CWE-74— Improper Neutralization of Special Elements in Output Used by a Downstream Component (Injection)
The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.— MITRE CWE catalog
5,095 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-74page 55 of 102
- CVE-2025-3559MEDIUMCVSS 6.3EG 6.32025-04-14
A vulnerability has been found in ghostxbh uzy-ssm-mall 1.0.0 and classified as critical. This vulnerability affects the function ForeProductListController of the file /mall/product/0/20. The manipulation of the argument orderBy leads to s…
- CVE-2025-3563MEDIUMCVSS 4.7EG 4.72025-04-14
A vulnerability was found in WuzhiCMS 4.1. It has been rated as critical. Affected by this issue is the function Set of the file /index.php?m=attachment&f=index&_su=wuzhicms&v=set&submit=1 of the component Setting Handler. The manipulation…
- CVE-2025-3571MEDIUMCVSS 6.3EG 6.32025-04-14
A vulnerability was found in Fannuo Enterprise Content Management System 凡诺企业网站管理系统 1.1/4.0. It has been declared as critical. This vulnerability affects unknown code of the file admin/cms_chip.php. The manipulation of …
- CVE-2025-3589MEDIUMCVSS 6.3EG 6.32025-04-14
A vulnerability, which was classified as critical, was found in SourceCodester Music Class Enrollment System 1.0. Affected is an unknown function of the file /manage_class.php. The manipulation of the argument ID leads to sql injection. It…
- CVE-2025-3676MEDIUMCVSS 6.3EG 6.32025-04-16
A vulnerability classified as critical has been found in xxyopen Novel-Plus 3.5.0. This affects an unknown part of the file /api/front/search/books. The manipulation of the argument sort leads to sql injection. It is possible to initiate t…
- CVE-2025-3684MEDIUMCVSS 6.3EG 6.32025-04-16
A vulnerability was found in Xianqi Kindergarten Management System 2.0 Bulid 20190808. It has been rated as critical. This issue affects some unknown processing of the file stu_list.php of the component Child Management. The manipulation o…
- CVE-2025-3685MEDIUMCVSS 6.3EG 6.32025-04-16
A vulnerability classified as critical has been found in code-projects Patient Record Management System 1.0. Affected is an unknown function of the file /edit_fpatient.php. The manipulation of the argument ID leads to sql injection. It is …
- CVE-2025-3689HIGHCVSS 7.3EG 7.32025-04-16
A vulnerability has been found in PHPGurukul Men Salon Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/edit-customer-detailed.php. The manipulation of the argument editid leads t…
- CVE-2025-3690HIGHCVSS 7.3EG 7.32025-04-16
A vulnerability was found in PHPGurukul Men Salon Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/edit-services.php. The manipulation of the argument cost leads to sql injecti…
- CVE-2025-3694HIGHCVSS 7.3EG 7.32025-04-16
A vulnerability classified as critical has been found in SourceCodester Web-based Pharmacy Product Management System 1.0. This affects an unknown part of the component Login Handler. The manipulation of the argument login_email leads to sq…
- CVE-2025-3696MEDIUMCVSS 6.3EG 6.32025-04-16
A vulnerability classified as critical was found in SourceCodester Web-based Pharmacy Product Management System 1.0. This vulnerability affects unknown code of the file /search/search_stock. php. The manipulation of the argument Name leads…
- CVE-2025-3697MEDIUMCVSS 6.3EG 6.32025-04-16
A vulnerability, which was classified as critical, has been found in SourceCodester Web-based Pharmacy Product Management System 1.0. This issue affects some unknown processing of the file /edit-product.php. The manipulation of the argumen…
- CVE-2025-3792MEDIUMCVSS 4.7EG 4.72025-04-18
A vulnerability, which was classified as critical, has been found in SeaCMS up to 13.3. This issue affects some unknown processing of the file /admin_link.php?action=delall. The manipulation of the argument e_id leads to sql injection. The…
- CVE-2025-3796MEDIUMCVSS 6.3EG 6.32025-04-18
A vulnerability classified as critical has been found in PHPGurukul Men Salon Management System 1.0. This affects an unknown part of the file /admin/contact-us.php. The manipulation of the argument pagetitle/pagedes/email/mobnumber/timing …
- CVE-2025-3797MEDIUMCVSS 4.7EG 4.72025-04-19
A vulnerability classified as critical was found in SeaCMS up to 13.3. This vulnerability affects unknown code of the file /admin_topic.php?action=delall. The manipulation of the argument e_id leads to sql injection. The attack can be init…
- CVE-2025-3799HIGHCVSS 7.3EG 7.32025-04-19
A vulnerability, which was classified as critical, was found in WCMS 11. Affected is an unknown function of the file app/controllers/AnonymousController.php. The manipulation of the argument email/username leads to sql injection. It is pos…
- CVE-2025-3800HIGHCVSS 7.3EG 7.32025-04-19
A vulnerability has been found in WCMS 11 and classified as critical. Affected by this vulnerability is an unknown functionality of the file app/controllers/AnonymousController.php. The manipulation of the argument mobile_phone leads to sq…
- CVE-2025-3804MEDIUMCVSS 5.3EG 5.32025-04-19
A vulnerability classified as critical has been found in thautwarm vscode-diana 0.0.1. Affected is an unknown function of the file Gen.py of the component Jinja2 Template Handler. The manipulation leads to injection. Attacking locally is a…
- CVE-2025-3805MEDIUMCVSS 5.3EG 5.32025-04-19
A vulnerability classified as critical was found in sarrionandia tournatrack up to 4c13a23f43da5317eea4614870a7a8510fc540ec. Affected by this vulnerability is an unknown functionality of the file check_id.py of the component Jinja2 Templat…
- CVE-2025-3817MEDIUMCVSS 6.3EG 6.32025-04-19
A vulnerability, which was classified as critical, has been found in SourceCodester Online Eyewear Shop 1.0. This issue affects some unknown processing of the file /oews/classes/Master.php?f=delete_stock. The manipulation of the argument I…
- CVE-2025-3818MEDIUMCVSS 6.3EG 6.32025-04-19
A vulnerability, which was classified as critical, was found in webpy web.py 0.70. Affected is the function PostgresDB._process_insert_query of the file web/db.py. The manipulation of the argument seqname leads to sql injection. It is poss…
- CVE-2025-3819HIGHCVSS 7.3EG 7.32025-04-19
A vulnerability has been found in PHPGurukul Men Salon Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/search-appointment.php. The manipulation of the argument…
- CVE-2025-3827HIGHCVSS 7.3EG 7.32025-04-20
A vulnerability has been found in PHPGurukul Men Salon Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/forgot-password.php. The manipulation of the argument email leads to sql in…
- CVE-2025-3828HIGHCVSS 7.3EG 7.32025-04-20
A vulnerability was found in PHPGurukul Men Salon Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/view-appointment.php?viewid=11. The manipulation of the argument remark leads…
- CVE-2025-3829HIGHCVSS 7.3EG 7.32025-04-20
A vulnerability was found in PHPGurukul Men Salon Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/sales-reports-detail.php. The manipulation of the argument fromdate/todate lead…
- CVE-2025-3842MEDIUMCVSS 6.3EG 6.32025-04-21
A vulnerability was found in panhainan DS-Java 1.0 and classified as critical. This issue affects the function uploadUserPic.action of the file src/com/phn/action/FileUpload.java. The manipulation of the argument fileUpload leads to code i…
- CVE-2025-3846HIGHCVSS 7.3EG 7.32025-04-21
A vulnerability was found in markparticle WebServer up to 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file code/http/httprequest.cpp of the component Registration. The manipulation of the…
- CVE-2025-3847HIGHCVSS 7.3EG 7.32025-04-21
A vulnerability classified as critical has been found in markparticle WebServer up to 1.0. This affects an unknown part of the file code/http/httprequest.cpp of the component Login. The manipulation of the argument username/password leads …
- CVE-2025-3856MEDIUMCVSS 6.3EG 6.32025-04-22
A vulnerability was found in xxyopen Novel-Plus 5.1.0. It has been classified as critical. This affects the function searchByPage of the file /book/searchByPage. The manipulation of the argument sort leads to sql injection. It is possible …
- CVE-2025-3955MEDIUMCVSS 6.3EG 6.32025-04-27
A vulnerability, which was classified as critical, was found in codeprojects Patient Record Management System 1.0. This affects an unknown part of the file /edit_rpatient.php.php. The manipulation of the argument id/lastname leads to sql i…
- CVE-2025-3956MEDIUMCVSS 6.3EG 6.32025-04-27
A vulnerability has been found in 201206030 novel-cloud 1.4.0 and classified as critical. This vulnerability affects the function RestResp of the file novel-cloud-master/novel-book/novel-book-service/src/main/resources/mapper/BookInfoMappe…
- CVE-2025-3957MEDIUMCVSS 6.3EG 6.32025-04-27
A vulnerability was found in opplus springboot-admin 1.0 and classified as critical. This issue affects some unknown processing of the file \src\main\resources\mapper\sys\SysLogDao.xml. The manipulation of the argument order leads to sql i…
- CVE-2025-3968MEDIUMCVSS 6.3EG 6.32025-04-27
A vulnerability was found in codeprojects News Publishing Site Dashboard 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /api.php. The manipulation of the argument cat_id leads to sql injection. T…
- CVE-2025-3971HIGHCVSS 7.3EG 7.32025-04-27
A vulnerability classified as critical was found in PHPGurukul COVID19 Testing Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /add-phlebotomist.php. The manipulation of the argument empid lead…
- CVE-2025-3972HIGHCVSS 7.3EG 7.32025-04-27
A vulnerability, which was classified as critical, has been found in PHPGurukul COVID19 Testing Management System 1.0. Affected by this issue is some unknown functionality of the file /bwdates-report-result.php. The manipulation of the arg…
- CVE-2025-3973HIGHCVSS 7.3EG 7.32025-04-27
A vulnerability, which was classified as critical, was found in PHPGurukul COVID19 Testing Management System 1.0. This affects an unknown part of the file /check_availability.php. The manipulation of the argument mobnumber leads to sql inj…
- CVE-2025-3974HIGHCVSS 7.3EG 7.32025-04-27
A vulnerability has been found in PHPGurukul COVID19 Testing Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /edit-phlebotomist.php?pid=11. The manipulation of the argument mobilenumber…
- CVE-2025-3976HIGHCVSS 7.3EG 7.32025-04-27
A vulnerability was found in PHPGurukul COVID19 Testing Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /new-user-testing.php. The manipulation of the argument mobilenumber leads to sq…
- CVE-2025-3983MEDIUMCVSS 4.7EG 4.72025-04-27
A vulnerability has been found in AMTT Hotel Broadband Operation System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /manager/system/nlog_down.php. The manipulation of the argument …
- CVE-2025-3984MEDIUMCVSS 5.0EG 5.02025-04-27
A vulnerability was found in Apereo CAS 5.2.6 and classified as critical. Affected by this issue is the function saveService of the file cas-5.2.6\webapp-mgmt\cas-management-webapp-support\src\main\java\org\apereo\cas\mgmt\services\web\Reg…
- CVE-2025-3987MEDIUMCVSS 6.3EG 6.32025-04-27
A vulnerability was found in TOTOLINK N150RT 3.4.0-B20190525. It has been rated as critical. This issue affects some unknown processing of the file /boafrm/formWsc. The manipulation of the argument localPin leads to command injection. The …
- CVE-2025-3998HIGHCVSS 7.3EG 7.32025-04-28
A vulnerability classified as critical was found in CodeAstro Membership Management System 1.0. This vulnerability affects unknown code of the file renew.php?id=6. The manipulation of the argument ID leads to sql injection. The attack can …
- CVE-2025-4004HIGHCVSS 7.3EG 7.32025-04-28
A vulnerability was found in PHPGurukul COVID19 Testing Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /password-recovery.php. The manipulation of the argument username/contactn…
- CVE-2025-4005HIGHCVSS 7.3EG 7.32025-04-28
A vulnerability was found in PHPGurukul COVID19 Testing Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /patient-report.php. The manipulation of the argument searchdata leads to …
- CVE-2025-4013HIGHCVSS 7.3EG 7.32025-04-28
A vulnerability was found in PHPGurukul Art Gallery Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/aboutus.php. The manipulation of the argument pagetitle leads to sql injectio…
- CVE-2025-4014HIGHCVSS 7.3EG 7.32025-04-28
A vulnerability was found in PHPGurukul Art Gallery Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/manage-art-medium.php. The manipulation of the argum…
- CVE-2025-4020HIGHCVSS 7.3EG 7.32025-04-28
A vulnerability was found in PHPGurukul Old Age Home Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /contact.php. The manipulation of the argument fname leads to sql injec…
- CVE-2025-4021MEDIUMCVSS 6.3EG 6.32025-04-28
A vulnerability was found in code-projects Patient Record Management System 1.0. It has been classified as critical. This affects an unknown part of the file /edit_spatient.php. The manipulation of the argument ID leads to sql injection. I…
- CVE-2025-4022MEDIUMCVSS 6.3EG 6.32025-04-28
A vulnerability was found in web-arena-x webarena up to 0.2.0. It has been declared as critical. This vulnerability affects the function HTMLContentEvaluator of the file webarena/evaluation_harness/evaluators.py. The manipulation of the ar…
- CVE-2025-4023HIGHCVSS 7.3EG 7.32025-04-28
A vulnerability was found in itsourcecode Placement Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /add_company.php. The manipulation of the argument Name leads to sql injection…
Map vulnerabilities like CWE-74 to your infrastructure
EchelonGraph correlates every CVE — across CWE-74 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →