CWE-74— Improper Neutralization of Special Elements in Output Used by a Downstream Component (Injection)
The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.— MITRE CWE catalog
5,095 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-74page 50 of 102
- CVE-2025-2067HIGHCVSS 7.3EG 7.32025-03-07
A vulnerability was found in projectworlds Life Insurance Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /search.php. The manipulation of the argument key leads to sql injection. Th…
- CVE-2025-2088HIGHCVSS 7.3EG 7.32025-03-07
A vulnerability, which was classified as critical, was found in PHPGurukul Pre-School Enrollment System up to 1.0. Affected is an unknown function of the file /admin/profile.php. The manipulation of the argument fullname/emailid/mobileNumb…
- CVE-2025-2112MEDIUMCVSS 6.3EG 6.32025-03-08
A vulnerability was found in user-xiangpeng yaoqishan up to a47fec4a31cbd13698c592dfdc938c8824dd25e4. It has been declared as critical. Affected by this vulnerability is the function getMediaLisByFilter of the file cn/javaex/yaoqishan/serv…
- CVE-2025-2113HIGHCVSS 7.3EG 7.32025-03-09
A vulnerability was found in AT Software Solutions ATSVD up to 3.4.1. It has been rated as critical. Affected by this issue is some unknown functionality of the component Esqueceu a senha. The manipulation of the argument txtCPF leads to s…
- CVE-2025-2117MEDIUMCVSS 6.3EG 6.32025-03-09
A vulnerability was found in Beijing Founder Electronics Founder Enjoys All-Media Acquisition and Editing System 3.0 and classified as critical. Affected by this issue is the function electricDocList of the file /newsedit/report/reportCent…
- CVE-2025-2118HIGHCVSS 7.3EG 7.32025-03-09
A vulnerability was found in Quantico Tecnologia PRMV 6.48. It has been classified as critical. This affects an unknown part of the file /admin/login.php of the component Login Endpoint. The manipulation of the argument username leads to s…
- CVE-2025-2126MEDIUMCVSS 6.3EG 6.32025-03-09
A vulnerability was found in JoomlaUX JUX Real Estate 3.4.0 on Joomla and classified as critical. This issue affects some unknown processing of the file /extensions/realestate/index.php/properties/list/list-with-sidebar/realties of the com…
- CVE-2025-2132MEDIUMCVSS 4.7EG 4.72025-03-09
A vulnerability classified as critical has been found in ftcms 2.1. Affected is an unknown function of the file /admin/index.php/web/ajax_all_lists of the component Search. The manipulation of the argument name leads to sql injection. It i…
- CVE-2025-2217MEDIUMCVSS 6.3EG 6.32025-03-12
A vulnerability, which was classified as critical, was found in zzskzy Warehouse Refinement Management System 1.3. This affects the function ProcessRequest of the file /getAdyData.ashx. The manipulation of the argument showid leads to sql …
- CVE-2025-22978CRITICALCVSS 9.8EG 9.82025-02-03
eladmin <=2.7 is vulnerable to CSV Injection in the exception log download module.
- CVE-2025-2351HIGHCVSS 7.3EG 7.32025-03-16
A vulnerability classified as critical was found in DayCloud StudentManage 1.0. This vulnerability affects unknown code of the file /admin/adminScoreUrl of the component Login Endpoint. The manipulation of the argument query leads to sql i…
- CVE-2025-2353HIGHCVSS 7.3EG 7.32025-03-17
A vulnerability, which was classified as critical, was found in VAM Virtual Airlines Manager up to 2.6.2. Affected is an unknown function of the file /vam/index.php of the component HTTP GET Parameter Handler. The manipulation of the argum…
- CVE-2025-2358MEDIUMCVSS 6.3EG 6.32025-03-17
A vulnerability was found in Shenzhen Mingyuan Cloud Technology Mingyuan Real Estate ERP System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /Kfxt/Service.asmx of the component HTTP Header Hand…
- CVE-2025-2362HIGHCVSS 7.3EG 7.32025-03-17
A vulnerability was found in PHPGurukul Pre-School Enrollment System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/contact-us.php. The manipulation of the argument mobnum leads to sql inj…
- CVE-2025-2372HIGHCVSS 7.3EG 7.32025-03-17
A vulnerability classified as critical has been found in PHPGurukul Human Metapneumovirus Testing Management System 1.0. This affects an unknown part of the file /password-recovery.php of the component Password Recovery Page. The manipulat…
- CVE-2025-2373MEDIUMCVSS 6.3EG 6.32025-03-17
A vulnerability classified as critical was found in PHPGurukul Human Metapneumovirus Testing Management System 1.0. This vulnerability affects unknown code of the file /check_availability.php. The manipulation of the argument mobnumber/emp…
- CVE-2025-2374MEDIUMCVSS 6.3EG 6.32025-03-17
A vulnerability, which was classified as critical, has been found in PHPGurukul Human Metapneumovirus Testing Management System 1.0. This issue affects some unknown processing of the file /profile.php. The manipulation of the argument aid/…
- CVE-2025-2378HIGHCVSS 7.3EG 7.32025-03-17
A vulnerability was found in PHPGurukul Medical Card Generation System 1.0. It has been classified as critical. This affects an unknown part of the file /download-medical-cards.php. The manipulation of the argument searchdata leads to sql …
- CVE-2025-2379HIGHCVSS 7.3EG 7.32025-03-17
A vulnerability was found in PHPGurukul Apartment Visitors Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /create-pass.php. The manipulation of the argument visname leads to sql…
- CVE-2025-2380HIGHCVSS 7.3EG 7.32025-03-17
A vulnerability was found in PHPGurukul Apartment Visitors Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin-profile.php. The manipulation of the argument mobilenumber leads…
- CVE-2025-2381HIGHCVSS 7.3EG 7.32025-03-17
A vulnerability classified as critical has been found in PHPGurukul Curfew e-Pass Management System 1.0. Affected is an unknown function of the file /admin/search-pass.php. The manipulation of the argument searchdata leads to sql injection…
- CVE-2025-2382HIGHCVSS 7.3EG 7.32025-03-17
A vulnerability classified as critical was found in PHPGurukul Online Banquet Booking System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/booking-search.php. The manipulation of the argument searchdata…
- CVE-2025-2383HIGHCVSS 7.3EG 7.32025-03-17
A vulnerability, which was classified as critical, has been found in PHPGurukul Doctor Appointment Management System 1.0. Affected by this issue is some unknown functionality of the file /doctor/search.php. The manipulation of the argument…
- CVE-2025-2384MEDIUMCVSS 6.3EG 6.32025-03-17
A vulnerability, which was classified as critical, was found in code-projects Real Estate Property Management System 1.0. This affects an unknown part of the file /InsertCustomer.php of the component Parameter Handler. The manipulation of …
- CVE-2025-2385HIGHCVSS 7.3EG 7.32025-03-17
A vulnerability has been found in code-projects Modern Bag 1.0 and classified as critical. This vulnerability affects unknown code of the file /login.php. The manipulation of the argument userEmail/userPassword leads to sql injection. The …
- CVE-2025-2386HIGHCVSS 7.3EG 7.32025-03-17
A vulnerability was found in PHPGurukul Local Services Search Engine Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /serviceman-search.php. The manipulation of the argument location…
- CVE-2025-2387HIGHCVSS 7.3EG 7.32025-03-17
A vulnerability was found in SourceCodester Online Food Ordering System 2.0. It has been classified as critical. Affected is an unknown function of the file /admin/ajax.php?action=add_to_cart. The manipulation of the argument pid leads to …
- CVE-2025-2389MEDIUMCVSS 4.7EG 4.72025-03-17
A vulnerability was found in code-projects Blood Bank Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/add_city.php. The manipulation leads to sql injection. The …
- CVE-2025-2390MEDIUMCVSS 6.3EG 6.32025-03-17
A vulnerability classified as critical has been found in code-projects Blood Bank Management System 1.0. This affects an unknown part of the file /user_dashboard/add_donor.php. The manipulation leads to sql injection. It is possible to ini…
- CVE-2025-2391HIGHCVSS 7.3EG 7.32025-03-17
A vulnerability classified as critical was found in code-projects Blood Bank Management System 1.0. This vulnerability affects unknown code of the file /admin/admin_login.php of the component Admin Login Page. The manipulation leads to sql…
- CVE-2025-2392MEDIUMCVSS 4.7EG 4.72025-03-17
A vulnerability, which was classified as critical, has been found in code-projects Online Class and Exam Scheduling System 1.0. This issue affects some unknown processing of the file /pages/activate.php. The manipulation of the argument id…
- CVE-2025-2393MEDIUMCVSS 4.7EG 4.72025-03-17
A vulnerability, which was classified as critical, was found in code-projects Online Class and Exam Scheduling System 1.0. Affected is an unknown function of the file /pages/salut_del.php. The manipulation of the argument id leads to sql i…
- CVE-2025-2419MEDIUMCVSS 6.3EG 6.32025-03-17
A vulnerability classified as critical has been found in code-projects Real Estate Property Management System 1.0. Affected is an unknown function of the file /InsertFeedback.php. The manipulation of the argument txtName/txtEmail/txtMobile…
- CVE-2025-24291MEDIUMCVSS 6.1EG 6.12025-06-19
The Versa Director SD-WAN orchestration platform provides functionality to upload various types of files. However, the Java code handling file uploads contains an argument injection vulnerability. By appending additional arguments to the f…
- CVE-2025-24364HIGHCVSS 7.2EG 7.22025-01-27
vaultwarden is an unofficial Bitwarden compatible server written in Rust, formerly known as bitwarden_rs. Attacker with authenticated access to the vaultwarden admin panel can execute arbitrary code in the system. The attacker could then c…
- CVE-2025-24374MEDIUMCVSS 4.3EG 4.32025-01-29
Twig is a template language for PHP. When using the ?? operator, output escaping was missing for the expression on the left side of the operator. This vulnerability is fixed in 3.19.0.
- CVE-2025-2471MEDIUMCVSS 6.3EG 6.32025-03-18
A vulnerability, which was classified as critical, was found in PHPGurukul Boat Booking System 1.0. Affected is an unknown function of the file /boat-details.php. The manipulation of the argument bid leads to sql injection. It is possible …
- CVE-2025-2472HIGHCVSS 7.3EG 7.32025-03-18
A vulnerability has been found in PHPGurukul Apartment Visitors Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /index.php of the component Sign In. The manipulation …
- CVE-2025-2473HIGHCVSS 7.3EG 7.32025-03-18
A vulnerability was found in PHPGurukul Company Visitor Management System 2.0 and classified as critical. Affected by this issue is some unknown functionality of the file /index.php of the component Sign In. The manipulation of the argumen…
- CVE-2025-24904HIGHCVSS 8.5EG 8.52025-02-13
libsignal-service-rs is a Rust version of the libsignal-service-java library which implements the core functionality to communicate with Signal servers. Prior to commit 82d70f6720e762898f34ae76b0894b0297d9b2f8, plaintext content envelopes …
- CVE-2025-24962HIGHCVSS 8.8EG 8.82025-02-03
reNgine is an automated reconnaissance framework for web applications. In affected versions a user can inject commands via the nmap_cmd parameters. This issue has been addressed in commit `c28e5c8d` and is expected in the next versioned re…
- CVE-2025-25477HIGHCVSS 8.1EG 8.12025-02-28
A host header injection vulnerability in SysPass 3.2x allows an attacker to load malicious JS files from an arbitrary domain which would be executed in the victim's browser.
- CVE-2025-2587MEDIUMCVSS 6.3EG 6.32025-03-21
A vulnerability, which was classified as critical, was found in Jinher OA C6 1.0. This affects an unknown part of the file IncentivePlanFulfillAppprove.aspx. The manipulation of the argument httpOID leads to sql injection. It is possible t…
- CVE-2025-2593MEDIUMCVSS 6.3EG 6.32025-03-21
A vulnerability has been found in FastCMS up to 0.1.5 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /api/client/article/list. The manipulation of the argument orderBy leads to sql inject…
- CVE-2025-2601MEDIUMCVSS 6.3EG 6.32025-03-21
A vulnerability, which was classified as critical, was found in SourceCodester Kortex Lite Advocate Office Management System 1.0. This affects an unknown part of the file activate_reg.php. The manipulation of the argument ID leads to sql i…
- CVE-2025-2602MEDIUMCVSS 6.3EG 6.32025-03-21
A vulnerability has been found in SourceCodester Kortex Lite Advocate Office Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file deactivate_reg.php. The manipulation of the argument ID lead…
- CVE-2025-2603MEDIUMCVSS 6.3EG 6.32025-03-21
A vulnerability was found in SourceCodester Kortex Lite Advocate Office Management System 1.0 and classified as critical. This issue affects some unknown processing of the file deactivate.php. The manipulation of the argument ID leads to s…
- CVE-2025-2604MEDIUMCVSS 6.3EG 6.32025-03-21
A vulnerability was found in SourceCodester Kortex Lite Advocate Office Management System 1.0. It has been classified as critical. Affected is an unknown function of the file edit_act.php. The manipulation of the argument ID leads to sql i…
- CVE-2025-2608MEDIUMCVSS 6.3EG 6.32025-03-21
A vulnerability classified as critical has been found in PHPGurukul Banquet Booking System 1.2. This affects an unknown part of the file /admin/view-user-queries.php. The manipulation of the argument viewid leads to sql injection. It is po…
- CVE-2025-2624MEDIUMCVSS 6.3EG 6.32025-03-22
A vulnerability was found in westboy CicadasCMS 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /system/cms/content/save. The manipulation of the argument content/fujian/laiyuan leads to…
Map vulnerabilities like CWE-74 to your infrastructure
EchelonGraph correlates every CVE — across CWE-74 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →