CWE-74— Improper Neutralization of Special Elements in Output Used by a Downstream Component (Injection)
The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.— MITRE CWE catalog
5,096 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-74page 60 of 102
- CVE-2025-47867HIGHCVSS 7.5EG 7.52025-06-17
A Local File Inclusion vulnerability in a Trend Micro Apex Central widget in versions below 8.0.6955 could allow an attacker to include arbitrary files to execute as PHP code and lead to remote code execution on affected installations.
- CVE-2025-4787MEDIUMCVSS 6.3EG 6.32025-05-16
A vulnerability classified as critical has been found in SourceCodester/oretnom23 Stock Management System 1.0. Affected is an unknown function of the file /admin/?page=sales/view_sale. The manipulation of the argument ID leads to sql injec…
- CVE-2025-4793HIGHCVSS 7.3EG 7.32025-05-16
A vulnerability was found in PHPGurukul Online Course Registration 3.1. It has been classified as critical. Affected is an unknown function of the file /edit-student-profile.php. The manipulation of the argument cgpa leads to sql injection…
- CVE-2025-4794HIGHCVSS 7.3EG 7.32025-05-16
A vulnerability was found in PHPGurukul Online Course Registration 3.1. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /news.php. The manipulation of the argument newstitle leads to…
- CVE-2025-47948HIGHCVSS 7.2EG 7.22025-05-17
Cocotais Bot is a QQ official robot framework based on qq-bot-sdk. Starting in version 1.5.0-test2-hotfix and prior to version 1.6.2, command echoing feature in the framework allows users to indirectly trigger privileged behavior by inject…
- CVE-2025-4795MEDIUMCVSS 4.7EG 4.72025-05-16
A vulnerability classified as critical has been found in gongfuxiang schoolcms 2.3.1. This affects the function SaveInfo of the file /index.php?m=Admin&c=article&a=SaveInfo. The manipulation of the argument ID leads to sql injection. It is…
- CVE-2025-48056MEDIUMCVSS 5.3EG 5.32025-05-20
Hubble is a fully distributed networking and security observability platform for cloud native workloads. Prior to version 1.17.2, a network attacker could inject malicious control characters into Hubble CLI terminal output, potentially lea…
- CVE-2025-4806MEDIUMCVSS 6.3EG 6.32025-05-16
A vulnerability, which was classified as critical, has been found in SourceCodester/oretnom23 Stock Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/?page=back_order/view_bo. The manipulation o…
- CVE-2025-4808MEDIUMCVSS 6.3EG 6.32025-05-16
A vulnerability was found in PHPGurukul Park Ticketing Management System 2.0 and classified as critical. This issue affects some unknown processing of the file /add-normal-ticket.php. The manipulation of the argument noadult/nochildren/apr…
- CVE-2025-4811HIGHCVSS 7.3EG 7.32025-05-16
A vulnerability was found in CodeAstro Pharmacy Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /index.php of the component Login. The manipulation of the argument User…
- CVE-2025-4812HIGHCVSS 7.3EG 7.32025-05-16
A vulnerability, which was classified as critical, has been found in PHPGurukul Human Metapneumovirus Testing Management System 1.0. This issue affects some unknown processing of the file /profile.php. The manipulation of the argument mobi…
- CVE-2025-4813HIGHCVSS 7.3EG 7.32025-05-16
A vulnerability, which was classified as critical, was found in PHPGurukul Human Metapneumovirus Testing Management System 1.0. Affected is an unknown function of the file /edit-phlebotomist.php. The manipulation of the argument mobilenumb…
- CVE-2025-4814HIGHCVSS 7.3EG 7.32025-05-17
A vulnerability has been found in Campcodes Sales and Inventory System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /pages/supplier_add.php. The manipulation of the argument Name le…
- CVE-2025-4815HIGHCVSS 7.3EG 7.32025-05-17
A vulnerability was found in Campcodes Sales and Inventory System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /pages/supplier_update.php. The manipulation of the argument Name leads to s…
- CVE-2025-4816HIGHCVSS 7.3EG 7.32025-05-17
A vulnerability was found in SourceCodester Doctor's Appointment System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/appointment.php of the component GET Parameter Handler. The manipulation of th…
- CVE-2025-4817HIGHCVSS 7.3EG 7.32025-05-17
A vulnerability was found in Sourcecodester Doctor's Appointment System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/delete-appointment.php of the component GET Parameter Handler. The ma…
- CVE-2025-4818HIGHCVSS 7.3EG 7.32025-05-17
A vulnerability was found in SourceCodester Doctor's Appointment System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/delete-doctor.php of the component GET Parameter Handler. The manipul…
- CVE-2025-4836HIGHCVSS 7.3EG 7.32025-05-17
A vulnerability was found in Projectworlds Life Insurance Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /deleteAgent.php. The manipulation of the argument agent_id le…
- CVE-2025-4837HIGHCVSS 7.3EG 7.32025-05-17
A vulnerability classified as critical has been found in projectworlds Student Project Allocation System 1.0. This affects an unknown part of the file /make_group_sql.php. The manipulation of the argument mem1/mem2/mem3 leads to sql inject…
- CVE-2025-4849MEDIUMCVSS 6.3EG 6.32025-05-18
A vulnerability was found in TOTOLINK N300RH 6.1c.1390_B20191101. It has been rated as critical. Affected by this issue is the function CloudACMunualUpdateUserdata of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument url lead…
- CVE-2025-4850MEDIUMCVSS 6.3EG 6.32025-05-18
A vulnerability classified as critical has been found in TOTOLINK N300RH 6.1c.1390_B20191101. This affects the function setUnloadUserData of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument plugin_name leads to command injec…
- CVE-2025-4851MEDIUMCVSS 6.3EG 6.32025-05-18
A vulnerability classified as critical was found in TOTOLINK N300RH 6.1c.1390_B20191101. This vulnerability affects the function setUploadUserData of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument FileName leads to command…
- CVE-2025-4861HIGHCVSS 7.3EG 7.32025-05-18
A vulnerability classified as critical was found in PHPGurukul Beauty Parlour Management System 1.1. Affected by this vulnerability is an unknown functionality of the file /admin/admin-profile.php. The manipulation of the argument contactn…
- CVE-2025-4863MEDIUMCVSS 6.3EG 6.32025-05-18
A vulnerability, which was classified as critical, was found in Advaya Softech GEMS ERP Portal 2.1. This affects an unknown part of the file /studentLogin/studentLogin.action. The manipulation of the argument userId leads to sql injection.…
- CVE-2025-4864HIGHCVSS 7.3EG 7.32025-05-18
A vulnerability has been found in itsourcecode Restaurant Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/finished.php. The manipulation of the argument ID leads to sql injection…
- CVE-2025-4865HIGHCVSS 7.3EG 7.32025-05-18
A vulnerability was found in itsourcecode Restaurant Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/member_save.php. The manipulation of the argument last leads to sql inject…
- CVE-2025-4866MEDIUMCVSS 6.3EG 6.32025-05-18
A vulnerability was found in weibocom rill-flow 0.1.18. It has been classified as critical. Affected is an unknown function of the component Management Console. The manipulation leads to code injection. It is possible to launch the attack …
- CVE-2025-4869HIGHCVSS 7.3EG 7.32025-05-18
A vulnerability classified as critical has been found in itsourcecode Restaurant Management System 1.0. This affects an unknown part of the file /admin/member_update.php. The manipulation of the argument menu leads to sql injection. It is …
- CVE-2025-4870HIGHCVSS 7.3EG 7.32025-05-18
A vulnerability classified as critical was found in itsourcecode Restaurant Management System 1.0. This vulnerability affects unknown code of the file /admin/menu_save.php. The manipulation of the argument menu leads to sql injection. The …
- CVE-2025-4873HIGHCVSS 7.3EG 7.32025-05-18
A vulnerability has been found in PHPGurukul News Portal 4.1 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/index.php of the component Login. The manipulation of the argument Usern…
- CVE-2025-4874HIGHCVSS 7.3EG 7.32025-05-18
A vulnerability was found in PHPGurukul News Portal Project 4.1 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/contactus.php. The manipulation of the argument pagetitle leads to sql inje…
- CVE-2025-4875HIGHCVSS 7.3EG 7.32025-05-18
A vulnerability was found in Campcodes Online Shopping Portal 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /forgot-password.php. The manipulation of the argument email leads to sql injection. T…
- CVE-2025-4880HIGHCVSS 7.3EG 7.32025-05-18
A vulnerability has been found in PHPGurukul News Portal 4.1 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/aboutus.php. The manipulation of the argument pagetitle leads to sql inj…
- CVE-2025-4881HIGHCVSS 7.3EG 7.32025-05-18
A vulnerability was found in itsourcecode Restaurant Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/user_save.php. The manipulation of the argument username/name le…
- CVE-2025-4882HIGHCVSS 7.3EG 7.32025-05-18
A vulnerability was found in itsourcecode Restaurant Management System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/team_update.php. The manipulation of the argument team leads to sql injection. …
- CVE-2025-4884HIGHCVSS 7.3EG 7.32025-05-18
A vulnerability was found in itsourcecode Restaurant Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/assign_save.php. The manipulation of the argument team leads to sql in…
- CVE-2025-4885HIGHCVSS 7.3EG 7.32025-05-18
A vulnerability classified as critical has been found in itsourcecode Sales and Inventory System 1.0. Affected is an unknown function of the file /pages/product_add.php. The manipulation of the argument serial leads to sql injection. It is…
- CVE-2025-4886HIGHCVSS 7.3EG 7.32025-05-18
A vulnerability classified as critical was found in itsourcecode Sales and Inventory System 1.0. Affected by this vulnerability is an unknown functionality of the file /pages/product_update.php. The manipulation of the argument serial lead…
- CVE-2025-4895HIGHCVSS 7.3EG 7.32025-05-18
A vulnerability, which was classified as critical, has been found in SourceCodester Doctors Appointment System 1.0. This issue affects some unknown processing of the file /admin/delete-session.php. The manipulation of the argument ID leads…
- CVE-2025-4899HIGHCVSS 7.3EG 7.32025-05-18
A vulnerability was found in Campcodes Sales and Inventory System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /pages/transaction_update.php. The manipulation of the argument ID leads to sql in…
- CVE-2025-4900HIGHCVSS 7.3EG 7.32025-05-18
A vulnerability classified as critical has been found in Campcodes Sales and Inventory System 1.0. Affected is an unknown function of the file /pages/payment.php. The manipulation of the argument cid leads to sql injection. It is possible …
- CVE-2025-4906HIGHCVSS 7.3EG 7.32025-05-19
A vulnerability was found in PHPGurukul Notice Board System 1.0. It has been classified as critical. Affected is an unknown function of the file /login.php. The manipulation of the argument Username leads to sql injection. It is possible t…
- CVE-2025-4907HIGHCVSS 7.3EG 7.32025-05-19
A vulnerability was found in PHPGurukul Daily Expense Tracker System 1.1. It has been rated as critical. Affected by this issue is some unknown functionality of the file /forgot-password.php. The manipulation of the argument email leads to…
- CVE-2025-4908HIGHCVSS 7.3EG 7.32025-05-19
A vulnerability classified as critical has been found in PHPGurukul Daily Expense Tracker System 1.1. This affects an unknown part of the file /expense-datewise-reports-detailed.php. The manipulation of the argument fromdate/todate leads t…
- CVE-2025-4910HIGHCVSS 7.3EG 7.32025-05-19
A vulnerability, which was classified as critical, has been found in PHPGurukul Zoo Management System 2.1. This issue affects some unknown processing of the file /admin/edit-animal-details.php. The manipulation of the argument aname leads …
- CVE-2025-4911HIGHCVSS 7.3EG 7.32025-05-19
A vulnerability, which was classified as critical, was found in PHPGurukul Zoo Management System 2.1. Affected is an unknown function of the file /admin/view-foreigner-ticket.php. The manipulation of the argument viewid leads to sql inject…
- CVE-2025-4913HIGHCVSS 7.3EG 7.32025-05-19
A vulnerability was found in PHPGurukul Auto Taxi Stand Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/index.php. The manipulation of the argument Username leads to…
- CVE-2025-4914HIGHCVSS 7.3EG 7.32025-05-19
A vulnerability was found in PHPGurukul Auto Taxi Stand Management System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/forgot-password.php. The manipulation of the argument email leads to sql inj…
- CVE-2025-4915HIGHCVSS 7.3EG 7.32025-05-19
A vulnerability was found in PHPGurukul Auto Taxi Stand Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/auto-taxi-entry-detail.php. The manipulation of the argument price …
- CVE-2025-4916HIGHCVSS 7.3EG 7.32025-05-19
A vulnerability was found in PHPGurukul Auto Taxi Stand Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/admin-profile.php. The manipulation of the argument mobilenumber le…
Map vulnerabilities like CWE-74 to your infrastructure
EchelonGraph correlates every CVE — across CWE-74 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →