CWE-74— Improper Neutralization of Special Elements in Output Used by a Downstream Component (Injection)
The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.— MITRE CWE catalog
5,096 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-74page 66 of 102
- CVE-2025-6277CRITICALCVSS 9.8EG 6.32025-06-19
A vulnerability classified as critical has been found in Brilliance Golden Link Secondary System up to 20250609. This affects an unknown part of the file /storagework/custTakeInfoPage.htm. The manipulation of the argument custTradeName lea…
- CVE-2025-6293CRITICALCVSS 9.8EG 7.32025-06-20
A vulnerability was found in code-projects Hostel Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /contact_manager.php. The manipulation of the argument student_roll_no leads to sql …
- CVE-2025-6294CRITICALCVSS 9.8EG 7.32025-06-20
A vulnerability was found in code-projects Hostel Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /contact.php. The manipulation of the argument hostel_name leads to sql injection. It …
- CVE-2025-6295CRITICALCVSS 9.8EG 7.32025-06-20
A vulnerability was found in code-projects Hostel Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /allocated_rooms.php. The manipulation of the argument search…
- CVE-2025-6296CRITICALCVSS 9.8EG 7.32025-06-20
A vulnerability was found in code-projects Hostel Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /empty_rooms.php. The manipulation of the argument search_box leads to…
- CVE-2025-6300CRITICALCVSS 9.8EG 7.32025-06-20
A vulnerability classified as critical was found in PHPGurukul Employee Record Management System 1.3. This vulnerability affects unknown code of the file /admin/editempeducation.php. The manipulation of the argument yopgra leads to sql inj…
- CVE-2025-6303CRITICALCVSS 9.8EG 7.32025-06-20
A vulnerability has been found in code-projects Online Shoe Store 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /contactus1.php. The manipulation of the argument Message leads to sql…
- CVE-2025-6304CRITICALCVSS 9.8EG 7.32025-06-20
A vulnerability was found in code-projects Online Shoe Store 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /cart.php. The manipulation of the argument qty[] leads to sql injection. The att…
- CVE-2025-6305CRITICALCVSS 9.8EG 7.32025-06-20
A vulnerability was found in code-projects Online Shoe Store 1.0. It has been classified as critical. This affects an unknown part of the file /admin/admin_feature.php. The manipulation of the argument product_code leads to sql injection. …
- CVE-2025-6306CRITICALCVSS 9.8EG 7.32025-06-20
A vulnerability was found in code-projects Online Shoe Store 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/admin_index.php. The manipulation of the argument Username leads to sql injectio…
- CVE-2025-6307CRITICALCVSS 9.8EG 7.32025-06-20
A vulnerability was found in code-projects Online Shoe Store 1.0. It has been rated as critical. This issue affects some unknown processing of the file /function/edit_customer.php. The manipulation of the argument firstname leads to sql in…
- CVE-2025-6308HIGHCVSS 8.8EG 6.32025-06-20
A vulnerability classified as critical has been found in PHPGurukul Emergency Ambulance Hiring Portal 1.0. Affected is an unknown function of the file /admin/bwdates-request-report-details.php. The manipulation of the argument fromdate/tod…
- CVE-2025-6309HIGHCVSS 8.8EG 6.32025-06-20
A vulnerability classified as critical was found in PHPGurukul Emergency Ambulance Hiring Portal 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/add-ambulance.php. The manipulation of the argument ambregn…
- CVE-2025-6310CRITICALCVSS 9.8EG 7.32025-06-20
A vulnerability, which was classified as critical, has been found in PHPGurukul Emergency Ambulance Hiring Portal 1.0. Affected by this issue is some unknown functionality of the file /index.php. The manipulation of the argument Message le…
- CVE-2025-6311CRITICALCVSS 9.8EG 7.32025-06-20
A vulnerability, which was classified as critical, was found in Campcodes Sales and Inventory System 1.0. This affects an unknown part of the file /pages/account_add.php. The manipulation of the argument id/amount leads to sql injection. I…
- CVE-2025-6312CRITICALCVSS 9.8EG 7.32025-06-20
A vulnerability has been found in Campcodes Sales and Inventory System 1.0 and classified as critical. This vulnerability affects unknown code of the file /pages/cash_transaction.php. The manipulation of the argument cid leads to sql injec…
- CVE-2025-6313CRITICALCVSS 9.8EG 7.32025-06-20
A vulnerability was found in Campcodes Sales and Inventory System 1.0 and classified as critical. This issue affects some unknown processing of the file /pages/cat_add.php. The manipulation of the argument Category leads to sql injection. …
- CVE-2025-6314CRITICALCVSS 9.8EG 7.32025-06-20
A vulnerability was found in Campcodes Sales and Inventory System 1.0. It has been classified as critical. Affected is an unknown function of the file /pages/cat_update.php. The manipulation of the argument ID leads to sql injection. It is…
- CVE-2025-6315CRITICALCVSS 9.8EG 7.32025-06-20
A vulnerability was found in code-projects Online Shoe Store 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /cart2.php. The manipulation of the argument ID leads to sql injecti…
- CVE-2025-6316CRITICALCVSS 9.8EG 7.32025-06-20
A vulnerability was found in code-projects Online Shoe Store 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/admin_running.php. The manipulation of the argument qty leads to sql i…
- CVE-2025-6317CRITICALCVSS 9.8EG 7.32025-06-20
A vulnerability classified as critical has been found in code-projects Online Shoe Store 1.0. This affects an unknown part of the file /admin/confirm.php. The manipulation of the argument ID leads to sql injection. It is possible to initia…
- CVE-2025-6318CRITICALCVSS 9.8EG 7.32025-06-20
A vulnerability classified as critical was found in PHPGurukul Pre-School Enrollment System 1.0. This vulnerability affects unknown code of the file /admin/check_availability.php. The manipulation of the argument Username leads to sql inje…
- CVE-2025-6319HIGHCVSS 8.8EG 6.32025-06-20
A vulnerability, which was classified as critical, has been found in PHPGurukul Pre-School Enrollment System 1.0. This issue affects some unknown processing of the file /admin/add-teacher.php. The manipulation of the argument tsubject lead…
- CVE-2025-6320HIGHCVSS 8.8EG 6.32025-06-20
A vulnerability, which was classified as critical, was found in PHPGurukul Pre-School Enrollment System 1.0. Affected is an unknown function of the file /admin/add-class.php. The manipulation of the argument classname leads to sql injectio…
- CVE-2025-6321HIGHCVSS 8.8EG 6.32025-06-20
A vulnerability has been found in PHPGurukul Pre-School Enrollment System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/add-subadmin.php. The manipulation of the argument sadm…
- CVE-2025-6322CRITICALCVSS 9.8EG 7.32025-06-20
A vulnerability was found in PHPGurukul Pre-School Enrollment System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /visit.php. The manipulation of the argument gname leads to sql injection…
- CVE-2025-6323CRITICALCVSS 9.8EG 7.32025-06-20
A vulnerability was found in PHPGurukul Pre-School Enrollment System 1.0. It has been classified as critical. This affects an unknown part of the file /enrollment.php. The manipulation of the argument fathername leads to sql injection. It …
- CVE-2025-6330CRITICALCVSS 9.8EG 7.32025-06-20
A vulnerability classified as critical has been found in PHPGurukul Directory Management System 1.0. Affected is an unknown function of the file /searchdata.php. The manipulation of the argument searchdata leads to sql injection. It is pos…
- CVE-2025-6331HIGHCVSS 8.8EG 6.32025-06-20
A vulnerability classified as critical was found in PHPGurukul Directory Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/search-directory.php. The manipulation of the argument searchdata…
- CVE-2025-6332HIGHCVSS 8.8EG 6.32025-06-20
A vulnerability, which was classified as critical, has been found in PHPGurukul Directory Management System 2.0. Affected by this issue is some unknown functionality of the file /admin/manage-directory.php. The manipulation of the argument…
- CVE-2025-6333HIGHCVSS 8.8EG 6.32025-06-20
A vulnerability, which was classified as critical, was found in PHPGurukul Directory Management System 2.0. This affects an unknown part of the file /admin/admin-profile.php. The manipulation of the argument adminname leads to sql injectio…
- CVE-2025-6335HIGHCVSS 7.2EG 4.72025-06-20
A vulnerability was found in DedeCMS up to 5.7.2 and classified as critical. This issue affects some unknown processing of the file /include/dedetag.class.php of the component Template Handler. The manipulation of the argument notes leads …
- CVE-2025-6339CRITICALCVSS 9.8EG 7.32025-06-20
A vulnerability was found in ponaravindb Hospital Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /func3.php. The manipulation of the argument username1 leads to sql in…
- CVE-2025-6342CRITICALCVSS 9.8EG 7.32025-06-20
A vulnerability, which was classified as critical, has been found in code-projects Online Shoe Store 1.0. This issue affects some unknown processing of the file /admin/admin_football.php. The manipulation of the argument pid leads to sql i…
- CVE-2025-6343CRITICALCVSS 9.8EG 7.32025-06-20
A vulnerability, which was classified as critical, was found in code-projects Online Shoe Store 1.0. Affected is an unknown function of the file /admin/admin_product.php. The manipulation of the argument pid leads to sql injection. It is p…
- CVE-2025-6344CRITICALCVSS 9.8EG 7.32025-06-20
A vulnerability has been found in code-projects Online Shoe Store 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /contactus.php. The manipulation of the argument email leads to sql in…
- CVE-2025-6346CRITICALCVSS 9.8EG 6.32025-06-20
A vulnerability was found in SourceCodester Advance Charity Management System 1.0. It has been classified as critical. This affects an unknown part of the file /members/fundDetails.php. The manipulation of the argument m06 leads to sql inj…
- CVE-2025-6351CRITICALCVSS 9.8EG 6.32025-06-20
A vulnerability was found in itsourcecode Employee Record Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /editprofile.php. The manipulation of the argument emp1name leads to sql…
- CVE-2025-6354CRITICALCVSS 9.8EG 7.32025-06-20
A vulnerability, which was classified as critical, has been found in code-projects Online Shoe Store 1.0. Affected by this issue is some unknown functionality of the file /function/customer_signup.php. The manipulation of the argument emai…
- CVE-2025-6355CRITICALCVSS 9.8EG 7.32025-06-20
A vulnerability has been found in SourceCodester Online Hotel Reservation System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/execeditroom.php. The manipulation of the argument userid leads to …
- CVE-2025-6356CRITICALCVSS 9.8EG 7.32025-06-20
A vulnerability was found in code-projects Simple Pizza Ordering System 1.0 and classified as critical. This issue affects some unknown processing of the file /addmem.php. The manipulation leads to sql injection. The attack may be initiate…
- CVE-2025-6357CRITICALCVSS 9.8EG 7.32025-06-20
A vulnerability was found in code-projects Simple Pizza Ordering System 1.0. It has been classified as critical. Affected is an unknown function of the file /paymentportal.php. The manipulation of the argument person leads to sql injection…
- CVE-2025-6358CRITICALCVSS 9.8EG 7.32025-06-20
A vulnerability was found in code-projects Simple Pizza Ordering System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /saveorder.php. The manipulation of the argument ID leads…
- CVE-2025-6359CRITICALCVSS 9.8EG 7.32025-06-20
A vulnerability was found in code-projects Simple Pizza Ordering System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /cashconfirm.php. The manipulation of the argument transactioncode…
- CVE-2025-6360CRITICALCVSS 9.8EG 7.32025-06-20
A vulnerability classified as critical has been found in code-projects Simple Pizza Ordering System 1.0. This affects an unknown part of the file /portal.php. The manipulation of the argument ID leads to sql injection. It is possible to in…
- CVE-2025-6361CRITICALCVSS 9.8EG 7.32025-06-20
A vulnerability classified as critical was found in code-projects Simple Pizza Ordering System 1.0. This vulnerability affects unknown code of the file /adds.php. The manipulation of the argument userid leads to sql injection. The attack c…
- CVE-2025-6362CRITICALCVSS 9.8EG 7.32025-06-20
A vulnerability, which was classified as critical, has been found in code-projects Simple Pizza Ordering System 1.0. This issue affects some unknown processing of the file /editpro.php. The manipulation of the argument ID leads to sql inje…
- CVE-2025-6363CRITICALCVSS 9.8EG 7.32025-06-20
A vulnerability, which was classified as critical, was found in code-projects Simple Pizza Ordering System 1.0. Affected is an unknown function of the file /adding-exec.php. The manipulation of the argument ingname leads to sql injection. …
- CVE-2025-6364CRITICALCVSS 9.8EG 7.32025-06-20
A vulnerability has been found in code-projects Simple Pizza Ordering System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /adduser-exec.php. The manipulation of the argument Usernam…
- CVE-2025-6394CRITICALCVSS 9.8EG 7.32025-06-21
A vulnerability was found in code-projects Simple Online Hotel Reservation System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /add_reserve.php. The manipulation of the argum…
Map vulnerabilities like CWE-74 to your infrastructure
EchelonGraph correlates every CVE — across CWE-74 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →