CWE-74— Improper Neutralization of Special Elements in Output Used by a Downstream Component (Injection)
The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.— MITRE CWE catalog
5,095 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-74page 47 of 102
- CVE-2025-15133MEDIUMCVSS 6.3EG 6.32025-12-28
A vulnerability was identified in ZSPACE Z4Pro+ 1.0.0440024. The impacted element is the function zfilev2_api_CloseSafe of the file /v2/file/safe/close of the component HTTP POST Request Handler. Such manipulation leads to command injectio…
- CVE-2025-15136HIGHCVSS 8.8EG 8.82025-12-28
A security vulnerability has been detected in TRENDnet TEW-800MB 1.0.1.0. Affected is the function do_setWizard_asp of the file /goform/wizardset of the component Management Interface. The manipulation of the argument WizardConfigured lead…
- CVE-2025-15137HIGHCVSS 8.8EG 8.82025-12-28
A vulnerability was detected in TRENDnet TEW-800MB 1.0.1.0. Affected by this vulnerability is the function sub_F934 of the file NTPSyncWithHost.cgi. The manipulation results in command injection. The attack may be launched remotely. The …
- CVE-2025-15139MEDIUMCVSS 6.3EG 6.32025-12-28
A vulnerability has been found in TRENDnet TEW-822DRE 1.00B21/1.01B06. This affects the function sub_43ACF4 of the file /boafrm/formWsc. Such manipulation of the argument peerPin leads to command injection. The attack can be executed rem…
- CVE-2025-15140HIGHCVSS 7.3EG 7.32025-12-28
A vulnerability was found in saiftheboss7 onlinemcqexam up to 0e56806132971e49721db3ef01868098c7b42ada. This vulnerability affects unknown code of the file /admin/quesadd.php. Performing manipulation of the argument ans1/ans2 results in sq…
- CVE-2025-15142HIGHCVSS 7.3EG 7.32025-12-28
A vulnerability was identified in 9786 phpok3w up to 901d96a06809fb28b17f3a4362c59e70411c933c. Impacted is an unknown function of the file show.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the…
- CVE-2025-15143MEDIUMCVSS 4.7EG 4.72025-12-28
A security flaw has been discovered in EyouCMS up to 1.7.6. The affected element is an unknown function of the file /application/admin/logic/FilemanagerLogic.php of the component Backend Template Management. The manipulation of the argumen…
- CVE-2025-15148MEDIUMCVSS 4.7EG 4.72025-12-28
A flaw has been found in CmsEasy up to 7.7.7. Affected is the function savetemp_action in the library /lib/admin/template_admin.php of the component Backend Template Management Page. Executing a manipulation of the argument content/tempdat…
- CVE-2025-15165HIGHCVSS 7.3EG 7.32025-12-29
A vulnerability has been found in itsourcecode Online Cake Ordering System 1.0. The impacted element is an unknown function of the file /updatecustomer.php?action=edit. The manipulation of the argument ID leads to sql injection. The attack…
- CVE-2025-15166HIGHCVSS 7.3EG 7.32025-12-29
A vulnerability was found in itsourcecode Online Cake Ordering System 1.0. This affects an unknown function of the file /updatesupplier.php?action=edit. The manipulation of the argument ID results in sql injection. The attack may be launch…
- CVE-2025-15167HIGHCVSS 7.3EG 7.32025-12-29
A vulnerability was determined in itsourcecode Online Cake Ordering System 1.0. This impacts an unknown function of the file /detailtransac.php. This manipulation of the argument ID causes sql injection. Remote exploitation of the attack i…
- CVE-2025-15168HIGHCVSS 7.3EG 7.32025-12-29
A vulnerability was identified in itsourcecode Student Management System 1.0. Affected is an unknown function of the file /statistical.php. Such manipulation of the argument ID leads to sql injection. The attack can be executed remotely. T…
- CVE-2025-15169MEDIUMCVSS 4.7EG 4.72025-12-29
A weakness has been identified in BiggiDroid Simple PHP CMS 1.0. Affected by this issue is some unknown functionality of the file /admin/editsite.php. Executing a manipulation of the argument ID can lead to sql injection. The attack may be…
- CVE-2025-15181HIGHCVSS 7.3EG 7.32025-12-29
A security flaw has been discovered in code-projects Refugee Food Management System 1.0. The impacted element is an unknown function of the file /home/pagenateRefugeesList.php. Performing manipulation of the argument rfid results in sql in…
- CVE-2025-15182HIGHCVSS 7.3EG 7.32025-12-29
A weakness has been identified in code-projects Refugee Food Management System 1.0. This affects an unknown function of the file /home/served.php. Executing manipulation of the argument refNo can lead to sql injection. The attack can be ex…
- CVE-2025-15183HIGHCVSS 7.3EG 7.32025-12-29
A security vulnerability has been detected in code-projects Refugee Food Management System 1.0. This impacts an unknown function of the file /home/viewtakenfd.php. The manipulation of the argument tfid leads to sql injection. The attack is…
- CVE-2025-15184HIGHCVSS 7.3EG 7.32025-12-29
A vulnerability was detected in code-projects Refugee Food Management System 1.0. Affected is an unknown function of the file /home/refugeesreport2.php. The manipulation of the argument a results in sql injection. The attack may be perform…
- CVE-2025-15185HIGHCVSS 7.3EG 7.32025-12-29
A flaw has been found in code-projects Refugee Food Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /home/refugeesreport.php. This manipulation of the argument a causes sql injection. It is pos…
- CVE-2025-15186HIGHCVSS 7.3EG 7.32025-12-29
A vulnerability has been found in code-projects Refugee Food Management System 1.0. Affected by this issue is some unknown functionality of the file /home/addusers.php. Such manipulation of the argument a leads to sql injection. It is poss…
- CVE-2025-15191MEDIUMCVSS 6.3EG 6.32025-12-29
A weakness has been identified in D-Link DWR-M920 up to 1.1.50. The affected element is the function sub_4155B4 of the file /boafrm/formLtefotaUpgradeFibocom. This manipulation of the argument fota_url causes command injection. Remote expl…
- CVE-2025-15192MEDIUMCVSS 6.3EG 6.32025-12-29
A security vulnerability has been detected in D-Link DWR-M920 up to 1.1.50. The impacted element is the function sub_415328 of the file /boafrm/formLtefotaUpgradeQuectel. Such manipulation of the argument fota_url leads to command injectio…
- CVE-2025-15195HIGHCVSS 7.3EG 7.32025-12-29
A vulnerability was determined in code-projects Assessment Management 1.0. Affected by this issue is some unknown functionality of the file /admin/add-module.php. This manipulation of the argument linked[] causes sql injection. The attack …
- CVE-2025-15196HIGHCVSS 7.3EG 7.32025-12-29
A vulnerability was identified in code-projects Assessment Management 1.0. This affects an unknown part of the file login.php. Such manipulation of the argument userid leads to sql injection. The attack can be launched remotely. The exploi…
- CVE-2025-15198HIGHCVSS 7.3EG 7.32025-12-29
A weakness has been identified in code-projects College Notes Uploading System 1.0. This issue affects some unknown processing of the file /login.php. Executing a manipulation of the argument User can lead to sql injection. The attack may …
- CVE-2025-15205MEDIUMCVSS 6.3EG 6.32025-12-29
A vulnerability was identified in code-projects Student File Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /download.php. The manipulation of the argument istore_id leads to sql injection. Th…
- CVE-2025-15206HIGHCVSS 7.3EG 7.32025-12-29
A flaw has been found in Campcodes Supplier Management System 1.0. This impacts an unknown function of the file /admin/add_area.php. Executing a manipulation of the argument txtAreaCode can lead to sql injection. The attack may be performe…
- CVE-2025-15207HIGHCVSS 7.3EG 7.32025-12-29
A vulnerability has been found in Campcodes Supplier Management System 1.0. Affected is an unknown function of the file /admin/view_products.php. The manipulation of the argument chkId[] leads to sql injection. It is possible to initiate t…
- CVE-2025-15208HIGHCVSS 7.3EG 7.32025-12-29
A security flaw has been discovered in code-projects Refugee Food Management System 1.0. Affected by this issue is some unknown functionality of the file /home/editrefugee.php. The manipulation of the argument rfid results in sql injection…
- CVE-2025-15209MEDIUMCVSS 6.3EG 6.32025-12-29
A weakness has been identified in code-projects Refugee Food Management System 1.0. This affects an unknown part of the file /home/editfood.php. This manipulation of the argument a/b/c/d causes sql injection. The attack may be initiated re…
- CVE-2025-15210MEDIUMCVSS 6.3EG 6.32025-12-30
A security vulnerability has been detected in code-projects Refugee Food Management System 1.0. This vulnerability affects unknown code of the file /home/editrefugee.php. Such manipulation of the argument a/b/c/sex/d/e/nationality_nid lead…
- CVE-2025-15211MEDIUMCVSS 6.3EG 6.32025-12-30
A flaw has been found in code-projects Refugee Food Management System 1.0. Impacted is an unknown function of the file /home/refugee.php. Executing manipulation of the argument refNo/Fname/Lname/sex/age/contact/nationality_nid can lead to …
- CVE-2025-15212MEDIUMCVSS 6.3EG 6.32025-12-30
A vulnerability was detected in code-projects Refugee Food Management System 1.0. This issue affects some unknown processing of the file /home/regfood.php. Performing manipulation of the argument a results in sql injection. Remote exploita…
- CVE-2025-15243HIGHCVSS 7.3EG 7.32025-12-30
A flaw has been found in code-projects Simple Stock System 1.0. This affects an unknown function of the file /market/login.php. Executing a manipulation of the argument Username can lead to sql injection. The attack can be launched remotel…
- CVE-2025-15250MEDIUMCVSS 4.7EG 4.72025-12-30
A security vulnerability has been detected in 08CMS Novel System up to 3.4. This issue affects some unknown processing of the file admina/mtpls.inc.php of the component Template Handler. The manipulation leads to code injection. It is poss…
- CVE-2025-15256HIGHCVSS 7.3EG 7.32025-12-30
A vulnerability was identified in Edimax BR-6208AC 1.02/1.03. Affected is the function formStaDrvSetup of the file /goform/formStaDrvSetup of the component Web-based Configuration Interface. The manipulation of the argument rootAPmac leads…
- CVE-2025-15257HIGHCVSS 7.3EG 7.32025-12-30
A security flaw has been discovered in Edimax BR-6208AC 1.02/1.03. Affected by this vulnerability is the function formRoute of the file /gogorm/formRoute of the component Web-based Configuration Interface. The manipulation of the argument …
- CVE-2025-15263HIGHCVSS 7.3EG 7.32025-12-30
A weakness has been identified in BiggiDroid Simple PHP CMS 1.0. Affected is an unknown function of the file /admin/login.php of the component Admin Login. Executing a manipulation of the argument Username can lead to sql injection. The at…
- CVE-2025-1535HIGHCVSS 7.3EG 7.32025-02-21
A vulnerability was found in Baiyi Cloud Asset Management System 8.142.100.161. It has been classified as critical. This affects an unknown part of the file /wuser/admin.ticket.close.php. The manipulation of the argument ticket_id leads to…
- CVE-2025-15353HIGHCVSS 7.3EG 7.32025-12-30
A vulnerability was detected in itsourcecode Society Management System 1.0. Impacted is the function edit_admin_query of the file /admin/edit_admin_query.php. Performing manipulation of the argument Username results in sql injection. It is…
- CVE-2025-15354HIGHCVSS 7.3EG 7.32025-12-30
A flaw has been found in itsourcecode Society Management System 1.0. The affected element is an unknown function of the file /admin/add_admin.php. Executing manipulation of the argument Username can lead to sql injection. It is possible to…
- CVE-2025-15357MEDIUMCVSS 6.3EG 6.32025-12-30
A vulnerability was found in D-Link DI-7400G+ 19.12.25A1. This affects an unknown function of the file /msp_info.htm?flag=cmd. The manipulation of the argument cmd results in command injection. The attack can be launched remotely. The expl…
- CVE-2025-1537MEDIUMCVSS 6.3EG 6.32025-02-21
A vulnerability was found in Harpia DiagSystem 12. It has been rated as critical. This issue affects some unknown processing of the file /diagsystem/PACS/atualatendimento_jpeg.php. The manipulation of the argument codexame leads to sql inj…
- CVE-2025-15391MEDIUMCVSS 6.3EG 6.32025-12-31
A weakness has been identified in D-Link DIR-806A 100CNb11. Affected is the function ssdpcgi_main of the component SSDP Request Handler. This manipulation causes command injection. The attack can be initiated remotely. The exploit has been…
- CVE-2025-15392MEDIUMCVSS 6.3EG 6.32025-12-31
A weakness has been identified in Kohana KodiCMS up to 13.82.135. This affects the function like of the file cms/modules/pages/classes/kodicms/model/page.php of the component Search API Endpoint. Executing manipulation of the argument keyw…
- CVE-2025-15393MEDIUMCVSS 6.3EG 6.32025-12-31
A security vulnerability has been detected in Kohana KodiCMS up to 13.82.135. This impacts the function Save of the file cms/modules/kodicms/classes/kodicms/model/file.php of the component Layout API Endpoint. The manipulation of the argum…
- CVE-2025-15394MEDIUMCVSS 4.7EG 4.72025-12-31
A vulnerability was detected in iCMS up to 8.0.0. Affected is the function Save of the file app/config/ConfigAdmincp.php of the component POST Parameter Handler. The manipulation of the argument config results in code injection. The attack…
- CVE-2025-15407HIGHCVSS 7.3EG 7.32026-01-01
A vulnerability has been found in code-projects Online Guitar Store 1.0. This impacts an unknown function of the file /admin/Create_category.php. Such manipulation of the argument dre_Ctitle leads to sql injection. The attack can be execut…
- CVE-2025-15408HIGHCVSS 7.3EG 7.32026-01-01
A vulnerability was found in code-projects Online Guitar Store 1.0. Affected is an unknown function of the file /admin/Create_product.php. Performing a manipulation of the argument dre_title results in sql injection. The attack is possible…
- CVE-2025-15409HIGHCVSS 7.3EG 7.32026-01-01
A vulnerability was determined in code-projects Online Guitar Store 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/Delete_product.php. Executing a manipulation of the argument del_pro can lead to sql inj…
- CVE-2025-15410HIGHCVSS 7.3EG 7.32026-01-01
A vulnerability was identified in code-projects Online Guitar Store 1.0. Affected by this issue is some unknown functionality of the file /login.php. The manipulation of the argument L_email leads to sql injection. It is possible to initia…
Map vulnerabilities like CWE-74 to your infrastructure
EchelonGraph correlates every CVE — across CWE-74 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →