CWE-74— Improper Neutralization of Special Elements in Output Used by a Downstream Component (Injection)
The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.— MITRE CWE catalog
5,096 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-74page 61 of 102
- CVE-2025-4917HIGHCVSS 7.3EG 7.32025-05-19
A vulnerability classified as critical has been found in PHPGurukul Auto Taxi Stand Management System 1.0. Affected is an unknown function of the file /admin/new-autoortaxi-entry-form.php. The manipulation of the argument drivername leads …
- CVE-2025-4924HIGHCVSS 7.3EG 7.32025-05-19
A vulnerability, which was classified as critical, was found in SourceCodester Client Database Management System 1.0. Affected is an unknown function of the file /user_void_transaction.php. The manipulation of the argument order_id leads t…
- CVE-2025-4925HIGHCVSS 7.3EG 7.32025-05-19
A vulnerability has been found in PHPGurukul Daily Expense Tracker System 1.1 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /expense-monthwise-reports-detailed.php. The manipulation of t…
- CVE-2025-4927HIGHCVSS 7.3EG 7.32025-05-19
A vulnerability was found in PHPGurukul Online Marriage Registration System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/between-dates-application-report.php. The manipulation of the argument fro…
- CVE-2025-4928HIGHCVSS 7.3EG 7.32025-05-19
A vulnerability was found in projectworlds Online Lawyer Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /save_lawyer_edit_profile.php. The manipulation leads to sql injection. T…
- CVE-2025-4929HIGHCVSS 7.3EG 7.32025-05-19
A vulnerability was found in Campcodes Online Shopping Portal 1.0. It has been rated as critical. This issue affects some unknown processing of the file /my-account.php. The manipulation of the argument Name leads to sql injection. The att…
- CVE-2025-4930HIGHCVSS 7.3EG 7.32025-05-19
A vulnerability classified as critical has been found in Campcodes Online Shopping Portal 1.0. Affected is an unknown function of the file /my-cart.php. The manipulation of the argument billingaddress leads to sql injection. It is possible…
- CVE-2025-4931HIGHCVSS 7.3EG 7.32025-05-19
A vulnerability classified as critical was found in projectworlds Online Lawyer Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /user_registation.php. The manipulation of the argument email lea…
- CVE-2025-4932HIGHCVSS 7.3EG 7.32025-05-19
A vulnerability, which was classified as critical, has been found in projectworlds Online Lawyer Management System 1.0. Affected by this issue is some unknown functionality of the file /lawyer_registation.php. The manipulation of the argum…
- CVE-2025-4933MEDIUMCVSS 6.3EG 6.32025-05-19
A vulnerability, which was classified as critical, was found in ponaravindb Hospital-Management-System 1.0. This affects an unknown part of the file /doctor-panel.php. The manipulation of the argument ID leads to sql injection. It is possi…
- CVE-2025-4934HIGHCVSS 7.3EG 7.32025-05-19
A vulnerability has been found in PHPGurukul User Registration & Login and User Management System 3.3 and classified as critical. This vulnerability affects unknown code of the file /edit-profile.php. The manipulation of the argument Conta…
- CVE-2025-4935HIGHCVSS 7.3EG 7.32025-05-19
A vulnerability was found in SourceCodester Stock Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /php_action/changePassword.php. The manipulation of the argument user_id leads to sq…
- CVE-2025-4936HIGHCVSS 7.3EG 7.32025-05-19
A vulnerability was found in projectworlds Online Food Ordering System 1.0. It has been classified as critical. Affected is an unknown function of the file /admin-page.php. The manipulation of the argument 1_price leads to sql injection. I…
- CVE-2025-4937HIGHCVSS 7.3EG 7.32025-05-19
A vulnerability was found in SourceCodester Apartment Visitor Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /profile.php. The manipulation of the argument mo…
- CVE-2025-4938MEDIUMCVSS 6.3EG 6.32025-05-19
A vulnerability was found in PHPGurukul Employee Record Management System 1.3. It has been rated as critical. Affected by this issue is some unknown functionality of the file /registererms.php. The manipulation of the argument Email leads …
- CVE-2025-4940HIGHCVSS 7.3EG 7.32025-05-19
A vulnerability, which was classified as critical, has been found in 1000 Projects Daily College Class Work Report Book 1.0. This issue affects some unknown processing of the file /admin_info.php. The manipulation of the argument batch lea…
- CVE-2025-4941HIGHCVSS 7.3EG 7.32025-05-19
A vulnerability, which was classified as critical, was found in PHPGurukul Credit Card Application Management System 1.0. Affected is an unknown function of the file /admin/index.php. The manipulation of the argument Username leads to sql …
- CVE-2025-4999MEDIUMCVSS 6.3EG 6.32025-05-20
A vulnerability was found in Linksys FGW3000-AH and FGW3000-HK up to 1.0.17.000000 and classified as critical. Affected by this issue is the function sub_4153FC of the file /cgi-bin/sysconf.cgi of the component HTTP POST Request Handler. T…
- CVE-2025-5000CRITICALCVSS 9.8EG 6.32025-05-20
A vulnerability was found in Linksys FGW3000-AH and FGW3000-HK up to 1.0.17.000000. It has been classified as critical. This affects the function control_panel_sw of the file /cgi-bin/sysconf.cgi of the component HTTP POST Request Handler.…
- CVE-2025-5002CRITICALCVSS 9.8EG 7.32025-05-20
A vulnerability, which was classified as critical, was found in SourceCodester Client Database Management System 1.0. This affects an unknown part of the file /user_proposal_update_order.php. The manipulation of the argument order_id leads…
- CVE-2025-5003CRITICALCVSS 9.8EG 7.32025-05-20
A vulnerability has been found in projectworlds Online Time Table Generator 1.0 and classified as critical. This vulnerability affects unknown code of the file /semester_ajax.php. The manipulation of the argument ID leads to sql injection.…
- CVE-2025-5004CRITICALCVSS 9.8EG 7.32025-05-20
A vulnerability was found in projectworlds Online Time Table Generator 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/add_course.php. The manipulation of the argument c/subname leads to sql in…
- CVE-2025-5006CRITICALCVSS 9.8EG 7.32025-05-20
A vulnerability was found in Campcodes Online Shopping Portal 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/category.php. The manipulation of the argument Category leads to sql injection. It is…
- CVE-2025-5008CRITICALCVSS 9.8EG 7.32025-05-20
A vulnerability was found in projectworlds Online Time Table Generator 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/add_teacher.php. The manipulation of the argument e leads to…
- CVE-2025-5032CRITICALCVSS 9.8EG 7.32025-05-21
A vulnerability classified as critical has been found in Campcodes Online Shopping Portal 1.0. Affected is an unknown function of the file /admin/edit-category.php. The manipulation of the argument Category leads to sql injection. It is po…
- CVE-2025-5056CRITICALCVSS 9.8EG 7.32025-05-21
A vulnerability was found in Campcodes Online Shopping Portal 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/edit-products.php. The manipulation of the argument Category…
- CVE-2025-5057CRITICALCVSS 9.8EG 7.32025-05-21
A vulnerability was found in Campcodes Online Shopping Portal 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/insert-product.php. The manipulation of the argument Category leads t…
- CVE-2025-50578CRITICALCVSS 9.8EG 9.82025-07-30
LinuxServer.io heimdall 2.6.3-ls307 contains a vulnerability in how it handles user-supplied HTTP headers, specifically `X-Forwarded-Host` and `Referer`. An unauthenticated remote attacker can manipulate these headers to perform Host Heade…
- CVE-2025-5077CRITICALCVSS 9.8EG 7.32025-05-22
A vulnerability was found in Campcodes Online Shopping Portal 1.0. It has been classified as critical. This affects an unknown part of the file /admin/edit-subcategory.php. The manipulation of the argument Category leads to sql injection. …
- CVE-2025-5078CRITICALCVSS 9.8EG 7.32025-05-22
A vulnerability was detected in PHPGurukul/Campcodes Online Shopping Portal 1.0. Affected is an unknown function of the file /admin/subcategory.php. Performing manipulation of the argument Category results in sql injection. The attack is p…
- CVE-2025-5079CRITICALCVSS 9.8EG 7.32025-05-22
A flaw has been found in PHPGurukul/Campcodes Online Shopping Portal 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/updateorder.php. Executing manipulation of the argument remark can lead to sql injectio…
- CVE-2025-5081CRITICALCVSS 9.8EG 7.32025-05-22
A vulnerability classified as critical was found in Campcodes Cybercafe Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /adminprofile.php. The manipulation of the argument mobilenumber leads to…
- CVE-2025-5107CRITICALCVSS 9.8EG 6.32025-05-23
A vulnerability was found in Fujian Kelixun 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /app/xml_cdr/xml_cdr_details.php. The manipulation of the argument uuid leads to sql injection. The atta…
- CVE-2025-5119CRITICALCVSS 9.8EG 7.32025-05-23
A vulnerability has been found in Emlog Pro 2.5.11 and classified as critical. This vulnerability affects unknown code of the file /include/controller/api_controller.php. The manipulation of the argument tag leads to sql injection. The att…
- CVE-2025-5126HIGHCVSS 8.8EG 8.82025-05-24
A vulnerability was found in Teledyne FLIR AX8 up to 1.46.16. This vulnerability affects the function setDataTime of the file \usr\www\application\models\settingsregional.php. Performing manipulation of the argument year/month/day/hour/min…
- CVE-2025-5128CRITICALCVSS 9.8EG 7.32025-05-24
A vulnerability, which was classified as critical, was found in ScriptAndTools Real-Estate-website-in-PHP 1.0. Affected is an unknown function of the file /admin/ of the component Admin Login Panel. The manipulation of the argument Passwor…
- CVE-2025-5137HIGHCVSS 7.2EG 4.72025-05-25
A vulnerability was found in DedeCMS 5.7.117. It has been classified as critical. Affected is an unknown function of the file dede/sys_verifies.php?action=getfiles of the component Incomplete Fix CVE-2018-9175. The manipulation of the argu…
- CVE-2025-5139HIGHCVSS 8.1EG 7.32025-05-25
A vulnerability was found in Qualitor 8.20/8.24. It has been rated as critical. Affected by this issue is some unknown functionality of the file /html/ad/adconexaooffice365/request/testaConexaoOffice365.php of the component Office 365-type…
- CVE-2025-5145MEDIUMCVSS 6.3EG 6.32025-05-25
A vulnerability, which was classified as critical, was found in Netcore NBR1005GPEV2, B6V2, COVER5, NAP830, NAP930, NBR100V2, NBR200V2 and POWER13 up to 20250508. This affects an unknown part of the file /www/cgi-bin/ of the component Quer…
- CVE-2025-5146MEDIUMCVSS 6.3EG 6.32025-05-25
A vulnerability has been found in Netcore NBR1005GPEV2, B6V2, COVER5, NAP830, NAP930, NBR100V2 and NBR200V2 up to 20250508 and classified as critical. This vulnerability affects the function passwd_set of the file /usr/bin/routerd of the c…
- CVE-2025-5147MEDIUMCVSS 6.3EG 6.32025-05-25
A vulnerability was found in Netcore NBR1005GPEV2, NBR200V2 and B6V2 up to 20250508 and classified as critical. This issue affects the function tools_ping of the file /usr/bin/network_tools. The manipulation of the argument url leads to co…
- CVE-2025-5151HIGHCVSS 7.8EG 5.32025-05-25
A vulnerability classified as critical has been found in defog-ai introspect up to 0.1.4. This affects the function execute_analysis_code_safely of the file introspect/backend/tools/analysis_tools.py. The manipulation of the argument code …
- CVE-2025-5152HIGHCVSS 7.5EG 6.32025-05-25
A vulnerability classified as critical was found in Chanjet CRM up to 20250510. This vulnerability affects unknown code of the file /activity/newActivityedit.php?DontCheckLogin=1&id=null&ret=mod1. The manipulation of the argument gblOrgID …
- CVE-2025-5155HIGHCVSS 8.8EG 6.32025-05-25
A vulnerability has been found in qianfox FoxCMS 1.2.5 and classified as critical. Affected by this vulnerability is the function batchCope of the file app/admin/controller/Article.php. The manipulation of the argument ids leads to sql inj…
- CVE-2025-5170CRITICALCVSS 9.8EG 6.32025-05-26
A vulnerability classified as critical was found in llisoft MTA Maita Training System 4.5. This vulnerability affects the function AdminShitiListRequestVo of the file com\llisoft\controller\admin\shiti\AdminShitiController.java. The manipu…
- CVE-2025-5172CRITICALCVSS 9.8EG 7.32025-05-26
A vulnerability, which was classified as critical, was found in Econtrata up to 20250516. Affected is an unknown function of the file /valida. The manipulation of the argument usuario leads to sql injection. It is possible to launch the at…
- CVE-2025-5176CRITICALCVSS 9.1EG 7.32025-05-26
A vulnerability was found in Realce Tecnologia Queue Ticket Kiosk up to 20250517. It has been declared as critical. This vulnerability affects unknown code of the file /adm/index.php of the component Admin Login Page. The manipulation of t…
- CVE-2025-5205CRITICALCVSS 9.8EG 7.32025-05-26
A vulnerability classified as critical has been found in 1000 Projects Daily College Class Work Report Book 1.0. Affected is an unknown function of the file /dcwr_entry.php. The manipulation of the argument Date leads to sql injection. It …
- CVE-2025-5206CRITICALCVSS 9.8EG 4.72025-05-26
A vulnerability classified as critical was found in Pixelimity 1.0. Affected by this vulnerability is an unknown functionality of the file /install/index.php of the component Installation. The manipulation of the argument site_description …
- CVE-2025-5207CRITICALCVSS 9.8EG 4.72025-05-26
A vulnerability, which was classified as critical, has been found in SourceCodester Client Database Management System 1.0. Affected by this issue is some unknown functionality of the file /superadmin_update_profile.php. The manipulation of…
Map vulnerabilities like CWE-74 to your infrastructure
EchelonGraph correlates every CVE — across CWE-74 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →