CWE-74— Improper Neutralization of Special Elements in Output Used by a Downstream Component (Injection)
The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.— MITRE CWE catalog
5,095 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-74page 53 of 102
- CVE-2025-3176HIGHCVSS 7.3EG 7.32025-04-03
A vulnerability was found in Project Worlds Online Lawyer Management System 1.0. It has been classified as critical. This affects an unknown part of the file /single_lawyer.php. The manipulation of the argument u_id leads to sql injection.…
- CVE-2025-3178HIGHCVSS 7.3EG 7.32025-04-03
A vulnerability was found in projectworlds Online Doctor Appointment Booking System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /doctor/deleteappointment.php. The manipulation of the argument …
- CVE-2025-3179HIGHCVSS 7.3EG 7.32025-04-03
A vulnerability classified as critical has been found in projectworlds Online Doctor Appointment Booking System 1.0. Affected is an unknown function of the file /doctor/deletepatient.php. The manipulation of the argument ic leads to sql in…
- CVE-2025-3180HIGHCVSS 7.3EG 7.32025-04-03
A vulnerability classified as critical was found in projectworlds Online Doctor Appointment Booking System 1.0. Affected by this vulnerability is an unknown functionality of the file /doctor/deleteschedule.php. The manipulation of the argu…
- CVE-2025-3181HIGHCVSS 7.3EG 7.32025-04-03
A vulnerability, which was classified as critical, has been found in projectworlds Online Doctor Appointment Booking System 1.0. Affected by this issue is some unknown functionality of the file /patient/appointment.php?scheduleDate=1&appid…
- CVE-2025-3182HIGHCVSS 7.3EG 7.32025-04-03
A vulnerability, which was classified as critical, was found in projectworlds Online Doctor Appointment Booking System 1.0. This affects an unknown part of the file /patient/getschedule.php. The manipulation of the argument q leads to sql …
- CVE-2025-3183HIGHCVSS 7.3EG 7.32025-04-03
A vulnerability has been found in projectworlds Online Doctor Appointment Booking System 1.0 and classified as critical. This vulnerability affects unknown code of the file /patient/patientupdateprofile.php. The manipulation of the argumen…
- CVE-2025-3184HIGHCVSS 7.3EG 7.32025-04-03
A vulnerability was found in projectworlds Online Doctor Appointment Booking System 1.0 and classified as critical. This issue affects some unknown processing of the file /patient/profile.php?patientId=1. The manipulation of the argument p…
- CVE-2025-3185HIGHCVSS 7.3EG 7.32025-04-03
A vulnerability was found in projectworlds Online Doctor Appointment Booking System 1.0. It has been classified as critical. Affected is an unknown function of the file /patient/patientupdateprofile.php. The manipulation of the argument pa…
- CVE-2025-3186HIGHCVSS 7.3EG 7.32025-04-04
A vulnerability was found in projectworlds Online Doctor Appointment Booking System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /patient/invoice.php. The manipulation of the…
- CVE-2025-3187HIGHCVSS 7.3EG 7.32025-04-04
A vulnerability was found in PHPGurukul e-Diary Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /login.php. The manipulation of the argument logindetail leads to sql in…
- CVE-2025-3188HIGHCVSS 7.3EG 7.32025-04-04
A vulnerability classified as critical has been found in PHPGurukul e-Diary Management System 1.0. This affects an unknown part of the file /add-notes.php. The manipulation of the argument Category leads to sql injection. It is possible to…
- CVE-2025-3195HIGHCVSS 7.3EG 7.32025-04-04
A vulnerability, which was classified as critical, has been found in itsourcecode Online Blood Bank Management System 1.0. This issue affects some unknown processing of the file /bbms.php. The manipulation of the argument Search leads to s…
- CVE-2025-3204MEDIUMCVSS 6.3EG 6.32025-04-04
A vulnerability, which was classified as critical, has been found in CodeAstro Car Rental System 1.0. Affected by this issue is some unknown functionality of the file /returncar.php. The manipulation of the argument ID leads to sql injecti…
- CVE-2025-3205MEDIUMCVSS 6.3EG 6.32025-04-04
A vulnerability, which was classified as critical, was found in CodeAstro Student Grading System 1.0. This affects an unknown part of the file studentsubject.php. The manipulation of the argument studentId leads to sql injection. It is pos…
- CVE-2025-3206MEDIUMCVSS 6.3EG 6.32025-04-04
A vulnerability has been found in code-projects Hospital Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/doctor-specilization.php. The manipulation of the argument doctorspeciliz…
- CVE-2025-3207MEDIUMCVSS 6.3EG 6.32025-04-04
A vulnerability was found in code-projects Patient Record Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /birthing_form.php. The manipulation of the argument birth_id leads to sql i…
- CVE-2025-3208MEDIUMCVSS 6.3EG 6.32025-04-04
A vulnerability was found in code-projects Patient Record Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /xray_print.php. The manipulation of the argument itr_no leads to sql injectio…
- CVE-2025-3209MEDIUMCVSS 6.3EG 6.32025-04-04
A vulnerability was found in code-projects Patient Record Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /add_patient.php. The manipulation of the argument it…
- CVE-2025-3210MEDIUMCVSS 6.3EG 6.32025-04-04
A vulnerability was found in code-projects Patient Record Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /birthing_pending.php. The manipulation of the argument birth_…
- CVE-2025-3211MEDIUMCVSS 6.3EG 6.32025-04-04
A vulnerability classified as critical has been found in code-projects Patient Record Management System 1.0. This affects an unknown part of the file /birthing_print.php. The manipulation of the argument itr_no/birth_id leads to sql inject…
- CVE-2025-3213HIGHCVSS 7.3EG 7.32025-04-04
A vulnerability classified as critical was found in PHPGurukul e-Diary Management System 1.0. This vulnerability affects unknown code of the file /view-note.php?noteid=11. The manipulation of the argument remark leads to sql injection. The…
- CVE-2025-3215MEDIUMCVSS 6.3EG 6.32025-04-04
A vulnerability was found in PHPGurukul Restaurant Table Booking System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/add-subadmin.php. The manipulation of the argument fullname lea…
- CVE-2025-3216HIGHCVSS 7.3EG 7.32025-04-04
A vulnerability was found in PHPGurukul e-Diary Management System 1.0. It has been classified as critical. This affects an unknown part of the file /password-recovery.php. The manipulation of the argument username/contactno leads to sql in…
- CVE-2025-3217HIGHCVSS 7.3EG 7.32025-04-04
A vulnerability was found in PHPGurukul e-Diary Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /registration.php. The manipulation of the argument emailid leads to sql injection…
- CVE-2025-3220HIGHCVSS 7.3EG 7.32025-04-04
A vulnerability was found in PHPGurukul e-Diary Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /dashboard.php. The manipulation of the argument Category leads…
- CVE-2025-3229MEDIUMCVSS 4.7EG 4.72025-04-04
A vulnerability was found in PHPGurukul Restaurant Table Booking System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /edit-subadmin.php. The manipulation of the argument fullname leads to sql i…
- CVE-2025-3231HIGHCVSS 7.3EG 7.32025-04-04
A vulnerability was found in PHPGurukul Zoo Management System 2.1. It has been rated as critical. This issue affects some unknown processing of the file /aboutus.php. The manipulation of the argument pagetitle/pagedes leads to sql injectio…
- CVE-2025-3235MEDIUMCVSS 6.3EG 6.32025-04-04
A vulnerability was found in PHPGurukul Old Age Home Management System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/profile.php. The manipulation of the argument adminname/contactnumber leads to …
- CVE-2025-3238HIGHCVSS 7.3EG 7.32025-04-04
A vulnerability classified as critical has been found in PHPGurukul Online Fire Reporting System 1.2. Affected is an unknown function of the file /search-request.php. The manipulation of the argument searchdata leads to sql injection. It i…
- CVE-2025-3239HIGHCVSS 7.3EG 7.32025-04-04
A vulnerability classified as critical was found in PHPGurukul Online Fire Reporting System 1.2. Affected by this vulnerability is an unknown functionality of the file /admin/edit-guard-detail.php. The manipulation of the argument editid l…
- CVE-2025-32390HIGHCVSS 8.5EG 8.52025-05-12
EspoCRM is a free, open-source customer relationship management platform. Prior to version 9.0.8, HTML Injection in Knowledge Base (KB) articles leads to complete page defacement imitating the login page. Authenticated users with the read …
- CVE-2025-3240HIGHCVSS 7.3EG 7.32025-04-04
A vulnerability, which was classified as critical, has been found in PHPGurukul Online Fire Reporting System 1.2. Affected by this issue is some unknown functionality of the file /admin/search.php. The manipulation of the argument searchda…
- CVE-2025-3242MEDIUMCVSS 6.3EG 6.32025-04-04
A vulnerability has been found in PHPGurukul e-Diary Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /search-result.php. The manipulation of the argument id/searchdata leads to sql inje…
- CVE-2025-3243MEDIUMCVSS 6.3EG 6.32025-04-04
A vulnerability was found in code-projects Patient Record Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /dental_form.php. The manipulation of the argument itr_no/dental_no leads to…
- CVE-2025-3245MEDIUMCVSS 6.3EG 6.32025-04-04
A vulnerability was found in itsourcecode Library Management System 1.0. It has been rated as critical. Affected by this issue is the function Search of the file library_management/src/Library_Management/Forgot.java. The manipulation of th…
- CVE-2025-3249MEDIUMCVSS 6.3EG 6.32025-04-04
A vulnerability classified as critical was found in TOTOLINK A6000R 1.0.1-B20201211.2000. Affected by this vulnerability is the function apcli_cancel_wps of the file /usr/lib/lua/luci/controller/mtkwifi.lua. The manipulation leads to comma…
- CVE-2025-3258HIGHCVSS 7.3EG 7.32025-04-04
A vulnerability classified as critical was found in PHPGurukul Old Age Home Management System 1.0. This vulnerability affects unknown code of the file /search.php. The manipulation of the argument searchdata leads to sql injection. The att…
- CVE-2025-3265HIGHCVSS 7.3EG 7.32025-04-04
A vulnerability classified as critical was found in PHPGurukul e-Diary Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /add-category.php. The manipulation of the argument Category leads to sql …
- CVE-2025-3267MEDIUMCVSS 6.3EG 6.32025-04-04
A vulnerability, which was classified as critical, was found in qinguoyi TinyWebServer up to 1.0. This affects an unknown part of the file /http/http_conn.cpp. The manipulation of the argument name/password leads to sql injection. It is po…
- CVE-2025-32699LOWCVSS 2.1EG 2.12025-04-10
Vulnerability in Wikimedia Foundation MediaWiki, Wikimedia Foundation Parsoid.This issue affects MediaWiki: before 1.39.12, 1.42.6, 1.43.1; Parsoid: before 0.16.5, 0.19.2, 0.20.2.
- CVE-2025-32711CRITICALCVSS 9.3EG 9.32025-06-11
Ai command injection in M365 Copilot allows an unauthorized attacker to disclose information over a network.
- CVE-2025-3296MEDIUMCVSS 6.3EG 6.32025-04-05
A vulnerability, which was classified as critical, has been found in SourceCodester Online Eyewear Shop 1.0. This issue affects some unknown processing of the file /classes/Users.php?f=delete_customer. The manipulation of the argument ID l…
- CVE-2025-3299HIGHCVSS 7.3EG 7.32025-04-05
A vulnerability was found in PHPGurukul Men Salon Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /appointment.php. The manipulation of the argument Name leads to sql injec…
- CVE-2025-3303MEDIUMCVSS 6.3EG 6.32025-04-05
A vulnerability, which was classified as critical, has been found in code-projects Patient Record Management System 1.0. Affected by this issue is some unknown functionality of the file /birthing_record.php. The manipulation of the argumen…
- CVE-2025-3304MEDIUMCVSS 6.3EG 6.32025-04-05
A vulnerability, which was classified as critical, was found in code-projects Patient Record Management System 1.0. This affects an unknown part of the file /dental_not.php. The manipulation of the argument itr_no leads to sql injection. I…
- CVE-2025-3306HIGHCVSS 7.3EG 7.32025-04-06
A vulnerability was found in code-projects Blood Bank Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /don.php. The manipulation of the argument fullname leads to sql injection. The …
- CVE-2025-3307HIGHCVSS 7.3EG 7.32025-04-06
A vulnerability was found in code-projects Blood Bank Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /reset.php. The manipulation of the argument useremail leads to sql injection. It …
- CVE-2025-3308HIGHCVSS 7.3EG 7.32025-04-06
A vulnerability was found in code-projects Blood Bank Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /viewrequest.php. The manipulation of the argument ID lea…
- CVE-2025-3309HIGHCVSS 7.3EG 7.32025-04-06
A vulnerability was found in code-projects Blood Bank Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/campsdetails.php. The manipulation of the argument hospital…
Map vulnerabilities like CWE-74 to your infrastructure
EchelonGraph correlates every CVE — across CWE-74 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →