CWE-74— Improper Neutralization of Special Elements in Output Used by a Downstream Component (Injection)
The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.— MITRE CWE catalog
5,092 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-74page 43 of 102
- CVE-2025-13424MEDIUMCVSS 4.7EG 4.72025-11-20
A vulnerability has been found in Campcodes Supplier Management System 1.0. This affects an unknown function of the file /admin/add_product.php. The manipulation of the argument txtProductName leads to sql injection. Remote exploitation of…
- CVE-2025-13442HIGHCVSS 7.3EG 7.32025-11-20
A security vulnerability has been detected in UTT 进取 750W up to 3.2.2-191225. Affected by this vulnerability is the function system of the file /goform/formPdbUpConfig. Such manipulation of the argument policyNames leads to command inj…
- CVE-2025-13449HIGHCVSS 7.3EG 7.32025-11-20
A vulnerability was found in code-projects Online Shop Project 1.0. This issue affects some unknown processing of the file /login.php. The manipulation of the argument Password results in sql injection. The attack may be performed from rem…
- CVE-2025-13451HIGHCVSS 7.3EG 7.32025-11-20
A vulnerability was identified in SourceCodester Online Shop Project 1.0. The affected element is an unknown function of the file /action.php. Such manipulation of the argument Search leads to sql injection. It is possible to launch the at…
- CVE-2025-13462LOWCVSS 3.3EG 9.82026-03-12
The "tarfile" module would still apply normalization of AREGTYPE (\x00) blocks to DIRTYPE, even while processing a multi-block member such as GNUTYPE_LONGNAME or GNUTYPE_LONGLINK. This could result in a crafted tar archive being misinterpr…
- CVE-2025-13485HIGHCVSS 7.3EG 7.32025-11-21
A security flaw has been discovered in itsourcecode Online File Management System 1.0. This issue affects some unknown processing of the file /ajax.php?action=login. The manipulation of the argument Username results in sql injection. The a…
- CVE-2025-13545MEDIUMCVSS 4.7EG 4.72025-11-23
A security vulnerability has been detected in ashraf-kabir travel-agency up to 1f25aa03544bc5fb7a9e846f8a7879cecdb0cad3. Affected by this vulnerability is an unknown functionality of the file /admin_area/index.php. The manipulation of the …
- CVE-2025-13546MEDIUMCVSS 6.3EG 6.32025-11-23
A vulnerability was detected in ashraf-kabir travel-agency up to 1f25aa03544bc5fb7a9e846f8a7879cecdb0cad3. Affected by this issue is some unknown functionality of the file /results.php of the component Search. The manipulation of the argum…
- CVE-2025-13554HIGHCVSS 7.3EG 7.32025-11-23
A security vulnerability has been detected in Campcodes Supplier Management System 1.0. This impacts an unknown function of the file /index.php of the component Login. Such manipulation of the argument txtUsername leads to sql injection. I…
- CVE-2025-13555HIGHCVSS 7.3EG 7.32025-11-23
A vulnerability was detected in Campcodes School File Management System 1.0. Affected is an unknown function of the file /index.php of the component Login. Performing a manipulation of the argument stud_no results in sql injection. The att…
- CVE-2025-13556HIGHCVSS 7.3EG 7.32025-11-23
A flaw has been found in Campcodes Online Polling System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/checklogin.php. Executing a manipulation of the argument myusername can lead to sql injection. The …
- CVE-2025-13557HIGHCVSS 7.3EG 7.32025-11-23
A vulnerability has been found in Campcodes Online Polling System 1.0. Affected by this issue is some unknown functionality of the file /registeracc.php. The manipulation of the argument email leads to sql injection. The attack may be init…
- CVE-2025-1356MEDIUMCVSS 6.3EG 6.32025-02-16
A vulnerability was found in needyamin Library Card System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file card.php. The manipulation of the argument id leads to sql injection. The attac…
- CVE-2025-13560HIGHCVSS 7.3EG 7.32025-11-23
A vulnerability was found in SourceCodester Company Website CMS 1.0. This affects an unknown part of the file /admin/reset-password.php. The manipulation of the argument email results in sql injection. The attack may be launched remotely. …
- CVE-2025-13561HIGHCVSS 7.3EG 7.32025-11-23
A vulnerability was determined in SourceCodester Company Website CMS 1.0. This vulnerability affects unknown code of the file /admin/index.php. This manipulation of the argument Username causes sql injection. Remote exploitation of the att…
- CVE-2025-13562HIGHCVSS 7.3EG 7.32025-11-23
A vulnerability was identified in D-Link DIR-852 1.00. This issue affects some unknown processing of the file /gena.cgi. Such manipulation of the argument service leads to command injection. The attack can be executed remotely. The exploit…
- CVE-2025-13567MEDIUMCVSS 6.3EG 6.32025-11-23
A vulnerability was detected in itsourcecode COVID Tracking System 1.0. This affects an unknown function of the file /admin/?page=establishment. The manipulation of the argument ID results in sql injection. It is possible to launch the att…
- CVE-2025-13568MEDIUMCVSS 6.3EG 6.32025-11-23
A flaw has been found in itsourcecode COVID Tracking System 1.0. This impacts an unknown function of the file /admin/?page=people. This manipulation of the argument ID causes sql injection. The attack can be initiated remotely. The exploit…
- CVE-2025-13569MEDIUMCVSS 6.3EG 6.32025-11-23
A vulnerability has been found in itsourcecode COVID Tracking System 1.0. Affected is an unknown function of the file /admin/?page=city. Such manipulation of the argument ID leads to sql injection. The attack can be launched remotely. The …
- CVE-2025-13570MEDIUMCVSS 6.3EG 6.32025-11-23
A vulnerability was found in itsourcecode COVID Tracking System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/?page=state. Performing manipulation of the argument ID results in sql injection. The attack…
- CVE-2025-13571MEDIUMCVSS 6.3EG 6.32025-11-23
A vulnerability was determined in code-projects Simple Food Ordering System 1.0. Affected by this issue is some unknown functionality of the file /listorder.php. Executing manipulation of the argument ID can lead to sql injection. The atta…
- CVE-2025-13572HIGHCVSS 7.3EG 7.32025-11-23
A vulnerability was identified in projectworlds Advanced Library Management System 1.0. This affects an unknown part of the file /delete_admin.php. The manipulation of the argument admin_id leads to sql injection. Remote exploitation of th…
- CVE-2025-13575MEDIUMCVSS 6.3EG 6.32025-11-24
A security vulnerability has been detected in code-projects Blog Site 1.0. Impacted is the function category_exists of the file /resources/functions/blog.php of the component Category Handler. Such manipulation of the argument name/field l…
- CVE-2025-13578HIGHCVSS 7.3EG 7.32025-11-24
A vulnerability has been found in code-projects Library System 1.0. This affects an unknown function of the file /index.php of the component Login. The manipulation of the argument Username leads to sql injection. The attack can be initiat…
- CVE-2025-13579MEDIUMCVSS 6.3EG 6.32025-11-24
A vulnerability was found in code-projects Library System 1.0. This impacts an unknown function of the file /return.php. The manipulation of the argument ID results in sql injection. The attack can be launched remotely. The exploit has bee…
- CVE-2025-13580MEDIUMCVSS 6.3EG 6.32025-11-24
A vulnerability was determined in code-projects Library System 1.0. Affected is an unknown function of the file /mail.php. This manipulation of the argument ID causes sql injection. The attack may be initiated remotely. The exploit has bee…
- CVE-2025-13581MEDIUMCVSS 6.3EG 6.32025-11-24
A vulnerability was identified in itsourcecode Student Information System 1.0. Affected by this vulnerability is an unknown functionality of the file /schedule_edit1.php. Such manipulation of the argument schedule_id leads to sql injection…
- CVE-2025-13582HIGHCVSS 7.3EG 7.32025-11-24
A security flaw has been discovered in code-projects Jonnys Liquor 1.0. Affected by this issue is some unknown functionality of the file /detail.php of the component GET Parameter Handler. Performing manipulation of the argument Product re…
- CVE-2025-13583HIGHCVSS 7.3EG 7.32025-11-24
A weakness has been identified in code-projects Question Paper Generator 1.0. This affects an unknown part of the file /signupscript.php of the component POST Parameter Handler. Executing manipulation of the argument Fname can lead to sql …
- CVE-2025-13585HIGHCVSS 7.3EG 7.32025-11-24
A vulnerability was detected in itsourcecode COVID Tracking System 1.0. This issue affects some unknown processing of the file /login.php. The manipulation of the argument code results in sql injection. The attack may be performed from rem…
- CVE-2025-13586MEDIUMCVSS 4.7EG 4.72025-11-24
A flaw has been found in SourceCodester Online Student Clearance System 1.0. Impacted is an unknown function of the file /Admin/changepassword.php. This manipulation of the argument txtconfirm_password causes sql injection. It is possible …
- CVE-2025-1374MEDIUMCVSS 6.3EG 6.32025-02-17
A vulnerability classified as critical has been found in code-projects Real Estate Property Management System 1.0. This affects an unknown part of the file /search.php. The manipulation of the argument StateName/CityName/AreaName/CatId lea…
- CVE-2025-13782HIGHCVSS 7.3EG 7.32025-11-30
A vulnerability was identified in taosir WTCMS up to 01a5f68a3dfc2fdddb44eed967bb2d4f60487665. Affected by this issue is the function delete of the file application/Admin/Controller/SlideController.class.php of the component SlideControlle…
- CVE-2025-13783MEDIUMCVSS 6.3EG 6.32025-11-30
A security flaw has been discovered in taosir WTCMS up to 01a5f68a3dfc2fdddb44eed967bb2d4f60487665. This affects the function check/uncheck/delete of the file application/Comment/Controller/CommentadminController.class.php of the component…
- CVE-2025-13786HIGHCVSS 7.3EG 7.32025-11-30
A vulnerability was detected in taosir WTCMS up to 01a5f68a3dfc2fdddb44eed967bb2d4f60487665. Impacted is the function fetch of the file /index.php. Performing manipulation of the argument content results in code injection. It is possible t…
- CVE-2025-13788HIGHCVSS 7.3EG 7.32025-11-30
A vulnerability has been found in Chanjet CRM up to 20251106. The impacted element is an unknown function of the file /tools/upgradeattribute.php. The manipulation of the argument gblOrgID leads to sql injection. The attack can be initiate…
- CVE-2025-1379MEDIUMCVSS 6.3EG 6.32025-02-17
A vulnerability has been found in code-projects Real Estate Property Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /Admin/CustomerReport.php. The manipulation of th…
- CVE-2025-13792HIGHCVSS 7.3EG 7.32025-11-30
A security flaw has been discovered in Qualitor up to 8.20.104/8.24.97. Affected by this vulnerability is the function eval of the file /html/st/stdeslocamento/request/getResumo.php. Performing a manipulation of the argument passageiros re…
- CVE-2025-13797MEDIUMCVSS 6.3EG 6.32025-12-01
A vulnerability was detected in ADSLR B-QE2W401 250814-r037c. Affected by this issue is the function parameterdel_swifimac of the file /send_order.cgi. Performing manipulation of the argument del_swifimac results in command injection. The …
- CVE-2025-13798MEDIUMCVSS 6.3EG 6.32025-12-01
A flaw has been found in ADSLR NBR1005GPEV2 250814-r037c. This affects the function ap_macfilter_add of the file /send_order.cgi. Executing manipulation of the argument mac can lead to command injection. The attack may be performed from re…
- CVE-2025-13799MEDIUMCVSS 6.3EG 6.32025-12-01
A vulnerability has been found in ADSLR NBR1005GPEV2 250814-r037c. This vulnerability affects the function ap_macfilter_del of the file /send_order.cgi. The manipulation of the argument mac leads to command injection. It is possible to ini…
- CVE-2025-1380MEDIUMCVSS 6.3EG 6.32025-02-17
A vulnerability was found in Codezips Gym Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /dashboard/admin/del_plan.php. The manipulation of the argument name leads to sql …
- CVE-2025-13800MEDIUMCVSS 6.3EG 6.32025-12-01
A vulnerability was found in ADSLR NBR1005GPEV2 250814-r037c. This issue affects the function set_mesh_disconnect of the file /send_order.cgi. The manipulation of the argument mac results in command injection. It is possible to launch the …
- CVE-2025-1381MEDIUMCVSS 6.3EG 6.32025-02-17
A vulnerability was found in code-projects Real Estate Property Management System 1.0. It has been classified as critical. This affects an unknown part of the file /ajax_city.php. The manipulation of the argument CityName leads to sql inje…
- CVE-2025-13811MEDIUMCVSS 6.3EG 6.32025-12-01
A vulnerability was determined in jsnjfz WebStack-Guns 1.0. This vulnerability affects unknown code of the file src/main/java/com/jsnjfz/manage/core/common/constant/factory/PageFactory.java. Executing a manipulation of the argument sort ca…
- CVE-2025-14011MEDIUMCVSS 4.7EG 4.72025-12-04
A vulnerability was found in JIZHICMS up to 2.5.5. Impacted is the function commentlist of the file /index.php/admins/Comment/addcomment.html of the component Add Display Name Field. Performing a manipulation of the argument aid/tid result…
- CVE-2025-14012MEDIUMCVSS 4.7EG 4.72025-12-04
A vulnerability was determined in JIZHICMS up to 2.5.5. The affected element is the function deleteAll/findAll/delete of the file /index.php/admins/Comment/deleteAll.html of the component Batch Delete Comments. Executing a manipulation can…
- CVE-2025-14090MEDIUMCVSS 4.7EG 4.72025-12-05
A security flaw has been discovered in AMTT Hotel Broadband Operation System 1.0. This affects an unknown part of the file /manager/card/cardmake_down.php. Performing manipulation of the argument ID results in sql injection. It is possible…
- CVE-2025-14091HIGHCVSS 7.3EG 7.32025-12-05
A weakness has been identified in TrippWasTaken PHP-Guitar-Shop up to 6ce0868889617c1975982aae6df8e49555d0d555. This vulnerability affects unknown code of the file /product.php of the component Product Details Page. Executing manipulation …
- CVE-2025-14106HIGHCVSS 8.8EG 8.82025-12-05
A vulnerability was identified in ZSPACE Q2C NAS up to 1.1.0210050. Affected is the function zfilev2_api.CloseSafe of the file /v2/file/safe/close of the component HTTP POST Request Handler. The manipulation of the argument safe_dir leads …
Map vulnerabilities like CWE-74 to your infrastructure
EchelonGraph correlates every CVE — across CWE-74 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →