CWE-74— Improper Neutralization of Special Elements in Output Used by a Downstream Component (Injection)
The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.— MITRE CWE catalog
5,095 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-74page 56 of 102
- CVE-2025-4024HIGHCVSS 7.3EG 7.32025-04-28
A vulnerability classified as critical has been found in itsourcecode Placement Management System 1.0. Affected is an unknown function of the file /add_drive.php. The manipulation of the argument drive_title leads to sql injection. It is p…
- CVE-2025-4025HIGHCVSS 7.3EG 7.32025-04-28
A vulnerability classified as critical was found in itsourcecode Placement Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /registration.php. The manipulation of the argument Name leads to sql …
- CVE-2025-4026HIGHCVSS 7.3EG 7.32025-04-28
A vulnerability, which was classified as critical, has been found in PHPGurukul Nipah Virus Testing Management System 1.0. This issue affects some unknown processing of the file /profile.php. The manipulation of the argument adminname/mobi…
- CVE-2025-4027HIGHCVSS 7.3EG 7.32025-04-28
A vulnerability, which was classified as critical, was found in PHPGurukul Old Age Home Management System 1.0. Affected is an unknown function of the file /admin/rules.php. The manipulation of the argument pagetitle leads to sql injection.…
- CVE-2025-4028HIGHCVSS 7.3EG 7.32025-04-28
A vulnerability has been found in PHPGurukul COVID19 Testing Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /profile.php. The manipulation of the argument mobilenumb…
- CVE-2025-4030HIGHCVSS 7.3EG 7.32025-04-28
A vulnerability was found in PHPGurukul COVID19 Testing Management System 1.0. It has been classified as critical. This affects an unknown part of the file /search-report-result.php. The manipulation of the argument serachdata leads to sql…
- CVE-2025-4031HIGHCVSS 7.3EG 7.32025-04-28
A vulnerability was found in PHPGurukul Pre-School Enrollment System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/aboutus.php. The manipulation of the argument pagetitle leads to sql inj…
- CVE-2025-4033HIGHCVSS 7.3EG 7.32025-04-28
A vulnerability classified as critical has been found in PHPGurukul Nipah Virus Testing Management System 1.0. Affected is an unknown function of the file /patient-search-report.php. The manipulation of the argument searchdata leads to sql…
- CVE-2025-4034HIGHCVSS 7.3EG 7.32025-04-28
A vulnerability classified as critical was found in projectworlds Online Examination System 1.0. Affected by this vulnerability is an unknown functionality of the file /inser_doc_process.php. The manipulation of the argument Doc_ID leads t…
- CVE-2025-4039HIGHCVSS 7.3EG 7.32025-04-28
A vulnerability was found in PHPGurukul Rail Pass Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/search-pass.php. The manipulation of the argument searchdata le…
- CVE-2025-4058HIGHCVSS 7.3EG 7.32025-04-29
A vulnerability classified as critical has been found in Projectworlds Online Examination System 1.0. This affects an unknown part of the file /Bloodgroop_process.php. The manipulation of the argument Pat_BloodGroup1 leads to sql injection…
- CVE-2025-4060HIGHCVSS 7.3EG 7.32025-04-29
A vulnerability, which was classified as critical, has been found in PHPGurukul Notice Board System 1.0. This issue affects some unknown processing of the file /category.php. The manipulation of the argument catname leads to sql injection.…
- CVE-2025-4070HIGHCVSS 7.3EG 7.32025-04-29
A vulnerability, which was classified as critical, was found in PHPGurukul Rail Pass Management System 1.0. This affects an unknown part of the file /admin/changeimage.php. The manipulation of the argument editid leads to sql injection. It…
- CVE-2025-4071HIGHCVSS 7.3EG 7.32025-04-29
A vulnerability has been found in PHPGurukul COVID19 Testing Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /test-details.php. The manipulation of the argument Status leads to sql inje…
- CVE-2025-40710LOWCVSS 2.3EG 2.32025-06-30
Host Header Injection (HHI) vulnerability in the Hotspot Shield VPN client, which can induce unexpected behaviour when accessing third-party web applications through the VPN tunnel. Although such applications do not present this vulnerabi…
- CVE-2025-4072MEDIUMCVSS 6.3EG 6.32025-04-29
A vulnerability was found in PHPGurukul Online Nurse Hiring System 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/edit-nurse.php. The manipulation leads to sql injection. The attack may be ini…
- CVE-2025-4073HIGHCVSS 7.3EG 7.32025-04-29
A vulnerability was found in PHPGurukul Student Record System 3.20. It has been classified as critical. Affected is an unknown function of the file /change-password.php. The manipulation of the argument currentpassword leads to sql injecti…
- CVE-2025-4074HIGHCVSS 7.3EG 7.32025-04-29
A vulnerability was found in PHPGurukul Curfew e-Pass Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/pass-bwdates-report.php. The manipulation of the a…
- CVE-2025-4076MEDIUMCVSS 6.3EG 6.32025-04-29
A vulnerability classified as critical has been found in LB-LINK BL-AC3600 up to 1.0.22. This affects the function easy_uci_set_option_string_0 of the file /cgi-bin/lighttpd.cgi of the component Password Handler. The manipulation of the ar…
- CVE-2025-4080MEDIUMCVSS 6.3EG 6.32025-04-29
A vulnerability has been found in PHPGurukul Online Nurse Hiring System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/view-request.php. The manipulation of the argument viewid…
- CVE-2025-4108HIGHCVSS 7.3EG 7.32025-04-30
A vulnerability, which was classified as critical, was found in PHPGurukul Student Record System 3.20. Affected is an unknown function of the file /add-subject.php. The manipulation of the argument sub1 leads to sql injection. It is possib…
- CVE-2025-41083MEDIUMCVSS 5.1EG 5.12026-01-26
Vulnerability in Altitude Authentication Service and Altitude Communication Server v8.5.3290.0 by Altitude, where manipulation of Host header in HTTP requests allows redirection to an arbitrary URL or modification of the base URL to trick …
- CVE-2025-4109MEDIUMCVSS 6.3EG 6.32025-04-30
A vulnerability has been found in PHPGurukul Pre-School Enrollment System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/edit-subadmin.php. The manipulation of the argument mob…
- CVE-2025-4110MEDIUMCVSS 6.3EG 6.32025-04-30
A vulnerability was found in PHPGurukul Pre-School Enrollment System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/edit-teacher.php. The manipulation of the argument mobilenumber le…
- CVE-2025-4111MEDIUMCVSS 6.3EG 6.32025-04-30
A vulnerability was found in PHPGurukul Pre-School Enrollment System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/visitor-details.php. The manipulation of the argument Status leads to sql injecti…
- CVE-2025-4112HIGHCVSS 7.3EG 7.32025-04-30
A vulnerability was found in PHPGurukul Student Record System 3.20. It has been declared as critical. This vulnerability affects unknown code of the file /add-course.php. The manipulation of the argument course-short leads to sql injection…
- CVE-2025-4113MEDIUMCVSS 6.3EG 6.32025-04-30
A vulnerability was found in PHPGurukul Curfew e-Pass Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/edit-pass-detail.php. The manipulation of the argument editid leads t…
- CVE-2025-4121MEDIUMCVSS 6.3EG 6.32025-04-30
A vulnerability was found in Netgear JWNR2000v2 1.0.0.11. It has been declared as critical. Affected by this vulnerability is the function cmd_wireless. The manipulation of the argument host leads to command injection. The attack can be la…
- CVE-2025-4122MEDIUMCVSS 6.3EG 6.32025-04-30
A vulnerability was found in Netgear JWNR2000v2 1.0.0.11. It has been rated as critical. Affected by this issue is the function sub_435E04. The manipulation of the argument host leads to command injection. The attack may be launched remote…
- CVE-2025-4135MEDIUMCVSS 6.3EG 6.32025-04-30
A vulnerability was found in Netgear WG302v2 up to 5.2.9 and classified as critical. Affected by this issue is the function ui_get_input_value. The manipulation of the argument host leads to command injection. The attack may be launched re…
- CVE-2025-4151HIGHCVSS 7.3EG 7.32025-05-01
A vulnerability was found in PHPGurukul Curfew e-Pass Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/pass-bwdates-reports-details.php. The manipulation of the argument fr…
- CVE-2025-4152HIGHCVSS 7.3EG 7.32025-05-01
A vulnerability classified as critical has been found in PHPGurukul Online Birth Certificate System 1.0. Affected is an unknown function of the file /admin/bwdates-reports-details.php. The manipulation of the argument fromdate leads to sql…
- CVE-2025-4153HIGHCVSS 7.3EG 7.32025-05-01
A vulnerability classified as critical was found in PHPGurukul Park Ticketing Management System 2.0. Affected by this vulnerability is an unknown functionality of the file /profile.php. The manipulation of the argument adminname leads to s…
- CVE-2025-4154MEDIUMCVSS 6.3EG 6.32025-05-01
A vulnerability, which was classified as critical, has been found in PHPGurukul Pre-School Enrollment System 1.0. Affected by this issue is some unknown functionality of the file /admin/enrollment-details.php. The manipulation of the argum…
- CVE-2025-4155MEDIUMCVSS 6.3EG 6.32025-05-01
A vulnerability, which was classified as critical, was found in PHPGurukul Boat Booking System 1.0. This affects an unknown part of the file /admin/edit-boat.php. The manipulation of the argument bid leads to sql injection. It is possible …
- CVE-2025-4156MEDIUMCVSS 6.3EG 6.32025-05-01
A vulnerability has been found in PHPGurukul Boat Booking System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/change-image.php. The manipulation of the argument ID leads to sql injection. The a…
- CVE-2025-4157MEDIUMCVSS 6.3EG 6.32025-05-01
A vulnerability was found in PHPGurukul Boat Booking System 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/booking-details.php. The manipulation of the argument Status leads to sql injection. …
- CVE-2025-4163MEDIUMCVSS 6.3EG 6.32025-05-01
A vulnerability, which was classified as critical, has been found in PHPGurukul Land Record System 1.0. This issue affects some unknown processing of the file /admin/aboutus.php. The manipulation of the argument pagetitle leads to sql inje…
- CVE-2025-4164HIGHCVSS 7.3EG 7.32025-05-01
A vulnerability, which was classified as critical, was found in PHPGurukul Employee Record Management System 1.3. Affected is an unknown function of the file changepassword.php. The manipulation of the argument currentpassword leads to sql…
- CVE-2025-4173MEDIUMCVSS 6.3EG 6.32025-05-01
A vulnerability classified as critical was found in SourceCodester Online Eyewear Shop 1.0. Affected by this vulnerability is the function delete_cart of the file /oews/classes/Master.php?f=delete_cart. The manipulation of the argument ID …
- CVE-2025-4174HIGHCVSS 7.3EG 7.32025-05-01
A vulnerability, which was classified as critical, has been found in PHPGurukul COVID19 Testing Management System 1.0. Affected by this issue is some unknown functionality of the file /login.php. The manipulation of the argument Username l…
- CVE-2025-4176HIGHCVSS 7.3EG 7.32025-05-01
A vulnerability has been found in PHPGurukul Blood Bank & Donor Management System 2.4 and classified as critical. This vulnerability affects unknown code of the file /admin/request-received-bydonar.php. The manipulation of the argument sea…
- CVE-2025-4191HIGHCVSS 7.3EG 7.32025-05-02
A vulnerability has been found in PHPGurukul Employee Record Management System 1.3 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /editmyeducation.php. The manipulation of the argument co…
- CVE-2025-4192HIGHCVSS 7.3EG 7.32025-05-02
A vulnerability was found in itsourcecode Restaurant Management System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/category_save.php. The manipulation of the argument Category leads to sql injec…
- CVE-2025-4193HIGHCVSS 7.3EG 7.32025-05-02
A vulnerability was found in itsourcecode Restaurant Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/category_update.php. The manipulation of the argument Category l…
- CVE-2025-4195HIGHCVSS 7.3EG 7.32025-05-02
A vulnerability was found in itsourcecode Gym Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /ajax.php?action=save_member. The manipulation of the argument umember_id leads to s…
- CVE-2025-4196MEDIUMCVSS 6.3EG 6.32025-05-02
A vulnerability was found in SourceCodester Patient Record Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /birthing.php. The manipulation of the argument comp_id leads to sql in…
- CVE-2025-4197MEDIUMCVSS 6.3EG 6.32025-05-02
A vulnerability classified as critical has been found in code-projects Patient Record Management System 1.0. Affected is an unknown function of the file /edit_xpatient.php. The manipulation of the argument lastname leads to sql injection. …
- CVE-2025-4213HIGHCVSS 7.3EG 7.32025-05-02
A vulnerability has been found in PHPGurukul Online Birth Certificate System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/search.php. The manipulation of the argument searchdata leads to sql in…
- CVE-2025-4214HIGHCVSS 7.3EG 7.32025-05-02
A vulnerability was found in PHPGuruku Online DJ Booking Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/booking-bwdates-reports-details.php. The manipulation of the argument …
Map vulnerabilities like CWE-74 to your infrastructure
EchelonGraph correlates every CVE — across CWE-74 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →