CWE-74— Improper Neutralization of Special Elements in Output Used by a Downstream Component (Injection)
The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.— MITRE CWE catalog
5,095 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-74page 51 of 102
- CVE-2025-2625MEDIUMCVSS 6.3EG 6.32025-03-22
A vulnerability classified as critical has been found in westboy CicadasCMS 1.0. This affects an unknown part of the file /system/cms/content/page. The manipulation of the argument orderField/orderDirection leads to sql injection. It is po…
- CVE-2025-2626MEDIUMCVSS 6.3EG 6.32025-03-22
A vulnerability classified as critical was found in SourceCodester Kortex Lite Advocate Office Management System 1.0. This vulnerability affects unknown code of the file edit_case.php. The manipulation of the argument ID leads to sql injec…
- CVE-2025-2627MEDIUMCVSS 6.3EG 6.32025-03-22
A vulnerability, which was classified as critical, has been found in PHPGurukul Art Gallery Management System 1.0. This issue affects some unknown processing of the file /admin/contactus.php. The manipulation of the argument pagetitle lead…
- CVE-2025-2628MEDIUMCVSS 6.3EG 6.32025-03-22
A vulnerability, which was classified as critical, was found in PHPGurukul Art Gallery Management System 1.1. Affected is an unknown function of the file /art-enquiry.php. The manipulation of the argument eid leads to sql injection. It is …
- CVE-2025-2640HIGHCVSS 7.3EG 7.32025-03-23
A vulnerability was found in PHPGurukul Doctor Appointment Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /doctor/appointment-bwdates-reports-details.php. The manipulation of the ar…
- CVE-2025-2641HIGHCVSS 7.3EG 7.32025-03-23
A vulnerability, which was classified as critical, has been found in PHPGurukul Art Gallery Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/edit-artist-detail.php?editid=1. The manipulation of…
- CVE-2025-2642HIGHCVSS 7.3EG 7.32025-03-23
A vulnerability, which was classified as critical, was found in PHPGurukul Art Gallery Management System 1.0. This affects an unknown part of the file /admin/edit-art-product-detail.php?editid=2. The manipulation of the argument editide/sp…
- CVE-2025-2643HIGHCVSS 7.3EG 7.32025-03-23
A vulnerability has been found in PHPGurukul Art Gallery Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/edit-art-type-detail.php?editid=1. The manipulation of the argument artty…
- CVE-2025-2644HIGHCVSS 7.3EG 7.32025-03-23
A vulnerability was found in PHPGurukul Art Gallery Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/add-art-product.php. The manipulation of the argument arttype leads to sql …
- CVE-2025-2646HIGHCVSS 7.3EG 7.32025-03-23
A vulnerability was found in PHPGurukul Art Gallery Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/admin-profile.php. The manipulation of the argument …
- CVE-2025-2647HIGHCVSS 7.3EG 7.32025-03-23
A vulnerability was found in PHPGurukul Art Gallery Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /search.php. The manipulation of the argument Search leads to sql in…
- CVE-2025-2648HIGHCVSS 7.3EG 7.32025-03-23
A vulnerability classified as critical has been found in PHPGurukul Art Gallery Management System 1.0. This affects an unknown part of the file /admin/view-enquiry-detail.php. The manipulation of the argument viewid leads to sql injection.…
- CVE-2025-2649HIGHCVSS 7.3EG 7.32025-03-23
A vulnerability classified as critical was found in PHPGurukul Doctor Appointment Management System 1.0. This vulnerability affects unknown code of the file /check-appointment.php. The manipulation of the argument searchdata leads to sql i…
- CVE-2025-2654HIGHCVSS 7.3EG 7.32025-03-23
A vulnerability was found in SourceCodester AC Repair and Services System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/services/manage_service.php. The manipulation of the argument ID leads to sq…
- CVE-2025-2655HIGHCVSS 7.3EG 7.32025-03-23
A vulnerability was detected in SourceCodester AC Repair and Services System 1.0. The affected element is the function save_users/delete_users of the file /classes/Users.php. Performing manipulation of the argument ID results in sql inject…
- CVE-2025-2656HIGHCVSS 7.3EG 7.32025-03-23
A vulnerability classified as critical has been found in PHPGurukul Zoo Management System 2.1. Affected is an unknown function of the file /admin/login.php. The manipulation of the argument Username leads to sql injection. It is possible t…
- CVE-2025-2657HIGHCVSS 7.3EG 7.32025-03-23
A vulnerability classified as critical was found in projectworlds Apartment Visitors Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /front.php. The manipulation of the argument rid leads to sq…
- CVE-2025-2658HIGHCVSS 7.3EG 7.32025-03-23
A vulnerability, which was classified as critical, has been found in PHPGurukul Online Security Guards Hiring System 1.0. Affected by this issue is some unknown functionality of the file /search-request.php. The manipulation of the argumen…
- CVE-2025-2659HIGHCVSS 7.3EG 7.32025-03-23
A vulnerability, which was classified as critical, was found in Project Worlds Online Time Table Generator 1.0. This affects an unknown part of the file /student/index.php. The manipulation of the argument e leads to sql injection. It is p…
- CVE-2025-2660HIGHCVSS 7.3EG 7.32025-03-23
A vulnerability has been found in Project Worlds Online Time Table Generator 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/index.php. The manipulation of the argument e leads to sql injection. T…
- CVE-2025-2661HIGHCVSS 7.3EG 7.32025-03-23
A vulnerability was found in Project Worlds Online Time Table Generator 1.0 and classified as critical. This issue affects some unknown processing of the file /staff/index.php. The manipulation of the argument e leads to sql injection. The…
- CVE-2025-2662MEDIUMCVSS 6.3EG 6.32025-03-23
A vulnerability was found in Project Worlds Online Time Table Generator 1.0. It has been classified as critical. Affected is an unknown function of the file student/studentdashboard.php. The manipulation of the argument course leads to sql…
- CVE-2025-2663HIGHCVSS 7.3EG 7.32025-03-23
A vulnerability has been found in PHPGurukul Bank Locker Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /search-locker-details.php. The manipulation of the argument …
- CVE-2025-2664MEDIUMCVSS 4.7EG 4.72025-03-23
A vulnerability was found in CodeZips Hospital Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /suadpeted.php. The manipulation of the argument ID leads to sql injection. T…
- CVE-2025-2665HIGHCVSS 7.3EG 7.32025-03-23
A vulnerability was found in PHPGurukul Online Security Guards Hiring System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/bwdates-reports-details.php. The manipulation of the argument fromdate/to…
- CVE-2025-2672MEDIUMCVSS 6.3EG 6.32025-03-23
A vulnerability was found in code-projects Payroll Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /add_deductions.php. The manipulation of the argument bir leads to sql injectio…
- CVE-2025-2674HIGHCVSS 7.3EG 7.32025-03-24
A vulnerability classified as critical was found in PHPGurukul Bank Locker Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /aboutus.php. The manipulation of the argument pagetitle leads to sql …
- CVE-2025-2675HIGHCVSS 7.3EG 7.32025-03-24
A vulnerability, which was classified as critical, has been found in PHPGurukul Bank Locker Management System 1.0. Affected by this issue is some unknown functionality of the file /add-lockertype.php. The manipulation of the argument locke…
- CVE-2025-2676HIGHCVSS 7.3EG 7.32025-03-24
A vulnerability, which was classified as critical, was found in PHPGurukul Bank Locker Management System 1.0. This affects an unknown part of the file /add-subadmin.php. The manipulation of the argument sadminusername leads to sql injectio…
- CVE-2025-2677HIGHCVSS 7.3EG 7.32025-03-24
A vulnerability has been found in PHPGurukul Bank Locker Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /changeidproof.php. The manipulation of the argument editid leads to sql injecti…
- CVE-2025-2678HIGHCVSS 7.3EG 7.32025-03-24
A vulnerability was found in PHPGurukul Bank Locker Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /changeimage1.php. The manipulation of the argument editid leads to sql injection.…
- CVE-2025-2679HIGHCVSS 7.3EG 7.32025-03-24
A vulnerability was found in PHPGurukul Bank Locker Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /contact-us.php. The manipulation of the argument pagetitle leads to sql injection. …
- CVE-2025-2680HIGHCVSS 7.3EG 7.32025-03-24
A vulnerability was found in PHPGurukul Bank Locker Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /edit-assign-locker.php?ltid=1. The manipulation of the arg…
- CVE-2025-2681HIGHCVSS 7.3EG 7.32025-03-24
A vulnerability was found in PHPGurukul Bank Locker Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /edit-locker.php?ltid=6. The manipulation of the argument lockersize…
- CVE-2025-2682HIGHCVSS 7.3EG 7.32025-03-24
A vulnerability classified as critical has been found in PHPGurukul Bank Locker Management System 1.0. This affects an unknown part of the file /edit-subadmin.php?said=3. The manipulation of the argument mobilenumber leads to sql injection…
- CVE-2025-2683HIGHCVSS 7.3EG 7.32025-03-24
A vulnerability classified as critical was found in PHPGurukul Bank Locker Management System 1.0. This vulnerability affects unknown code of the file /profile.php. The manipulation of the argument mobilenumber leads to sql injection. The a…
- CVE-2025-2684HIGHCVSS 7.3EG 7.32025-03-24
A vulnerability, which was classified as critical, has been found in PHPGurukul Bank Locker Management System 1.0. This issue affects some unknown processing of the file /search-report-details.php. The manipulation of the argument searchin…
- CVE-2025-27107HIGHCVSS 8.6EG 8.62025-03-13
Integrated Scripting is a tool for creating scripts for handling complex operations in Integrated Dynamics. Minecraft users who use Integrated Scripting prior to versions 1.21.1-1.0.17, 1.21.4-1.0.9-254, 1.20.1-1.0.13, and 1.19.2-1.0.10 ma…
- CVE-2025-2725HIGHCVSS 8.0EG 8.82025-03-25
A vulnerability classified as critical was found in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 up to V100R014. Affected by this vulnerability is an unknown functionality of the file /api/login/auth of the co…
- CVE-2025-2726HIGHCVSS 8.0EG 8.82025-03-25
A vulnerability, which was classified as critical, has been found in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 up to V100R014. Affected by this issue is some unknown functionality of the file /api/esps of t…
- CVE-2025-2727HIGHCVSS 8.0EG 8.82025-03-25
A vulnerability, which was classified as critical, was found in H3C Magic NX30 Pro up to V100R007. This affects an unknown part of the file /api/wizard/getNetworkStatus of the component HTTP POST Request Handler. The manipulation leads to …
- CVE-2025-2728HIGHCVSS 8.0EG 8.82025-03-25
A vulnerability has been found in H3C Magic NX30 Pro and Magic NX400 up to V100R014 and classified as critical. This vulnerability affects unknown code of the file /api/wizard/getNetworkConf. The manipulation leads to command injection. Th…
- CVE-2025-2729HIGHCVSS 8.0EG 8.82025-03-25
A vulnerability was found in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 up to V100R014 and classified as critical. This issue affects some unknown processing of the file /api/wizard/networkSetup of the compo…
- CVE-2025-2730HIGHCVSS 8.0EG 8.82025-03-25
A vulnerability was found in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 up to V100R014. It has been classified as critical. Affected is an unknown function of the file /api/wizard/getssidname of the componen…
- CVE-2025-2731HIGHCVSS 8.0EG 8.82025-03-25
A vulnerability was found in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 up to V100R014. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /api/wizard/ge…
- CVE-2025-2732HIGHCVSS 8.0EG 8.82025-03-25
A vulnerability was found in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 up to V100R014. It has been rated as critical. Affected by this issue is some unknown functionality of the file /api/wizard/getWifiNeig…
- CVE-2025-2734HIGHCVSS 7.3EG 7.32025-03-25
A vulnerability, which was classified as critical, was found in PHPGurukul Old Age Home Management System 1.0. Affected is an unknown function of the file /admin/aboutus.php. The manipulation of the argument pagetitle leads to sql injectio…
- CVE-2025-2735HIGHCVSS 7.3EG 7.32025-03-25
A vulnerability has been found in PHPGurukul Old Age Home Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/add-services.php. The manipulation of the argument se…
- CVE-2025-2736HIGHCVSS 7.3EG 7.32025-03-25
A vulnerability was found in PHPGurukul Old Age Home Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/bwdates-report-details.php. The manipulation of the argument fro…
- CVE-2025-2737HIGHCVSS 7.3EG 7.32025-03-25
A vulnerability was found in PHPGurukul Old Age Home Management System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/contactus.php. The manipulation of the argument pagetitle leads to sql injectio…
Map vulnerabilities like CWE-74 to your infrastructure
EchelonGraph correlates every CVE — across CWE-74 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →