CWE-74— Improper Neutralization of Special Elements in Output Used by a Downstream Component (Injection)
The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.— MITRE CWE catalog
5,095 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-74page 45 of 102
- CVE-2025-14527HIGHCVSS 7.3EG 7.32025-12-11
A weakness has been identified in projectworlds Advanced Library Management System 1.0. This vulnerability affects unknown code of the file /view_book.php. Executing a manipulation of the argument book_id can lead to sql injection. The att…
- CVE-2025-14529HIGHCVSS 7.3EG 7.32025-12-11
A flaw has been found in Campcodes Retro Basketball Shoes Online Store 1.0. The affected element is an unknown function of the file /admin/admin_running.php. This manipulation of the argument pid causes sql injection. It is possible to ini…
- CVE-2025-14531MEDIUMCVSS 4.3EG 4.32025-12-11
A vulnerability was found in code-projects Rental Management System 2.0. This affects an unknown function of the file Transaction.java of the component Log Handler. Performing manipulation results in crlf injection. The attack can be initi…
- CVE-2025-14536HIGHCVSS 7.3EG 7.32025-12-11
A security flaw has been discovered in code-projects Class and Exam Timetable Management 1.0. Affected by this vulnerability is an unknown functionality of the file /index.php of the component Login. The manipulation of the argument userna…
- CVE-2025-14537HIGHCVSS 7.3EG 7.32025-12-11
A weakness has been identified in code-projects Class and Exam Timetable Management 1.0. Affected by this issue is some unknown functionality of the file /preview7.php. This manipulation of the argument course_year_section/semester causes …
- CVE-2025-14565HIGHCVSS 7.3EG 7.32025-12-12
A vulnerability was identified in kidaze CourseSelectionSystem up to 42cd892b40a18d50bd4ed1905fa89f939173a464. The affected element is an unknown function of the file /Profilers/SProfile/login1.php. Such manipulation of the argument Userna…
- CVE-2025-14566HIGHCVSS 7.3EG 7.32025-12-12
A security flaw has been discovered in kidaze CourseSelectionSystem up to 42cd892b40a18d50bd4ed1905fa89f939173a464. The impacted element is an unknown function of the file /Profilers/SProfile/reg.php. Performing a manipulation of the argum…
- CVE-2025-14568MEDIUMCVSS 6.3EG 6.32025-12-12
A security vulnerability has been detected in haxxorsid Stock-Management-System up to fbbbf213e9c93b87183a3891f77e3cc7095f22b0. This impacts an unknown function of the file model/User.php. The manipulation of the argument employee_id/id/ad…
- CVE-2025-14570HIGHCVSS 7.3EG 7.32025-12-12
A flaw has been found in projectworlds Advanced Library Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /view_admin.php. This manipulation of the argument admin_id causes sql injection. The att…
- CVE-2025-14571HIGHCVSS 7.3EG 7.32025-12-12
A vulnerability has been found in projectworlds Advanced Library Management System 1.0. Affected by this issue is some unknown functionality of the file /borrow_book.php. Such manipulation of the argument roll_number leads to sql injection…
- CVE-2025-14578HIGHCVSS 7.3EG 7.32025-12-12
A weakness has been identified in itsourcecode Student Management System 1.0. The affected element is an unknown function of the file /update_account.php. This manipulation of the argument ID causes sql injection. It is possible to initiat…
- CVE-2025-14584HIGHCVSS 7.3EG 7.32025-12-12
A vulnerability has been found in itsourcecode COVID Tracking System 1.0. Affected is an unknown function of the file /admin/login.php of the component Admin Login. The manipulation of the argument Username leads to sql injection. The atta…
- CVE-2025-14585HIGHCVSS 7.3EG 7.32025-12-12
A vulnerability was found in itsourcecode COVID Tracking System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/?page=zone. The manipulation of the argument ID results in sql injection. The attack may be …
- CVE-2025-14587HIGHCVSS 7.3EG 7.32025-12-13
A vulnerability was identified in itsourcecode Online Pet Shop Management System 1.0. This affects an unknown part of the file /pet1/available.php. Such manipulation of the argument Name leads to sql injection. The attack can be executed r…
- CVE-2025-14588HIGHCVSS 7.3EG 7.32025-12-13
A security flaw has been discovered in itsourcecode Student Management System 1.0. This vulnerability affects unknown code of the file /update_program.php. Performing manipulation of the argument ID results in sql injection. The attack is …
- CVE-2025-14589MEDIUMCVSS 6.3EG 6.32025-12-13
A weakness has been identified in code-projects Prison Management System 2.0. This issue affects some unknown processing of the file /admin/search.php. Executing a manipulation of the argument keyname can lead to sql injection. The attack …
- CVE-2025-14590HIGHCVSS 7.3EG 7.32025-12-13
A security vulnerability has been detected in code-projects Prison Management System 2.0. Impacted is an unknown function of the file /admin/search1.php. The manipulation of the argument keyname leads to sql injection. It is possible to in…
- CVE-2025-14619HIGHCVSS 7.3EG 7.32025-12-13
A vulnerability was found in code-projects Student File Management System 1.0. Affected by this vulnerability is an unknown functionality of the file login_query.php. Performing manipulation of the argument stud_no results in sql injection…
- CVE-2025-14620HIGHCVSS 7.3EG 7.32025-12-13
A vulnerability was determined in code-projects Student File Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/login_query.php. Executing manipulation of the argument Username can lead to sql in…
- CVE-2025-14621HIGHCVSS 7.3EG 7.32025-12-13
A vulnerability was identified in code-projects Student File Management System 1.0. This affects an unknown part of the file /admin/update_user.php. The manipulation of the argument user_id leads to sql injection. Remote exploitation of th…
- CVE-2025-14622HIGHCVSS 7.3EG 7.32025-12-13
A security flaw has been discovered in code-projects Student File Management System 1.0. This vulnerability affects unknown code of the file /admin/save_user.php. The manipulation of the argument firstname results in sql injection. The att…
- CVE-2025-14623HIGHCVSS 7.3EG 7.32025-12-13
A weakness has been identified in code-projects Student File Management System 1.0. This issue affects some unknown processing of the file /admin/update_student.php. This manipulation of the argument stud_id causes sql injection. The attac…
- CVE-2025-14637HIGHCVSS 7.3EG 7.32025-12-13
A weakness has been identified in itsourcecode Online Pet Shop Management System 1.0. This vulnerability affects unknown code of the file /pet1/addcnp.php. This manipulation of the argument cnpname causes sql injection. The attack can be i…
- CVE-2025-14638HIGHCVSS 7.3EG 7.32025-12-14
A security vulnerability has been detected in itsourcecode Online Pet Shop Management System 1.0. This issue affects some unknown processing of the file /pet1/update_cnp.php. Such manipulation of the argument ID leads to sql injection. The…
- CVE-2025-14639HIGHCVSS 7.3EG 7.32025-12-14
A vulnerability was detected in itsourcecode Student Management System 1.0. Impacted is an unknown function of the file /uprec.php. Performing manipulation of the argument ID results in sql injection. The attack may be initiated remotely. …
- CVE-2025-1464HIGHCVSS 7.3EG 7.32025-02-19
A vulnerability, which was classified as critical, has been found in Baiyi Cloud Asset Management System up to 20250204. This issue affects some unknown processing of the file /wuser/admin.house.collect.php. The manipulation of the argumen…
- CVE-2025-14640HIGHCVSS 7.3EG 7.32025-12-14
A flaw has been found in code-projects Student File Management System 1.0. The affected element is an unknown function of the file /admin/save_student.php. Executing manipulation of the argument stud_no can lead to sql injection. The attac…
- CVE-2025-14643HIGHCVSS 7.3EG 7.32025-12-14
A vulnerability was found in code-projects Simple Attendance Record System 2.0. The affected element is an unknown function of the file /check.php. Performing manipulation of the argument student results in sql injection. Remote exploitati…
- CVE-2025-14644HIGHCVSS 7.3EG 7.32025-12-14
A vulnerability was determined in itsourcecode Student Management System 1.0. The impacted element is an unknown function of the file /update_subject.php. Executing manipulation of the argument ID can lead to sql injection. The attack can …
- CVE-2025-14645HIGHCVSS 7.3EG 7.32025-12-14
A vulnerability was identified in code-projects Student File Management System 1.0. This affects an unknown function of the file /admin/delete_user.php. The manipulation of the argument user_id leads to sql injection. The attack is possibl…
- CVE-2025-14646HIGHCVSS 7.3EG 7.32025-12-14
A security flaw has been discovered in code-projects Student File Management System 1.0. This impacts an unknown function of the file /admin/delete_student.php. The manipulation of the argument stud_id results in sql injection. The attack …
- CVE-2025-14647HIGHCVSS 7.3EG 7.32025-12-14
A weakness has been identified in code-projects Computer Book Store 1.0. Affected is an unknown function of the file /admin_delete.php. This manipulation of the argument bookisbn causes sql injection. It is possible to initiate the attack …
- CVE-2025-14648MEDIUMCVSS 4.7EG 4.72025-12-14
A security vulnerability has been detected in DedeBIZ up to 6.5.9. Affected by this vulnerability is an unknown functionality of the file /src/admin/catalog_add.php. Such manipulation leads to command injection. It is possible to launch th…
- CVE-2025-14649HIGHCVSS 7.3EG 7.32025-12-14
A vulnerability was detected in itsourcecode Online Cake Ordering System 1.0. Affected by this issue is some unknown functionality of the file /cakeshop/supplier.php. Performing manipulation of the argument supplier results in sql injectio…
- CVE-2025-1465MEDIUMCVSS 4.1EG 4.12025-02-19
A vulnerability, which was classified as problematic, was found in lmxcms 1.41. Affected is an unknown function of the file db.inc.php of the component Maintenance. The manipulation leads to code injection. It is possible to launch the att…
- CVE-2025-14650HIGHCVSS 7.3EG 7.32025-12-14
A flaw has been found in itsourcecode Online Cake Ordering System 1.0. This affects an unknown part of the file /cakeshop/product.php. Executing manipulation of the argument Product can lead to sql injection. The attack can be launched rem…
- CVE-2025-14652HIGHCVSS 7.3EG 7.32025-12-14
A vulnerability was found in itsourcecode Online Cake Ordering System 1.0. This issue affects some unknown processing of the file /admindetail.php?action=edit. The manipulation of the argument ID results in sql injection. The attack may be…
- CVE-2025-14653HIGHCVSS 7.3EG 7.32025-12-14
A vulnerability was determined in itsourcecode Student Management System 1.0. Impacted is an unknown function of the file /addrecord.php. This manipulation of the argument ID causes sql injection. Remote exploitation of the attack is possi…
- CVE-2025-14659HIGHCVSS 8.8EG 8.82025-12-14
A vulnerability was detected in D-Link DIR-860LB1 and DIR-868LB1 203b01/203b03. Affected is an unknown function of the component DHCP Daemon. The manipulation of the argument Hostname results in command injection. It is possible to launch …
- CVE-2025-14661HIGHCVSS 7.3EG 7.32025-12-14
A vulnerability has been found in itsourcecode Student Managemen System 1.0. Affected by this issue is some unknown functionality of the file /advisers.php. Such manipulation of the argument sy leads to sql injection. The attack can be lau…
- CVE-2025-14664HIGHCVSS 7.3EG 7.32025-12-14
A vulnerability was identified in Campcodes Supplier Management System 1.0. This issue affects some unknown processing of the file /admin/view_unit.php. The manipulation of the argument chkId[] leads to sql injection. Remote exploitation o…
- CVE-2025-14666HIGHCVSS 7.3EG 7.32025-12-14
A weakness has been identified in itsourcecode COVID Tracking System 1.0. The affected element is an unknown function of the file /admin/?page=user. This manipulation of the argument Username causes sql injection. The attack is possible to…
- CVE-2025-14667HIGHCVSS 7.3EG 7.32025-12-14
A security vulnerability has been detected in itsourcecode COVID Tracking System 1.0. The impacted element is an unknown function of the file /admin/?page=system_info. Such manipulation of the argument meta_value leads to sql injection. Th…
- CVE-2025-14668HIGHCVSS 7.3EG 7.32025-12-14
A vulnerability was detected in campcodes Advanced Online Examination System 1.0. This affects an unknown function of the file /query/loginExe.php. Performing a manipulation of the argument Username results in sql injection. It is possible…
- CVE-2025-14674MEDIUMCVSS 6.3EG 6.32025-12-14
A vulnerability was found in aizuda snail-job up to 1.6.0. Affected by this vulnerability is the function QLExpressEngine.doEval of the file snail-job-common/snail-job-common-core/src/main/java/com/aizuda/snailjob/common/core/expression/st…
- CVE-2025-14694MEDIUMCVSS 4.7EG 4.72025-12-15
A vulnerability was found in ketr JEPaaS up to 7.2.8. This impacts the function readAllPostil of the file /je/postil/postil/readAllPostil. Performing a manipulation of the argument keyWord results in sql injection. The attack can be initia…
- CVE-2025-14705CRITICALCVSS 9.8EG 9.82025-12-15
A vulnerability was determined in Shiguangwu sgwbox N3 2.0.25. This affects an unknown function of the component SHARESERVER Feature. This manipulation of the argument params causes command injection. The attack can be initiated remotely. …
- CVE-2025-14706CRITICALCVSS 9.8EG 9.82025-12-15
A vulnerability was identified in Shiguangwu sgwbox N3 2.0.25. This impacts an unknown function of the file /usr/sbin/http_eshell_server of the component NETREBOOT Interface. Such manipulation leads to command injection. The attack can be …
- CVE-2025-14707CRITICALCVSS 9.8EG 9.82025-12-15
A security flaw has been discovered in Shiguangwu sgwbox N3 2.0.25. Affected is an unknown function of the file /usr/sbin/http_eshell_server of the component DOCKER Feature. Performing manipulation of the argument params results in command…
- CVE-2025-14710HIGHCVSS 7.3EG 7.32025-12-15
A vulnerability was detected in FantasticLBP Hotels Server up to 67b44df162fab26df209bd5d5d542875fcbec1d0. This affects an unknown part of the file /controller/api/OrderList.php. The manipulation of the argument telephone results in sql in…
Map vulnerabilities like CWE-74 to your infrastructure
EchelonGraph correlates every CVE — across CWE-74 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →