of the file /msp_info.htm?flag=qos of the component jhttpd. This manipulation of the argument iface causes comma…
- CVE-2025-11342MEDIUMCVSS 4.7EG 4.72025-10-06
A weakness has been identified in code-projects Online Course Registration 1.0. This impacts an unknown function of the file /admin/edit-course.php. Executing manipulation of the argument coursecode can lead to sql injection. The attack ca…
- CVE-2025-11343HIGHCVSS 7.3EG 7.32025-10-06
A security vulnerability has been detected in code-projects Student Crud Operation 3.3. Affected is an unknown function of the file delete.php. The manipulation of the argument ID leads to sql injection. The attack is possible to be carrie…
- CVE-2025-11344MEDIUMCVSS 6.3EG 6.32025-10-06
A vulnerability was detected in ILIAS up to 8.23/9.13/10.1. Affected by this vulnerability is an unknown functionality of the component Certificate Import Handler. The manipulation results in Remote Code Execution. The attack may be perfor…
- CVE-2025-11348HIGHCVSS 7.3EG 7.32025-10-07
A vulnerability was determined in Campcodes Online Apartment Visitor Management System 1.0. This issue affects some unknown processing of the file /index.php. Executing a manipulation of the argument Username can lead to sql injection. The…
- CVE-2025-11349HIGHCVSS 7.3EG 7.32025-10-07
A vulnerability was identified in Campcodes Online Apartment Visitor Management System 1.0. Impacted is an unknown function of the file /search-visitor.php. The manipulation of the argument searchdata leads to sql injection. The attack may…
- CVE-2025-11350HIGHCVSS 7.3EG 7.32025-10-07
A security flaw has been discovered in Campcodes Online Apartment Visitor Management System 1.0. The affected element is an unknown function of the file /bwdates-reports-details.php. The manipulation of the argument fromdate/todate results…
- CVE-2025-11357MEDIUMCVSS 6.3EG 6.32025-10-07
A security flaw has been discovered in code-projects Simple Banking System 1.0. This issue affects some unknown processing of the file /createuser.php. Performing manipulation of the argument Name results in sql injection. The attack may b…
- CVE-2025-11358MEDIUMCVSS 6.3EG 6.32025-10-07
A weakness has been identified in code-projects Simple Banking System 1.0. Impacted is an unknown function of the file /removeuser.php. Executing manipulation of the argument ID can lead to sql injection. The attack may be launched remotel…
- CVE-2025-11359MEDIUMCVSS 6.3EG 6.32025-10-07
A security vulnerability has been detected in code-projects Simple Banking System 1.0. The affected element is an unknown function of the file /transfermoney.php. The manipulation of the argument ID leads to sql injection. Remote exploitat…
- CVE-2025-11396HIGHCVSS 7.3EG 7.32025-10-07
A vulnerability was identified in code-projects Simple Food Ordering System 1.0. Impacted is an unknown function of the file /product.php. Such manipulation of the argument Category leads to sql injection. The attack can be launched remote…
- CVE-2025-11397HIGHCVSS 7.3EG 7.32025-10-07
A security flaw has been discovered in SourceCodester Hotel and Lodge Management System 1.0. The affected element is an unknown function of the file /login.php. Performing manipulation of the argument email results in sql injection. The at…
- CVE-2025-11399MEDIUMCVSS 6.3EG 6.32025-10-07
A security vulnerability has been detected in SourceCodester Hotel and Lodge Management System 1.0. This affects an unknown function of the file /pages/save_room.php. The manipulation of the argument floorno leads to sql injection. Remote …
- CVE-2025-11400MEDIUMCVSS 6.3EG 6.32025-10-07
A vulnerability was detected in SourceCodester Hotel and Lodge Management System 1.0. This impacts an unknown function of the file /del_room.php. The manipulation of the argument ID results in sql injection. The attack can be executed remo…
- CVE-2025-11401MEDIUMCVSS 6.3EG 6.32025-10-07
A flaw has been found in SourceCodester Hotel and Lodge Management System 1.0. Affected is an unknown function of the file /pages/save_curr.php. This manipulation of the argument currcode causes sql injection. The attack is possible to be …
- CVE-2025-11402MEDIUMCVSS 6.3EG 6.32025-10-07
A vulnerability has been found in SourceCodester Hotel and Lodge Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /del_curr.php. Such manipulation of the argument ID leads to sql injection. The …
- CVE-2025-11403MEDIUMCVSS 6.3EG 6.32025-10-07
A vulnerability was found in SourceCodester Hotel and Lodge Management System 1.0. Affected by this issue is some unknown functionality of the file /del_booking.php. Performing manipulation of the argument ID results in sql injection. It i…
- CVE-2025-11404MEDIUMCVSS 6.3EG 6.32025-10-07
A vulnerability was determined in SourceCodester Hotel and Lodge Management System 1.0. This affects an unknown part of the file /pages/save_tax.php. Executing manipulation of the argument percentage can lead to sql injection. It is possib…
- CVE-2025-11405MEDIUMCVSS 6.3EG 6.32025-10-07
A vulnerability was identified in SourceCodester Hotel and Lodge Management System 1.0. This vulnerability affects unknown code of the file /del_tax.php. The manipulation of the argument ID leads to sql injection. The attack can be initiat…
- CVE-2025-11409MEDIUMCVSS 6.3EG 6.32025-10-07
A vulnerability was detected in Campcodes Advanced Online Voting Management System 1.0. The impacted element is an unknown function of the file /index.php. Performing manipulation of the argument voter results in sql injection. Remote expl…
- CVE-2025-11410MEDIUMCVSS 6.3EG 6.32025-10-07
A flaw has been found in Campcodes Advanced Online Voting Management System 1.0. This affects an unknown function of the file /admin/voters_add.php. Executing manipulation of the argument firstname can lead to sql injection. The attack can…
- CVE-2025-11415HIGHCVSS 7.3EG 7.32025-10-07
A vulnerability was identified in PHPGurukul Beauty Parlour Management System 1.1. Affected by this issue is some unknown functionality of the file /admin/customer-list.php. Such manipulation of the argument delid leads to sql injection. I…
- CVE-2025-11416HIGHCVSS 7.3EG 7.32025-10-07
A security flaw has been discovered in PHPGurukul Beauty Parlour Management System 1.1. This affects an unknown part of the file /admin/invoices.php. Performing a manipulation of the argument delid results in sql injection. The attack can …
- CVE-2025-11420HIGHCVSS 7.3EG 7.32025-10-08
A vulnerability was detected in code-projects E-Commerce Website 1.0. Impacted is an unknown function of the file /pages/edit_order_details.php. The manipulation of the argument order_id results in sql injection. The attack may be launched…
- CVE-2025-11422HIGHCVSS 7.3EG 7.32025-10-08
A vulnerability has been found in Campcodes Advanced Online Voting Management System 1.0. The impacted element is an unknown function of the file /admin/login.php. Such manipulation of the argument Username leads to sql injection. The atta…
- CVE-2025-11424HIGHCVSS 7.3EG 7.32025-10-08
A vulnerability was determined in code-projects Web-Based Inventory and POS System 1.0. This impacts an unknown function of the file /login.php. Executing manipulation of the argument emailid can lead to sql injection. The attack may be pe…
- CVE-2025-11430HIGHCVSS 7.3EG 7.32025-10-08
A vulnerability was found in SourceCodester Simple E-Commerce Bookstore 1.0. The affected element is an unknown function of the file /cart.php. The manipulation of the argument remove results in sql injection. The attack can be executed re…
- CVE-2025-11431MEDIUMCVSS 6.3EG 6.32025-10-08
A vulnerability was determined in code-projects Web-Based Inventory and POS System 1.0. The impacted element is an unknown function of the file /transaction.php. This manipulation of the argument shopid causes sql injection. The attack is …
- CVE-2025-11432HIGHCVSS 7.3EG 7.32025-10-08
A vulnerability was identified in itsourcecode Leave Management System 1.0. This affects an unknown function of the file /reset.php. Such manipulation of the argument employid leads to sql injection. The attack may be performed from remote…
- CVE-2025-11434HIGHCVSS 7.3EG 7.32025-10-08
A weakness has been identified in itsourcecode Student Transcript Processing System 1.0. Affected is an unknown function of the file /login.php. Executing a manipulation of the argument uname can lead to sql injection. It is possible to la…
- CVE-2025-11445MEDIUMCVSS 6.3EG 6.32025-10-08
A vulnerability was detected in Kilo Code up to 4.86.0. Affected is the function ClineProvider of the file src/core/webview/ClineProvider.ts of the component Prompt Handler. Performing manipulation results in injection. The attack can be i…
- CVE-2025-11469MEDIUMCVSS 6.3EG 6.32025-10-08
A weakness has been identified in SourceCodester Hotel and Lodge Management System 1.0. The affected element is an unknown function of the file /pages/save_customer.php. Executing manipulation of the argument Contact can lead to sql inject…
- CVE-2025-11471HIGHCVSS 7.3EG 7.32025-10-08
A vulnerability was detected in SourceCodester Hotel and Lodge Management System 1.0. This affects an unknown function of the file /edit_customer.php. The manipulation of the argument ID results in sql injection. The attack may be performe…
- CVE-2025-11472HIGHCVSS 7.3EG 7.32025-10-08
A flaw has been found in SourceCodester Hotel and Lodge Management System 1.0. This impacts an unknown function of the file /edit_room.php. This manipulation of the argument ID causes sql injection. It is possible to initiate the attack re…
- CVE-2025-11473HIGHCVSS 7.3EG 7.32025-10-08
A vulnerability has been found in SourceCodester Hotel and Lodge Management System 1.0. Affected is an unknown function of the file /edit_curr.php. Such manipulation of the argument currsymbol leads to sql injection. It is possible to laun…
- CVE-2025-11474MEDIUMCVSS 6.3EG 6.32025-10-08
A vulnerability was found in SourceCodester Hotel and Lodge Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /edit_booking.php. Performing manipulation of the argument Name results in sql inject…
- CVE-2025-11475HIGHCVSS 7.3EG 7.32025-10-08
A vulnerability was determined in projectworlds Advanced Library Management System 1.0. Affected by this issue is some unknown functionality of the file /view_member.php. Executing a manipulation of the argument user_id can lead to sql inj…
- CVE-2025-11476HIGHCVSS 7.3EG 7.32025-10-08
A vulnerability was identified in SourceCodester Simple E-Commerce Bookstore 1.0. This affects an unknown part of the file /index.php. The manipulation of the argument login_username leads to sql injection. The attack may be initiated remo…
- CVE-2025-11477HIGHCVSS 7.3EG 7.32025-10-08
A security flaw has been discovered in SourceCodester Wedding Reservation Management System 1.0. This vulnerability affects unknown code of the file /global.php. The manipulation of the argument User results in sql injection. The attack ma…
- CVE-2025-11478MEDIUMCVSS 6.3EG 6.32025-10-08
A weakness has been identified in SourceCodester Farm Management System 1.0. This issue affects some unknown processing of the file /myCart.php. This manipulation of the argument pid causes sql injection. Remote exploitation of the attack …
- CVE-2025-11479HIGHCVSS 7.3EG 7.32025-10-08
A security vulnerability has been detected in SourceCodester Wedding Reservation Management System 1.0. Impacted is the function insertReservation of the file function.php. Such manipulation of the argument number leads to sql injection. T…
- CVE-2025-11480HIGHCVSS 7.3EG 7.32025-10-08
A vulnerability was detected in SourceCodester Simple E-Commerce Bookstore 1.0. The affected element is an unknown function of the file /register.php. Performing manipulation of the argument register_username results in sql injection. The …
- CVE-2025-11481MEDIUMCVSS 6.3EG 6.32025-10-08
A flaw has been found in varunsardana004 Blood-Bank-And-Donation-Management-System up to dc9e0393d826fbc85fad9755b5bc12cba1919df2. The impacted element is an unknown function of the file /donate_blood.php. Executing manipulation of the arg…
Map vulnerabilities like CWE-74 to your infrastructure
EchelonGraph correlates every CVE — across CWE-74 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →