CWE-74— Improper Neutralization of Special Elements in Output Used by a Downstream Component (Injection)
The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.— MITRE CWE catalog
5,091 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-74page 38 of 102
- CVE-2025-11486MEDIUMCVSS 6.3EG 6.32025-10-08
A vulnerability was identified in SourceCodester Farm Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /buyNow.php. Such manipulation of the argument Name leads to sql injection. The attack can …
- CVE-2025-11487MEDIUMCVSS 6.3EG 6.32025-10-08
A security flaw has been discovered in SourceCodester Farm Management System 1.0. Affected by this issue is some unknown functionality of the file /uploadProduct.php. Performing manipulation of the argument Type results in sql injection. T…
- CVE-2025-11488HIGHCVSS 7.3EG 7.32025-10-08
A weakness has been identified in D-Link DIR-852 up to 20251002. This affects an unknown part of the file /HNAP1/. Executing manipulation can lead to command injection. The attack may be launched remotely. The exploit has been made availab…
- CVE-2025-11503HIGHCVSS 7.3EG 7.32025-10-08
A vulnerability was determined in PHPGurukul Beauty Parlour Management System 1.1. This issue affects some unknown processing of the file /admin/manage-services.php. Executing a manipulation of the argument delid can lead to sql injection.…
- CVE-2025-11505HIGHCVSS 7.3EG 7.32025-10-08
A vulnerability was identified in PHPGurukul Beauty Parlour Management System 1.1. Impacted is an unknown function of the file /admin/new-appointment.php. The manipulation of the argument delid leads to sql injection. It is possible to ini…
- CVE-2025-11506HIGHCVSS 7.3EG 7.32025-10-08
A security flaw has been discovered in PHPGurukul Beauty Parlour Management System 1.1. The affected element is an unknown function of the file /admin/search-appointment.php. The manipulation of the argument searchdata results in sql injec…
- CVE-2025-11507HIGHCVSS 7.3EG 7.32025-10-08
A weakness has been identified in PHPGurukul Beauty Parlour Management System 1.1. The impacted element is an unknown function of the file /admin/search-invoices.php. This manipulation of the argument searchdata causes sql injection. The a…
- CVE-2025-11509MEDIUMCVSS 6.3EG 6.32025-10-08
A vulnerability was detected in code-projects E-Commerce Website 1.0. This impacts an unknown function of the file /pages/product_add.php. Performing manipulation of the argument prod_name results in sql injection. The attack may be initia…
- CVE-2025-11511MEDIUMCVSS 6.3EG 6.32025-10-08
A flaw has been found in code-projects E-Commerce Website 1.0. Affected is an unknown function of the file /pages/supplier_add.php. Executing manipulation of the argument supp_email can lead to sql injection. The attack may be launched rem…
- CVE-2025-11513HIGHCVSS 7.3EG 7.32025-10-09
A vulnerability was determined in code-projects E-Commerce Website 1.0. This affects an unknown part of the file /pages/supplier_update.php. This manipulation of the argument supp_id causes sql injection. The attack is possible to be carri…
- CVE-2025-11514MEDIUMCVSS 6.3EG 6.32025-10-09
A vulnerability was identified in code-projects Online Complaint Site 1.0. This vulnerability affects unknown code of the file /cms/users/index.php. Such manipulation of the argument Username leads to sql injection. The attack may be perfo…
- CVE-2025-11515MEDIUMCVSS 6.3EG 6.32025-10-09
A security flaw has been discovered in code-projects Online Complaint Site 1.0. This issue affects some unknown processing of the file /cms/users/register-complaint.php. Performing manipulation of the argument cid results in sql injection.…
- CVE-2025-11516MEDIUMCVSS 6.3EG 6.32025-10-09
A weakness has been identified in code-projects Online Complaint Site 1.0. Impacted is an unknown function of the file /cms/users/complaint-details.php. Executing manipulation of the argument cid can lead to sql injection. It is possible t…
- CVE-2025-11523MEDIUMCVSS 6.3EG 6.32025-10-09
A vulnerability was detected in Tenda AC7 15.03.06.44. This vulnerability affects unknown code of the file /goform/AdvSetLanip. The manipulation of the argument lanIp results in command injection. It is possible to launch the attack remote…
- CVE-2025-11530MEDIUMCVSS 6.3EG 6.32025-10-09
A weakness has been identified in code-projects Online Complaint Site 1.0. Affected is an unknown function of the file /cms/admin/state.php. This manipulation of the argument state causes sql injection. The attack is possible to be carried…
- CVE-2025-1154MEDIUMCVSS 6.3EG 6.32025-02-10
A vulnerability, which was classified as critical, has been found in xxyopen Novel up to 3.4.1. Affected by this issue is some unknown functionality of the file /api/front/search/books. The manipulation of the argument sort leads to sql in…
- CVE-2025-11551MEDIUMCVSS 6.3EG 6.32025-10-09
A vulnerability was determined in code-projects Student Result Manager 1.0. This affects an unknown function of the file src/students/Database.java. This manipulation of the argument roll/name/gpa causes sql injection. It is possible to in…
- CVE-2025-11552MEDIUMCVSS 6.3EG 6.32025-10-09
A vulnerability was identified in code-projects Online Complaint Site 1.0. This impacts an unknown function of the file /admin/category.php. Such manipulation of the argument Category leads to sql injection. It is possible to launch the at…
- CVE-2025-11553MEDIUMCVSS 6.3EG 6.32025-10-09
A weakness has been identified in code-projects Courier Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /add-courier.php. Executing manipulation of the argument Shippername can lead to sql inje…
- CVE-2025-11555HIGHCVSS 7.3EG 7.32025-10-09
A vulnerability was detected in Campcodes Online Learning Management System 1.0. This affects an unknown part of the file /admin/calendar_of_events.php. The manipulation of the argument date_start results in sql injection. The attack may b…
- CVE-2025-11556HIGHCVSS 7.3EG 7.32025-10-09
A flaw has been found in code-projects Simple Leave Manager 1.0. This vulnerability affects unknown code of the file /user.php. This manipulation of the argument table causes sql injection. Remote exploitation of the attack is possible. Th…
- CVE-2025-11557HIGHCVSS 7.3EG 7.32025-10-09
A vulnerability has been found in projectworlds Gate Pass Management System 1.0. This issue affects some unknown processing of the file /add-pass.php. Such manipulation of the argument fullname leads to sql injection. The attack can be exe…
- CVE-2025-11558HIGHCVSS 7.3EG 7.32025-10-09
A vulnerability was found in code-projects E-Commerce Website 1.0. Impacted is an unknown function of the file /pages/user_index_search.php. Performing manipulation of the argument Search results in sql injection. The attack is possible to…
- CVE-2025-1156HIGHCVSS 7.3EG 7.32025-02-10
A vulnerability has been found in Pix Software Vivaz 6.0.10 and classified as critical. This vulnerability affects unknown code of the file /servlet?act=login. The manipulation of the argument usuario leads to sql injection. The attack can…
- CVE-2025-1157MEDIUMCVSS 6.3EG 6.32025-02-10
A vulnerability was found in Allims lab.online up to 20250201 and classified as critical. This issue affects some unknown processing of the file /model/model_recuperar_senha.php. The manipulation of the argument recuperacao leads to sql in…
- CVE-2025-1158MEDIUMCVSS 6.3EG 6.32025-02-10
A vulnerability was found in ESAFENET CDG 5.6.3.154.205_20250114. It has been classified as critical. Affected is an unknown function of the file addPolicyToSafetyGroup.jsp. The manipulation of the argument safetyGroupId leads to sql injec…
- CVE-2025-11582HIGHCVSS 7.3EG 7.32025-10-10
A vulnerability was detected in code-projects Online Job Search Engine 1.0. This issue affects some unknown processing of the file /registration.php. Performing manipulation of the argument txtusername results in sql injection. The attack …
- CVE-2025-11583HIGHCVSS 7.3EG 7.32025-10-10
A flaw has been found in code-projects Online Job Search Engine 1.0. Impacted is an unknown function of the file /postjob.php. Executing manipulation of the argument txtjobID can lead to sql injection. The attack may be launched remotely. …
- CVE-2025-11584HIGHCVSS 7.3EG 7.32025-10-10
A vulnerability has been found in code-projects Online Job Search Engine 1.0. The affected element is an unknown function of the file /searchjob.php. The manipulation of the argument txtspecialization leads to sql injection. Remote exploit…
- CVE-2025-11585HIGHCVSS 7.3EG 7.32025-10-10
A vulnerability was found in code-projects Project Monitoring System 1.0. The impacted element is an unknown function of the file /useredit.php. The manipulation of the argument uid results in sql injection. The attack can be executed remo…
- CVE-2025-11588MEDIUMCVSS 6.3EG 6.32025-10-10
A vulnerability was identified in CodeAstro Gym Management System 1.0. This impacts an unknown function of the file /customer/index.php. Such manipulation of the argument fullname leads to sql injection. The attack may be performed from re…
- CVE-2025-11589MEDIUMCVSS 6.3EG 6.32025-10-10
A security flaw has been discovered in CodeAstro Gym Management System 1.0. Affected is an unknown function of the file /admin/user-payment.php. Performing a manipulation of the argument plan results in sql injection. It is possible to ini…
- CVE-2025-11590MEDIUMCVSS 6.3EG 6.32025-10-11
A weakness has been identified in CodeAstro Gym Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/equipment-entry.php. Executing a manipulation of the argument ename can lead to sql inject…
- CVE-2025-11591MEDIUMCVSS 6.3EG 6.32025-10-11
A security vulnerability has been detected in CodeAstro Gym Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/actions/delete-member.php. The manipulation of the argument ID leads to sql injectio…
- CVE-2025-11592MEDIUMCVSS 6.3EG 6.32025-10-11
A vulnerability was detected in CodeAstro Gym Management System 1.0. This affects an unknown part of the file /admin/edit-equipmentform.php. The manipulation of the argument ID results in sql injection. The attack can be launched remotely.…
- CVE-2025-11593MEDIUMCVSS 6.3EG 6.32025-10-11
A flaw has been found in CodeAstro Gym Management System 1.0. This vulnerability affects unknown code of the file /admin/actions/delete-equipment.php. This manipulation of the argument ID causes sql injection. The attack may be initiated r…
- CVE-2025-11595MEDIUMCVSS 4.7EG 4.72025-10-11
A vulnerability was found in Campcodes Online Apartment Visitor Management System 1.0. Impacted is an unknown function of the file /admin-profile.php. Performing a manipulation of the argument mobilenumber results in sql injection. Remote …
- CVE-2025-11596HIGHCVSS 7.3EG 7.32025-10-11
A vulnerability was determined in code-projects E-Commerce Website 1.0. The affected element is an unknown function of the file /pages/delete_order_details.php. Executing manipulation of the argument order_id can lead to sql injection. The…
- CVE-2025-11597MEDIUMCVSS 6.3EG 6.32025-10-11
A vulnerability was identified in code-projects E-Commerce Website 1.0. The impacted element is an unknown function of the file /pages/product_add_qty.php. The manipulation of the argument prod_id leads to sql injection. The attack is poss…
- CVE-2025-11599HIGHCVSS 7.3EG 7.32025-10-11
A weakness has been identified in Campcodes Online Apartment Visitor Management System 1.0. This impacts an unknown function of the file /forgot-password.php. This manipulation of the argument email causes sql injection. It is possible to …
- CVE-2025-11600MEDIUMCVSS 6.3EG 6.32025-10-11
A security vulnerability has been detected in code-projects Simple Food Ordering System 1.0. Affected is an unknown function of the file editcategory.php. Such manipulation of the argument cname leads to sql injection. It is possible to la…
- CVE-2025-11601HIGHCVSS 7.3EG 7.32025-10-11
A vulnerability was detected in SourceCodester Online Student Result System 1.0. Affected by this vulnerability is an unknown functionality of the file /login.php. Performing manipulation of the argument Username results in sql injection. …
- CVE-2025-11603MEDIUMCVSS 6.3EG 6.32025-10-11
A vulnerability was found in code-projects Simple Food Ordering System 1.0. This vulnerability affects unknown code of the file /editproduct.php. The manipulation of the argument Category results in sql injection. The attack may be launche…
- CVE-2025-11604HIGHCVSS 7.3EG 7.32025-10-11
A vulnerability was determined in projectworlds Online Ordering Food System 1.0. This issue affects some unknown processing of the file /all-orders.php. This manipulation of the argument Status causes sql injection. Remote exploitation of …
- CVE-2025-11605MEDIUMCVSS 6.3EG 6.32025-10-11
A vulnerability was identified in code-projects Client Details System 1.0. Impacted is an unknown function of the file /admin/update-profile.php. Such manipulation of the argument uid leads to sql injection. The attack can be executed remo…
- CVE-2025-11606MEDIUMCVSS 6.3EG 6.32025-10-11
A security flaw has been discovered in iPynch Social Network Website up to b6933b6d7f82c84819abe458ccf0e59d61119541. The affected element is an unknown function of the component Search. Performing manipulation results in sql injection. The…
- CVE-2025-11608HIGHCVSS 7.3EG 7.32025-10-11
A security vulnerability has been detected in code-projects E-Banking System 1.0. This affects an unknown function of the file /register.php of the component POST Parameter Handler. The manipulation of the argument username/password leads …
- CVE-2025-11610MEDIUMCVSS 6.3EG 6.32025-10-11
A security flaw has been discovered in SourceCodester Simple Inventory System 1.0. This issue affects some unknown processing of the file /brand.php. The manipulation of the argument editBrandName results in sql injection. The attack can b…
- CVE-2025-11611MEDIUMCVSS 6.3EG 6.32025-10-11
A weakness has been identified in SourceCodester Simple Inventory System 1.0. Impacted is an unknown function of the file /user.php. This manipulation of the argument uemail causes sql injection. The attack is possible to be carried out re…
- CVE-2025-11612MEDIUMCVSS 6.3EG 6.32025-10-11
A vulnerability has been found in code-projects Simple Food Ordering System 1.0. This impacts an unknown function of the file /addproduct.php. The manipulation of the argument Category leads to sql injection. The attack can be initiated re…
Map vulnerabilities like CWE-74 to your infrastructure
EchelonGraph correlates every CVE — across CWE-74 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →