CWE-74— Improper Neutralization of Special Elements in Output Used by a Downstream Component (Injection)
The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.— MITRE CWE catalog
5,096 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-74page 65 of 102
- CVE-2025-5782MEDIUMCVSS 6.3EG 6.32025-06-06
A vulnerability, which was classified as critical, has been found in PHPGurukul Employee Record Management System 1.3. Affected by this issue is some unknown functionality of the file /resetpassword.php. The manipulation of the argument ne…
- CVE-2025-5783MEDIUMCVSS 6.3EG 6.32025-06-06
A vulnerability, which was classified as critical, was found in PHPGurukul Employee Record Management System 1.3. This affects an unknown part of the file /editmyexp.php. The manipulation of the argument emp3workduration leads to sql injec…
- CVE-2025-5784HIGHCVSS 8.8EG 6.32025-06-06
A vulnerability has been found in PHPGurukul Employee Record Management System 1.3 and classified as critical. This vulnerability affects unknown code of the file /myexp.php. The manipulation of the argument emp3ctc leads to sql injection.…
- CVE-2025-58046CRITICALCVSS 9.8EG 9.82025-09-15
Dataease is an open-source data visualization and analysis platform. In versions up to and including 2.10.12, the Impala data source is vulnerable to remote code execution due to insufficient filtering in the getJdbc method of the io.datae…
- CVE-2025-5836MEDIUMCVSS 6.3EG 6.32025-06-07
A vulnerability was found in Tenda AC9 15.03.02.13. It has been rated as critical. This issue affects the function formSetIptv of the file /goform/SetIPTVCfg of the component POST Request Handler. The manipulation of the argument list lead…
- CVE-2025-5837HIGHCVSS 8.8EG 6.32025-06-07
A vulnerability classified as critical has been found in PHPGurukul Employee Record Management System 1.3. Affected is an unknown function of the file /admin/allemployees.php. The manipulation of the argument delid leads to sql injection. …
- CVE-2025-5838HIGHCVSS 8.8EG 6.32025-06-07
A vulnerability classified as critical was found in PHPGurukul Employee Record Management System 1.3. Affected by this vulnerability is an unknown functionality of the file /admin/adminprofile.php. The manipulation of the argument AdminNam…
- CVE-2025-5856CRITICALCVSS 9.8EG 7.32025-06-09
A vulnerability has been found in PHPGurukul BP Monitoring Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /registration.php. The manipulation of the argument emailid leads to sql injec…
- CVE-2025-5857HIGHCVSS 8.8EG 6.32025-06-09
A vulnerability was found in code-projects Patient Record Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /urinalysis_record.php. The manipulation of the argument itr_no leads to sql…
- CVE-2025-5858HIGHCVSS 8.8EG 6.32025-06-09
A vulnerability was found in PHPGurukul Nipah Virus Testing Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /patient-report.php. The manipulation of the argument searchdata leads to sq…
- CVE-2025-5859HIGHCVSS 8.8EG 6.32025-06-09
A vulnerability was found in PHPGurukul Nipah Virus Testing Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /test-details.php. The manipulation of the argument…
- CVE-2025-5860CRITICALCVSS 9.8EG 7.32025-06-09
A vulnerability, which was classified as critical, was found in PHPGurukul Maid Hiring Management System 1.0. This affects an unknown part of the file /admin/search-booking-request.php. The manipulation of the argument searchdata leads to …
- CVE-2025-5881CRITICALCVSS 9.8EG 6.32025-06-09
A vulnerability was found in code-projects Chat System up to 1.0 and classified as critical. This issue affects some unknown processing of the file /user/confirm_password.php. The manipulation of the argument cid leads to sql injection. Th…
- CVE-2025-5913CRITICALCVSS 9.8EG 7.32025-06-10
A vulnerability was found in PHPGurukul Vehicle Record Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/search-vehicle.php. The manipulation of the argument searchinputdata…
- CVE-2025-5971MEDIUMCVSS 6.3EG 6.32025-06-10
A vulnerability was found in code-projects School Fees Payment System 1.0. It has been classified as critical. This affects an unknown part of the file /ajx.php. The manipulation of the argument name_startsWith leads to sql injection. It i…
- CVE-2025-5977HIGHCVSS 7.3EG 7.32025-06-10
A vulnerability was found in code-projects School Fees Payment System 1.0 and classified as critical. This issue affects some unknown processing of the file /datatable.php. The manipulation of the argument sSortDir_0 leads to sql injection…
- CVE-2025-5979HIGHCVSS 7.3EG 7.32025-06-10
A vulnerability classified as critical has been found in code-projects School Fees Payment System 1.0. This affects an unknown part of the file /branch.php. The manipulation of the argument ID leads to sql injection. It is possible to init…
- CVE-2025-5980HIGHCVSS 7.3EG 7.32025-06-10
A vulnerability classified as critical was found in code-projects Restaurant Order System 1.0. This vulnerability affects unknown code of the file /order.php. The manipulation of the argument tabidNoti leads to sql injection. The attack ca…
- CVE-2025-6005HIGHCVSS 7.2EG 4.72025-06-12
A vulnerability classified as critical was found in kiCode111 like-girl 5.2.0. This vulnerability affects unknown code of the file /admin/aboutPost.php. The manipulation of the argument title/aboutimg/info1/info2/info3/btn1/btn2/infox1/inf…
- CVE-2025-6006HIGHCVSS 7.2EG 4.72025-06-12
A vulnerability, which was classified as critical, has been found in kiCode111 like-girl 5.2.0. This issue affects some unknown processing of the file /admin/ImgUpdaPost.php. The manipulation of the argument id/imgText/imgDatd/imgUrl leads…
- CVE-2025-6007HIGHCVSS 7.2EG 4.72025-06-12
A vulnerability, which was classified as critical, was found in kiCode111 like-girl 5.2.0. Affected is an unknown function of the file /admin/CopyadminPost.php. The manipulation of the argument icp/Copyright leads to sql injection. It is p…
- CVE-2025-6008HIGHCVSS 7.2EG 4.72025-06-12
A vulnerability has been found in kiCode111 like-girl 5.2.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/ImgAddPost.php. The manipulation of the argument imgDatd/imgText/imgUrl l…
- CVE-2025-6009HIGHCVSS 7.2EG 4.72025-06-12
A vulnerability was found in kiCode111 like-girl 5.2.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/ipAddPost.php. The manipulation of the argument bz/ipdz leads to sql injection. The …
- CVE-2025-6094HIGHCVSS 8.8EG 6.32025-06-15
A vulnerability, which was classified as critical, has been found in qianfox FoxCMS up to 1.2.5. This issue affects the function batchCope of the file app/admin/controller/Download.php. The manipulation of the argument ids leads to sql inj…
- CVE-2025-6095CRITICALCVSS 9.8EG 7.32025-06-15
A vulnerability, which was classified as critical, was found in codesiddhant Jasmin Ransomware 1.0.1. Affected is an unknown function of the file /checklogin.php. The manipulation of the argument username/password leads to sql injection. I…
- CVE-2025-6096HIGHCVSS 8.8EG 6.32025-06-16
A vulnerability has been found in codesiddhant Jasmin Ransomware up to 1.0.1 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /dashboard.php. The manipulation of the argument Search leads t…
- CVE-2025-6100MEDIUMCVSS 6.3EG 6.32025-06-16
A vulnerability was found in realguoshuai open-video-cms 1.0. It has been rated as critical. This issue affects some unknown processing of the file /v1/video/list. The manipulation of the argument sort leads to sql injection. The attack ma…
- CVE-2025-6116CRITICALCVSS 9.8EG 7.32025-06-16
A vulnerability was found in Das Parking Management System 停车场管理系统 6.2.0. It has been classified as critical. This affects an unknown part of the file /IntraFieldVehicle/Search of the component API. The manipulation of the ar…
- CVE-2025-6117CRITICALCVSS 9.8EG 7.32025-06-16
A vulnerability was found in Das Parking Management System 停车场管理系统 6.2.0. It has been declared as critical. This vulnerability affects unknown code of the file /Reservations/Search of the component API. The manipulation of th…
- CVE-2025-6118CRITICALCVSS 9.8EG 7.32025-06-16
A vulnerability was found in Das Parking Management System 停车场管理系统 6.2.0. It has been rated as critical. This issue affects some unknown processing of the file /vehicle/search of the component API. The manipulation of the arg…
- CVE-2025-6122HIGHCVSS 8.8EG 6.32025-06-16
A vulnerability, which was classified as critical, was found in code-projects Restaurant Order System 1.0. This affects an unknown part of the file /table.php. The manipulation of the argument ID leads to sql injection. It is possible to i…
- CVE-2025-6123CRITICALCVSS 9.8EG 7.32025-06-16
A vulnerability has been found in code-projects Restaurant Order System 1.0 and classified as critical. This vulnerability affects unknown code of the file /payment.php. The manipulation of the argument tabidNoti leads to sql injection. Th…
- CVE-2025-6124CRITICALCVSS 9.8EG 7.32025-06-16
A vulnerability was found in code-projects Restaurant Order System 1.0 and classified as critical. This issue affects some unknown processing of the file /tablelow.php. The manipulation of the argument ID leads to sql injection. The attack…
- CVE-2025-6132CRITICALCVSS 9.8EG 7.32025-06-16
A vulnerability has been found in Chanjet CRM 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /sysconfig/departmentsetting.php. The manipulation of the argument gblOrgID leads to sql i…
- CVE-2025-6133CRITICALCVSS 9.8EG 6.32025-06-16
A vulnerability was found in Projectworlds Life Insurance Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /insertagent.php. The manipulation of the argument agent_id leads …
- CVE-2025-6134CRITICALCVSS 9.8EG 6.32025-06-16
A vulnerability was found in Projectworlds Life Insurance Management System 1.0. It has been classified as critical. This affects an unknown part of the file /insertClient.php. The manipulation of the argument client_id leads to sql inject…
- CVE-2025-6135CRITICALCVSS 9.8EG 6.32025-06-16
A vulnerability was found in Projectworlds Life Insurance Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /insertNominee.php. The manipulation of the argument client_id/nominee_i…
- CVE-2025-6136CRITICALCVSS 9.8EG 6.32025-06-16
A vulnerability was found in Projectworlds Life Insurance Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /insertPayment.php. The manipulation of the argument recipt_no leads to …
- CVE-2025-6153CRITICALCVSS 9.8EG 7.32025-06-17
A vulnerability has been found in PHPGurukul Hostel Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/students.php. The manipulation of the argument search_box leads to sql injecti…
- CVE-2025-6154CRITICALCVSS 9.8EG 7.32025-06-17
A vulnerability was found in PHPGurukul Hostel Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /includes/login.inc.php. The manipulation of the argument student_roll_no leads to sql …
- CVE-2025-6155CRITICALCVSS 9.8EG 7.32025-06-17
A vulnerability was found in PHPGurukul Hostel Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /includes/login-hm.inc.php. The manipulation of the argument Username leads to sql inject…
- CVE-2025-6156HIGHCVSS 8.8EG 6.32025-06-17
A vulnerability was found in PHPGurukul Nipah Virus Testing Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /bwdates-report-ds.php. The manipulation of the arg…
- CVE-2025-6157CRITICALCVSS 9.8EG 7.32025-06-17
A vulnerability was found in PHPGurukul Nipah Virus Testing Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /registered-user-testing.php. The manipulation of the argume…
- CVE-2025-6159CRITICALCVSS 9.8EG 7.32025-06-17
A vulnerability classified as critical was found in code-projects Hostel Management System 1.0. This vulnerability affects unknown code of the file /allocate_room.php. The manipulation of the argument search_box leads to sql injection. The…
- CVE-2025-6160CRITICALCVSS 9.8EG 7.32025-06-17
A vulnerability, which was classified as critical, has been found in SourceCodester Client Database Management System 1.0. This issue affects some unknown processing of the file /user_customer_create_order.php. The manipulation of the argu…
- CVE-2025-6173HIGHCVSS 7.2EG 4.72025-06-17
A vulnerability classified as critical was found in Webkul QloApps 1.6.1. Affected by this vulnerability is an unknown functionality of the file /admin/ajax_products_list.php. The manipulation of the argument packItself leads to sql inject…
- CVE-2025-61773HIGHCVSS 8.1EG 8.12025-10-09
pyLoad is a free and open-source download manager written in Python. In versions prior to 0.5.0b3.dev91, pyLoad web interface contained insufficient input validation in both the Captcha script endpoint and the Click'N'Load (CNL) Blueprint.…
- CVE-2025-6267CRITICALCVSS 9.8EG 6.32025-06-19
A vulnerability was found in zhilink 智互联(深圳)科技有限公司 ADP Application Developer Platform 应用开发者平台 1.0.0. It has been rated as critical. This issue affects some unknown processing of the file /adpweb/a/base/b…
- CVE-2025-62697HIGHCVSS 8.8EG 8.82025-10-20
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability in The Wikimedia Foundation Mediawiki - LanguageSelector Extension allows Code Injection.This issue affects Mediawiki - Langua…
- CVE-2025-6276CRITICALCVSS 9.8EG 6.32025-06-19
A vulnerability was found in Brilliance Golden Link Secondary System up to 20250609. It has been rated as critical. Affected by this issue is some unknown functionality of the file /storagework/rentTakeInfoPage.htm. The manipulation of the…
Map vulnerabilities like CWE-74 to your infrastructure
EchelonGraph correlates every CVE — across CWE-74 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →