CWE-74— Improper Neutralization of Special Elements in Output Used by a Downstream Component (Injection)
The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.— MITRE CWE catalog
5,095 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-74page 58 of 102
- CVE-2025-4453MEDIUMCVSS 6.3EG 6.32025-05-09
A vulnerability was found in D-Link DIR-619L 2.04B04. It has been classified as critical. This affects the function formSysCmd. The manipulation of the argument sysCmd leads to command injection. It is possible to initiate the attack remot…
- CVE-2025-4454MEDIUMCVSS 6.3EG 6.32025-05-09
A vulnerability was found in D-Link DIR-619L 2.04B04. It has been declared as critical. This vulnerability affects the function wake_on_lan. The manipulation of the argument mac leads to command injection. The attack can be initiated remot…
- CVE-2025-4456HIGHCVSS 7.3EG 7.32025-05-09
A vulnerability classified as critical has been found in Project Worlds Car Rental Project 1.0. Affected is an unknown function of the file /signup.php. The manipulation of the argument fname leads to sql injection. It is possible to launc…
- CVE-2025-4457HIGHCVSS 7.3EG 7.32025-05-09
A vulnerability classified as critical was found in Project Worlds Car Rental Project 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/approve.php. The manipulation of the argument ID leads to sql injectio…
- CVE-2025-4458MEDIUMCVSS 6.3EG 6.32025-05-09
A vulnerability was found in code-projects Patient Record Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /edit_upatient.php. The manipulation of the argument …
- CVE-2025-4459MEDIUMCVSS 6.3EG 6.32025-05-09
A vulnerability was found in code-projects Patient Record Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file fecalysis_form.php. The manipulation of the argument itr_no le…
- CVE-2025-4463HIGHCVSS 7.3EG 7.32025-05-09
A vulnerability, which was classified as critical, was found in itsourcecode Gym Management System 1.0. Affected is an unknown function of the file /ajax.php?action=save_package. The manipulation of the argument ID leads to sql injection. …
- CVE-2025-4464HIGHCVSS 7.3EG 7.32025-05-09
A vulnerability has been found in itsourcecode Gym Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /ajax.php?action=save_plan. The manipulation of the argument plan l…
- CVE-2025-4465HIGHCVSS 7.3EG 7.32025-05-09
A vulnerability was found in itsourcecode Gym Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /ajax.php?action=save_schedule. The manipulation of the argument member_id lea…
- CVE-2025-4466HIGHCVSS 7.3EG 7.32025-05-09
A vulnerability was found in itsourcecode Gym Management System 1.0. It has been classified as critical. This affects an unknown part of the file /ajax.php?action=save_payment. The manipulation of the argument registration_id leads to sql …
- CVE-2025-4467HIGHCVSS 7.3EG 7.32025-05-09
A vulnerability was found in SourceCodester Online Student Clearance System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/edit-admin.php. The manipulation of the argument id/txtfullname/t…
- CVE-2025-4481HIGHCVSS 7.3EG 7.32025-05-09
A vulnerability was found in SourceCodester Apartment Visitor Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /search-result.php. The manipulation of the argument searchdata lead…
- CVE-2025-4482HIGHCVSS 7.3EG 7.32025-05-09
A vulnerability classified as critical was found in Project Worlds Student Project Allocation System 1.0. Affected by this vulnerability is an unknown functionality of the file /change_pass/forgot_password_sql.php. The manipulation of the …
- CVE-2025-4483HIGHCVSS 7.3EG 7.32025-05-09
A vulnerability, which was classified as critical, has been found in itsourcecode Gym Management System 1.0. Affected by this issue is some unknown functionality of the file /view_pdetails.php. The manipulation of the argument ID leads to …
- CVE-2025-4484HIGHCVSS 7.3EG 7.32025-05-09
A vulnerability, which was classified as critical, was found in itsourcecode Gym Management System 1.0. This affects an unknown part of the file /ajax.php?action=delete_user. The manipulation of the argument ID leads to sql injection. It i…
- CVE-2025-4485HIGHCVSS 7.3EG 7.32025-05-09
A vulnerability has been found in itsourcecode Gym Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /ajax.php?action=delete_trainer. The manipulation of the argument ID leads to sql inje…
- CVE-2025-4486HIGHCVSS 7.3EG 7.32025-05-09
A vulnerability was found in itsourcecode Gym Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /ajax.php?action=delete_plan. The manipulation of the argument ID leads to sql injection…
- CVE-2025-4487HIGHCVSS 7.3EG 7.32025-05-09
A vulnerability was found in itsourcecode Gym Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /ajax.php?action=delete_member. The manipulation of the argument ID leads to sql injection…
- CVE-2025-4488HIGHCVSS 7.3EG 7.32025-05-09
A vulnerability was found in itsourcecode Gym Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /ajax.php?action=delete_package. The manipulation of the argument…
- CVE-2025-4489HIGHCVSS 7.3EG 7.32025-05-09
A vulnerability was found in Campcodes Online Food Ordering System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /routers/user-router.php. The manipulation of the argument t1_verified …
- CVE-2025-4490HIGHCVSS 7.3EG 7.32025-05-09
A vulnerability classified as critical has been found in Campcodes Online Food Ordering System 1.0. This affects an unknown part of the file /view-ticket-admin.php. The manipulation of the argument ID leads to sql injection. It is possible…
- CVE-2025-4491HIGHCVSS 7.3EG 7.32025-05-09
A vulnerability classified as critical was found in Campcodes Online Food Ordering System 1.0. This vulnerability affects unknown code of the file /routers/ticket-status.php. The manipulation of the argument ticket_id leads to sql injectio…
- CVE-2025-4492HIGHCVSS 7.3EG 7.32025-05-09
A vulnerability, which was classified as critical, has been found in Campcodes Online Food Ordering System 1.0. This issue affects some unknown processing of the file /routers/ticket-message.php. The manipulation of the argument ticket_id …
- CVE-2025-4502HIGHCVSS 7.3EG 7.32025-05-10
A vulnerability has been found in Campcodes Sales and Inventory System 1.0 and classified as critical. This vulnerability affects unknown code of the file /pages/creditor_add.php. The manipulation leads to sql injection. The attack can be …
- CVE-2025-4503HIGHCVSS 7.3EG 7.32025-05-10
A vulnerability was found in Campcodes Sales and Inventory System 1.0 and classified as critical. This issue affects some unknown processing of the file /pages/customer_update.php. The manipulation of the argument ID leads to sql injection…
- CVE-2025-4504HIGHCVSS 7.3EG 7.32025-05-10
A vulnerability was found in SourceCodester Online College Library System 1.0. It has been classified as critical. Affected is an unknown function of the file /index.php. The manipulation of the argument Category leads to sql injection. It…
- CVE-2025-4505HIGHCVSS 7.3EG 7.32025-05-10
A vulnerability was found in PHPGurukul Apartment Visitors Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /category.php. The manipulation of the argument cate…
- CVE-2025-4506HIGHCVSS 7.3EG 7.32025-05-10
A vulnerability was found in Campcodes Online Food Ordering System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /routers/menu-router.php. The manipulation of the argument 1_price lead…
- CVE-2025-4507HIGHCVSS 7.3EG 7.32025-05-10
A vulnerability classified as critical has been found in Campcodes Online Food Ordering System 1.0. This affects an unknown part of the file /routers/add-item.php. The manipulation of the argument price leads to sql injection. It is possib…
- CVE-2025-4508HIGHCVSS 7.3EG 7.32025-05-10
A vulnerability classified as critical was found in PHPGurukul e-Diary Management System 1.0. This vulnerability affects unknown code of the file /my-profile.php. The manipulation of the argument fname leads to sql injection. The attack ca…
- CVE-2025-4509HIGHCVSS 7.3EG 7.32025-05-10
A vulnerability, which was classified as critical, has been found in PHPGurukul e-Diary Management System 1.0. This issue affects some unknown processing of the file /manage-notes.php. The manipulation of the argument ID leads to sql injec…
- CVE-2025-4510MEDIUMCVSS 6.3EG 6.32025-05-10
A vulnerability was found in Changjietong UFIDA CRM 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /optnty/optntyday.php. The manipulation of the argument gblOrgID leads to sql injection. The att…
- CVE-2025-4514MEDIUMCVSS 6.3EG 6.32025-05-10
A vulnerability, which was classified as critical, has been found in Zhengzhou Jiuhua Electronic Technology mayicms up to 5.8E. Affected by this issue is some unknown functionality of the file /javascript.php. The manipulation of the argum…
- CVE-2025-4531MEDIUMCVSS 6.3EG 6.32025-05-11
A vulnerability was found in Seeyon Zhiyuan OA Web Application System 8.1 SP2. It has been rated as critical. Affected by this issue is the function postData of the file ROOT\WEB-INF\classes\com\ours\www\ehr\salary\service\data\EhrSalaryPa…
- CVE-2025-4541MEDIUMCVSS 6.3EG 6.32025-05-11
A vulnerability classified as critical has been found in LmxCMS 1.41. Affected is the function manageZt of the file c\admin\ZtAction.class.php of the component POST Request Handler. The manipulation of the argument sortid leads to sql inje…
- CVE-2025-4543HIGHCVSS 7.3EG 7.32025-05-11
A vulnerability, which was classified as critical, was found in LyLme Spage 2.1. This affects an unknown part of the file lylme_spage/blob/master/admin/ajax_link.php. The manipulation of the argument sort leads to sql injection. It is poss…
- CVE-2025-4546MEDIUMCVSS 4.7EG 4.72025-05-11
A vulnerability was found in 1Panel-dev MaxKB up to 1.10.7. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Knowledge Base Module. The manipulation leads to csv injection. The a…
- CVE-2025-4548HIGHCVSS 7.3EG 7.32025-05-11
A vulnerability classified as critical has been found in Campcodes Online Food Ordering System 1.0. This affects an unknown part of the file /routers/router.php. The manipulation of the argument Username leads to sql injection. It is possi…
- CVE-2025-4549HIGHCVSS 7.3EG 7.32025-05-11
A vulnerability classified as critical was found in Campcodes Online Food Ordering System 1.0. This vulnerability affects unknown code of the file /routers/register-router.php. The manipulation of the argument Name leads to sql injection. …
- CVE-2025-4550HIGHCVSS 7.3EG 7.32025-05-11
A vulnerability, which was classified as critical, has been found in PHPGurukul Apartment Visitors Management System 1.0. This issue affects some unknown processing of the file /admin/pass-details.php. The manipulation of the argument pid …
- CVE-2025-4553HIGHCVSS 7.3EG 7.32025-05-12
A vulnerability was found in PHPGurukul Apartment Visitors Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/bwdates-reports-details.php. The manipulation of the argum…
- CVE-2025-4554HIGHCVSS 7.3EG 7.32025-05-12
A vulnerability was found in PHPGurukul Apartment Visitors Management System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/bwdates-passreports-details.php. The manipulation of the argument fromdat…
- CVE-2025-46786MEDIUMCVSS 4.3EG 4.32025-05-14
Cross-site scripting in some Zoom Workplace Apps may allow an authenticated user to impact app integrity via network access.
- CVE-2025-46814LOWCVSS 3.4EG 3.42025-05-06
FastAPI Guard is a security library for FastAPI that provides middleware to control IPs, log requests, and detect penetration attempts. An HTTP header injection vulnerability has been identified in versions prior to 2.0.0. By manipulating …
- CVE-2025-4695MEDIUMCVSS 6.3EG 6.32025-05-15
A vulnerability was found in PHPGurukul/Campcodes Cyber Cafe Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /add-users.php. The manipulation of the argument uadd leads to sql injectio…
- CVE-2025-4696MEDIUMCVSS 6.3EG 6.32025-05-15
A vulnerability was found in PHPGurukul/Campcodes Cyber Cafe Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /search.php. The manipulation of the argument sear…
- CVE-2025-4697HIGHCVSS 7.3EG 7.32025-05-15
A vulnerability was found in PHPGurukul Directory Management System 2.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/edit-directory.php. The manipulation of the argument editid lea…
- CVE-2025-4698HIGHCVSS 7.3EG 7.32025-05-15
A vulnerability classified as critical has been found in PHPGurukul Directory Management System 2.0. This affects an unknown part of the file /admin/forget-password.php. The manipulation of the argument email leads to sql injection. It is …
- CVE-2025-4699HIGHCVSS 7.3EG 7.32025-05-15
A vulnerability classified as critical was found in PHPGurukul Apartment Visitors Management System 1.0. This vulnerability affects unknown code of the file /admin/visitors-form.php. The manipulation of the argument Category leads to sql i…
- CVE-2025-4702HIGHCVSS 7.3EG 7.32025-05-15
A vulnerability, which was classified as critical, was found in PHPGurukul Vehicle Parking Management System 1.13. Affected is an unknown function of the file /admin/add-category.php. The manipulation of the argument catename leads to sql …
Map vulnerabilities like CWE-74 to your infrastructure
EchelonGraph correlates every CVE — across CWE-74 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →