CWE-74— Improper Neutralization of Special Elements in Output Used by a Downstream Component (Injection)
The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.— MITRE CWE catalog
5,092 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-74page 41 of 102
- CVE-2025-12856MEDIUMCVSS 4.7EG 4.72025-11-07
A weakness has been identified in code-projects Responsive Hotel Site 1.0. Impacted is an unknown function of the file /admin/reservation.php. This manipulation of the argument email causes sql injection. The attack can be initiated remote…
- CVE-2025-12857MEDIUMCVSS 4.7EG 4.72025-11-07
A security vulnerability has been detected in code-projects Responsive Hotel Site 1.0. The affected element is an unknown function of the file /admin/roombook.php. Such manipulation of the argument rid leads to sql injection. The attack ca…
- CVE-2025-12859MEDIUMCVSS 4.7EG 4.72025-11-07
A vulnerability has been found in DedeBIZ up to 6.3.2. This impacts an unknown function of the file /admin/templets_one_edit.php. The manipulation of the argument ids leads to sql injection. Remote exploitation of the attack is possible. T…
- CVE-2025-12860MEDIUMCVSS 4.7EG 4.72025-11-07
A vulnerability was found in DedeBIZ up to 6.3.2. Affected is an unknown function of the file /admin/freelist_main.php. The manipulation of the argument orderby results in sql injection. The attack can be executed remotely. The exploit has…
- CVE-2025-12861MEDIUMCVSS 4.7EG 4.72025-11-07
A vulnerability was determined in DedeBIZ up to 6.3.2. Affected by this vulnerability is an unknown functionality of the file /admin/spec_add.php. This manipulation of the argument flags[] causes sql injection. The attack is possible to be…
- CVE-2025-12873MEDIUMCVSS 4.7EG 4.72025-11-07
A security flaw has been discovered in Campcodes School File Management 1.0. This affects an unknown part of the file /admin/update_user.php. Performing manipulation of the argument user_id results in sql injection. It is possible to initi…
- CVE-2025-12913MEDIUMCVSS 4.7EG 4.72025-11-08
A flaw has been found in code-projects Responsive Hotel Site 1.0. This affects an unknown part of the file /admin/roomdel.php. Executing manipulation of the argument ID can lead to sql injection. It is possible to launch the attack remotel…
- CVE-2025-12914MEDIUMCVSS 4.7EG 4.72025-11-08
A vulnerability has been found in aaPanel BaoTa up to 11.2.x. This vulnerability affects unknown code of the file /database?action=GetDatabaseAccess of the component Backend. The manipulation of the argument Name leads to sql injection. Th…
- CVE-2025-12916MEDIUMCVSS 6.3EG 6.32025-11-09
A vulnerability was determined in Sangfor Operation and Maintenance Security Management System 3.0. Impacted is an unknown function of the file /fort/portal_login of the component Frontend. This manipulation of the argument loginUrl causes…
- CVE-2025-12921MEDIUMCVSS 4.3EG 4.32025-11-10
A vulnerability has been found in OpenClinica Community Edition up to 3.12.2/3.13. Affected by this issue is some unknown functionality of the file /ImportCRFData?action=confirm of the component CRF Data Import. Such manipulation of the ar…
- CVE-2025-12926MEDIUMCVSS 6.3EG 6.32025-11-10
A weakness has been identified in SourceCodester Farm Management System 1.0. The affected element is an unknown function of the file /review.php. This manipulation of the argument pid causes sql injection. Remote exploitation of the attack…
- CVE-2025-12927MEDIUMCVSS 4.7EG 4.72025-11-10
A security vulnerability has been detected in DedeBIZ up to 6.3.2. The impacted element is an unknown function of the file /admin/archives_add.php. Such manipulation of the argument flags[] leads to sql injection. The attack can be execute…
- CVE-2025-12928HIGHCVSS 7.3EG 7.32025-11-10
A vulnerability was detected in code-projects Online Job Search Engine 1.0. This affects an unknown function of the file /login.php. Performing manipulation of the argument username/phone results in sql injection. The attack is possible to…
- CVE-2025-12929HIGHCVSS 7.3EG 7.32025-11-10
A flaw has been found in SourceCodester Survey Application System 1.0. This impacts the function save_user/update_user of the file /LoginRegistration.php. Executing manipulation of the argument fullname can lead to sql injection. The attac…
- CVE-2025-12930MEDIUMCVSS 6.3EG 6.32025-11-10
A vulnerability has been found in SourceCodester Food Ordering System 1.0. Affected is an unknown function of the file /view-ticket.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remo…
- CVE-2025-12931MEDIUMCVSS 6.3EG 6.32025-11-10
A vulnerability was found in SourceCodester Food Ordering System 1.0. Affected by this vulnerability is an unknown functionality of the file /routers/edit-orders.php. The manipulation of the argument ID results in sql injection. It is poss…
- CVE-2025-12932MEDIUMCVSS 4.7EG 4.72025-11-10
A vulnerability was determined in SourceCodester Baby Care System 1.0. Affected by this issue is some unknown functionality of the file /admin.php?id=inbox. This manipulation of the argument msgid causes sql injection. The attack can be in…
- CVE-2025-12933MEDIUMCVSS 6.3EG 6.32025-11-10
A vulnerability was identified in SourceCodester Baby Care System 1.0. This affects an unknown part of the file /updatewelcome.php?id=siteoptions&action=welcome. Such manipulation of the argument roleid leads to sql injection. The attack c…
- CVE-2025-12938HIGHCVSS 7.3EG 7.32025-11-10
A vulnerability was identified in projectworlds Online Admission System 1.0. Affected by this vulnerability is an unknown functionality of the file /process_login.php. The manipulation of the argument keywords leads to sql injection. The a…
- CVE-2025-12939MEDIUMCVSS 6.3EG 6.32025-11-10
A security flaw has been discovered in SourceCodester Interview Management System up to 1.0. Affected by this issue is some unknown functionality of the file /addCandidate.php. The manipulation of the argument candName results in sql injec…
- CVE-2025-13057MEDIUMCVSS 6.3EG 6.32025-11-12
A vulnerability was identified in Campcodes School Fees Payment Management System 1.0. Impacted is an unknown function of the file /ajax.php?action=save_student. The manipulation of the argument ID leads to sql injection. The attack may be…
- CVE-2025-13059MEDIUMCVSS 6.3EG 6.32025-11-12
A weakness has been identified in SourceCodester Alumni Management System 1.0. The impacted element is an unknown function of the file /manage_career.php. This manipulation of the argument ID causes sql injection. Remote exploitation of th…
- CVE-2025-13060HIGHCVSS 7.3EG 7.32025-11-12
A security vulnerability has been detected in SourceCodester Survey Application System 1.0. This affects an unknown function of the file /view_survey.php. Such manipulation of the argument ID leads to sql injection. The attack can be execu…
- CVE-2025-13075MEDIUMCVSS 4.7EG 4.72025-11-12
A vulnerability was detected in code-projects Responsive Hotel Site 1.0. Impacted is an unknown function of the file /admin/usersettingdel.php. Performing manipulation of the argument eid results in sql injection. Remote exploitation of th…
- CVE-2025-13076MEDIUMCVSS 4.7EG 4.72025-11-12
A flaw has been found in code-projects Responsive Hotel Site 1.0. The affected element is an unknown function of the file /admin/usersetting.php. Executing manipulation of the argument usname can lead to sql injection. The attack can be ex…
- CVE-2025-13121HIGHCVSS 7.3EG 7.32025-11-13
A security vulnerability has been detected in cameasy Liketea 1.0.0. Impacted is the function list of the file laravel/app/Http/Controllers/Front/StoreController.php of the component API Endpoint. Such manipulation of the argument lng/lat …
- CVE-2025-13122HIGHCVSS 7.3EG 7.32025-11-13
A vulnerability was detected in SourceCodester Patients Waiting Area Queue Management System 1.0. The affected element is the function getPatientAppointment of the file /php/api_patient_checkin.php. Performing manipulation of the argument …
- CVE-2025-13123MEDIUMCVSS 6.3EG 6.32025-11-13
A flaw has been found in AMTT Hotel Broadband Operation System 1.0. The impacted element is an unknown function of the file /user/portal/get_firstdate.php. Executing manipulation of the argument uid can lead to sql injection. It is possibl…
- CVE-2025-13168MEDIUMCVSS 6.3EG 6.32025-11-14
A weakness has been identified in ury-erp ury up to 0.2.0. This affects the function overrided_past_order_list of the file ury/ury/api/pos_extend.py. This manipulation of the argument search_term causes sql injection. Remote exploitation o…
- CVE-2025-13169HIGHCVSS 7.3EG 7.32025-11-14
A security vulnerability has been detected in code-projects Simple Online Hotel Reservation System 1.0. This vulnerability affects unknown code of the file /add_query_reserve.php. Such manipulation of the argument room_id leads to sql inje…
- CVE-2025-13170HIGHCVSS 7.3EG 7.32025-11-14
A vulnerability was detected in code-projects Simple Online Hotel Reservation System 1.0. This issue affects some unknown processing of the file /admin/edit_account.php. Performing a manipulation of the argument admin_id results in sql inj…
- CVE-2025-13171MEDIUMCVSS 6.3EG 6.32025-11-14
A vulnerability was identified in ZZCMS 2023. This impacts an unknown function of the file /admin/wangkan_list.php. Such manipulation of the argument keyword leads to sql injection. The attack can be launched remotely. The exploit is publi…
- CVE-2025-13172MEDIUMCVSS 6.3EG 6.32025-11-14
A security flaw has been discovered in CodeAstro Gym Management System 1.0. Affected is an unknown function of the file /admin/view-member-report.php. Performing a manipulation of the argument ID results in sql injection. The attack may be…
- CVE-2025-13178LOWCVSS 3.5EG 3.52025-11-14
A flaw has been found in Bdtask/CodeCanyon SalesERP up to 20250728. This vulnerability affects unknown code of the file /edit_profile of the component User Profile Handler. This manipulation of the argument first_name/last_name causes basi…
- CVE-2025-13180LOWCVSS 3.5EG 3.52025-11-14
A vulnerability was found in Bdtask/CodeCanyon Wholesale Inventory Control and Inventory Management System up to 20250320. Impacted is an unknown function of the file /edit_profile. Performing manipulation of the argument first_name/last_n…
- CVE-2025-13201HIGHCVSS 7.3EG 7.32025-11-15
A vulnerability was identified in code-projects Simple Cafe Ordering System 1.0. Affected by this issue is some unknown functionality of the file /login.php. Such manipulation of the argument Username leads to sql injection. The attack may…
- CVE-2025-13203HIGHCVSS 7.3EG 7.32025-11-15
A weakness has been identified in code-projects Simple Cafe Ordering System 1.0. This vulnerability affects unknown code of the file /addmem.php. Executing manipulation of the argument studentnum can lead to sql injection. It is possible t…
- CVE-2025-13208MEDIUMCVSS 6.3EG 6.32025-11-15
A security flaw has been discovered in FantasticLBP Hotels Server up to 67b44df162fab26df209bd5d5d542875fcbec1d0. The impacted element is an unknown function of the file controller/api/hotelList.php. The manipulation of the argument subjec…
- CVE-2025-13210MEDIUMCVSS 4.7EG 4.72025-11-15
A security vulnerability has been detected in itsourcecode Inventory Management System 1.0. This impacts an unknown function of the file /admin/products/index.php?view=add. Such manipulation of the argument PROMODEL leads to sql injection.…
- CVE-2025-13233HIGHCVSS 7.3EG 7.32025-11-16
A vulnerability has been found in itsourcecode Inventory Management System 1.0. The affected element is an unknown function of the file /index.php?q=single-item. Such manipulation of the argument ID leads to sql injection. The attack may b…
- CVE-2025-13234MEDIUMCVSS 6.3EG 6.32025-11-16
A vulnerability was found in itsourcecode Inventory Management System 1.0. The impacted element is an unknown function of the file /index.php?q=product. Performing manipulation of the argument PROID results in sql injection. It is possible…
- CVE-2025-13235HIGHCVSS 7.3EG 7.32025-11-16
A vulnerability was determined in itsourcecode Inventory Management System 1.0. This affects an unknown function of the file /admin/login.php. Executing manipulation of the argument user_email can lead to sql injection. It is possible to l…
- CVE-2025-13236MEDIUMCVSS 6.3EG 6.32025-11-16
A vulnerability was identified in itsourcecode Inventory Management System 1.0. This impacts an unknown function of the file /admin/products/index.php?view=edit. The manipulation of the argument ID leads to sql injection. The attack can be…
- CVE-2025-13237HIGHCVSS 7.3EG 7.32025-11-16
A security flaw has been discovered in itsourcecode Inventory Management System 1.0. Affected is an unknown function of the file /LogSignModal.PHP. The manipulation of the argument U_USERNAME results in sql injection. The attack can be lau…
- CVE-2025-13240HIGHCVSS 7.3EG 7.32025-11-16
A vulnerability was detected in code-projects Student Information System 2.0. This affects an unknown part of the file /searchquery.php. Performing manipulation of the argument s results in sql injection. Remote exploitation of the attack …
- CVE-2025-13241HIGHCVSS 7.3EG 7.32025-11-16
A flaw has been found in code-projects Student Information System 2.0. This vulnerability affects unknown code of the file /index.php. Executing manipulation of the argument Username can lead to sql injection. The attack can be executed re…
- CVE-2025-13242HIGHCVSS 7.3EG 7.32025-11-16
A vulnerability has been found in code-projects Student Information System 2.0. This issue affects some unknown processing of the file /register.php. The manipulation leads to sql injection. The attack is possible to be carried out remotel…
- CVE-2025-13243MEDIUMCVSS 6.3EG 6.32025-11-16
A vulnerability was found in code-projects Student Information System 2.0. Impacted is an unknown function of the file /editprofile.php. The manipulation results in sql injection. The attack may be performed from remote. The exploit has be…
- CVE-2025-13247HIGHCVSS 7.3EG 7.32025-11-16
A security flaw has been discovered in PHPGurukul Tourism Management System 1.0. The affected element is an unknown function of the file /admin/user-bookings.php. The manipulation of the argument uid results in sql injection. It is possibl…
- CVE-2025-13248HIGHCVSS 7.3EG 7.32025-11-16
A weakness has been identified in SourceCodester Patients Waiting Area Queue Management System 1.0. The impacted element is an unknown function of the file /php/api_patient_schedule.php. This manipulation of the argument appointmentID caus…
Map vulnerabilities like CWE-74 to your infrastructure
EchelonGraph correlates every CVE — across CWE-74 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →