CWE-74— Improper Neutralization of Special Elements in Output Used by a Downstream Component (Injection)
The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.— MITRE CWE catalog
5,096 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-74page 67 of 102
- CVE-2025-6403CRITICALCVSS 9.8EG 7.32025-06-21
A vulnerability was found in code-projects School Fees Payment System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /student.php. The manipulation of the argument ID leads to sql injection. The …
- CVE-2025-6404CRITICALCVSS 9.8EG 7.32025-06-21
A vulnerability classified as critical has been found in Campcodes Online Teacher Record Management System 1.0. Affected is an unknown function of the file /admin/search.php. The manipulation of the argument searchdata leads to sql injecti…
- CVE-2025-6405CRITICALCVSS 9.8EG 7.32025-06-21
A vulnerability classified as critical was found in Campcodes Online Teacher Record Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/edit-teacher-detail.php. The manipulation of the argum…
- CVE-2025-6406CRITICALCVSS 9.8EG 7.32025-06-21
A vulnerability, which was classified as critical, has been found in Campcodes Online Hospital Management System 1.0. Affected by this issue is some unknown functionality of the file /hms/forgot-password.php. The manipulation of the argume…
- CVE-2025-6407CRITICALCVSS 9.8EG 7.32025-06-21
A vulnerability, which was classified as critical, was found in Campcodes Online Hospital Management System 1.0. This affects an unknown part of the file /user-login.php. The manipulation of the argument Username leads to sql injection. It…
- CVE-2025-6408CRITICALCVSS 9.8EG 7.32025-06-21
A vulnerability has been found in Campcodes Online Hospital Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /doctor/search.php. The manipulation of the argument searchdata leads to sql …
- CVE-2025-6409CRITICALCVSS 9.8EG 7.32025-06-21
A vulnerability was found in PHPGurukul Art Gallery Management System 1.1 and classified as critical. This issue affects some unknown processing of the file /admin/forgot-password.php. The manipulation of the argument email leads to sql in…
- CVE-2025-64099HIGHCVSS 8.1EG 8.12025-11-12
Open Access Management (OpenAM) is an access management solution. In versions prior to 16.0.0, if the "claims_parameter_supported" parameter is activated, it is possible, thanks to the "oidc-claims-extension.groovy" script, to inject the v…
- CVE-2025-6410HIGHCVSS 8.8EG 6.32025-06-21
A vulnerability was found in PHPGurukul Art Gallery Management System 1.1. It has been classified as critical. Affected is an unknown function of the file /admin/edit-art-medium-detail.php. The manipulation of the argument editid leads to …
- CVE-2025-6411HIGHCVSS 8.8EG 6.32025-06-21
A vulnerability was found in PHPGurukul Art Gallery Management System 1.1. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/changepropic.php. The manipulation of the argument i…
- CVE-2025-6412HIGHCVSS 8.8EG 6.32025-06-21
A vulnerability was found in PHPGurukul Art Gallery Management System 1.1. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/changeimage.php. The manipulation of the argument editid lead…
- CVE-2025-6413HIGHCVSS 8.8EG 6.32025-06-21
A vulnerability classified as critical has been found in PHPGurukul Art Gallery Management System 1.1. This affects an unknown part of the file /admin/changeimage1.php. The manipulation of the argument editid leads to sql injection. It is …
- CVE-2025-6414HIGHCVSS 8.8EG 6.32025-06-21
A vulnerability classified as critical was found in PHPGurukul Art Gallery Management System 1.1. This vulnerability affects unknown code of the file /admin/changeimage2.php. The manipulation of the argument editid leads to sql injection. …
- CVE-2025-6415HIGHCVSS 8.8EG 6.32025-06-21
A vulnerability, which was classified as critical, has been found in PHPGurukul Art Gallery Management System 1.1. This issue affects some unknown processing of the file /admin/changeimage3.php. The manipulation of the argument editid lead…
- CVE-2025-6416HIGHCVSS 8.8EG 6.32025-06-21
A vulnerability, which was classified as critical, was found in PHPGurukul Art Gallery Management System 1.1. Affected is an unknown function of the file /admin/changeimage4.php. The manipulation of the argument editid leads to sql injecti…
- CVE-2025-6417HIGHCVSS 8.8EG 6.32025-06-21
A vulnerability has been found in PHPGurukul Art Gallery Management System 1.1 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/add-artist.php. The manipulation of the argument award…
- CVE-2025-6418CRITICALCVSS 9.8EG 7.32025-06-21
A vulnerability was found in code-projects Simple Online Hotel Reservation System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/edit_query_account.php. The manipulation of the argum…
- CVE-2025-6419CRITICALCVSS 9.8EG 7.32025-06-21
A vulnerability was found in code-projects Simple Online Hotel Reservation System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/edit_room.php. The manipulation of the argument room_type leads to s…
- CVE-2025-6420CRITICALCVSS 9.8EG 7.32025-06-21
A vulnerability was found in code-projects Simple Online Hotel Reservation System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/add_room.php. The manipulation of the argument room_type le…
- CVE-2025-6421CRITICALCVSS 9.8EG 7.32025-06-21
A vulnerability was found in code-projects Simple Online Hotel Reservation System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/add_account.php. The manipulation of the argument name/admi…
- CVE-2025-64428CRITICALCVSS 9.8EG 9.82025-11-20
Dataease is an open source data visualization analysis tool. Versions prior to 2.10.17 are vulnerable to JNDI injection. A blacklist was added in the patch for version 2.10.14. However, JNDI injection remains possible via the iiop, corbana…
- CVE-2025-6446CRITICALCVSS 9.8EG 7.32025-06-21
A vulnerability, which was classified as critical, has been found in code-projects Client Details System 1.0. This issue affects some unknown processing of the file /clientdetails/admin/index.php. The manipulation of the argument Username …
- CVE-2025-6447CRITICALCVSS 9.8EG 7.32025-06-22
A vulnerability, which was classified as critical, was found in code-projects Simple Online Hotel Reservation System 1.0. Affected is an unknown function of the file /admin/index.php. The manipulation of the argument Username leads to sql …
- CVE-2025-6448CRITICALCVSS 9.8EG 7.32025-06-22
A vulnerability has been found in code-projects Simple Online Hotel Reservation System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/delete_room.php. The manipulation of the a…
- CVE-2025-6449CRITICALCVSS 9.8EG 7.32025-06-22
A vulnerability was found in code-projects Simple Online Hotel Reservation System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/checkout_query.php. The manipulation of the argument …
- CVE-2025-6450CRITICALCVSS 9.8EG 7.32025-06-22
A vulnerability was found in code-projects Simple Online Hotel Reservation System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/confirm_reserve.php. The manipulation of the argument transaction_id…
- CVE-2025-6451CRITICALCVSS 9.8EG 7.32025-06-22
A vulnerability was found in code-projects Simple Online Hotel Reservation System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/delete_pending.php. The manipulation of the argument transa…
- CVE-2025-6455CRITICALCVSS 9.8EG 7.32025-06-22
A vulnerability classified as critical was found in code-projects Online Hotel Reservation System 1.0. Affected by this vulnerability is an unknown functionality of the file /messageexec.php. The manipulation of the argument Name leads to …
- CVE-2025-6456CRITICALCVSS 9.8EG 7.32025-06-22
A vulnerability, which was classified as critical, has been found in code-projects Online Hotel Reservation System 1.0. Affected by this issue is some unknown functionality of the file /reservation/order.php. The manipulation of the argume…
- CVE-2025-6457CRITICALCVSS 9.8EG 7.32025-06-22
A vulnerability, which was classified as critical, was found in code-projects Online Hotel Reservation System 1.0. This affects an unknown part of the file /reservation/demo.php. The manipulation of the argument Start leads to sql injectio…
- CVE-2025-6458CRITICALCVSS 9.8EG 7.32025-06-22
A vulnerability has been found in code-projects Online Hotel Reservation System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/execedituser.php. The manipulation of the argument userid leads to s…
- CVE-2025-6467CRITICALCVSS 9.8EG 7.32025-06-22
A vulnerability was found in code-projects Online Bidding System 1.0. It has been classified as critical. This affects an unknown part of the file /login.php. The manipulation of the argument User leads to sql injection. It is possible to …
- CVE-2025-6468CRITICALCVSS 9.8EG 7.32025-06-22
A vulnerability was found in code-projects Online Bidding System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /bidnow.php. The manipulation of the argument ID leads to sql injection. The attack…
- CVE-2025-6469CRITICALCVSS 9.8EG 7.32025-06-22
A vulnerability was found in code-projects Online Bidding System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /details.php. The manipulation of the argument ID leads to sql injection. The attac…
- CVE-2025-6470CRITICALCVSS 9.8EG 7.32025-06-22
A vulnerability classified as critical has been found in code-projects Online Bidding System 1.0. Affected is an unknown function of the file /bidlog.php. The manipulation of the argument ID leads to sql injection. It is possible to launch…
- CVE-2025-6471CRITICALCVSS 9.8EG 7.32025-06-22
A vulnerability classified as critical was found in code-projects Online Bidding System 1.0. Affected by this vulnerability is an unknown functionality of the file /administrator. The manipulation of the argument aduser leads to sql inject…
- CVE-2025-6472CRITICALCVSS 9.8EG 7.32025-06-22
A vulnerability, which was classified as critical, has been found in code-projects Online Bidding System 1.0. Affected by this issue is some unknown functionality of the file /showprod.php. The manipulation of the argument ID leads to sql …
- CVE-2025-6474CRITICALCVSS 9.8EG 7.32025-06-22
A vulnerability has been found in code-projects Inventory Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /changeUsername.php. The manipulation of the argument user_id leads to sql inje…
- CVE-2025-64741CRITICALCVSS 9.8EG 8.12025-11-13
Improper authorization handling in Zoom Workplace for Android before version 6.5.10 may allow an unauthenticated user to conduct an escalation of privilege via network access.
- CVE-2025-6479CRITICALCVSS 9.8EG 7.32025-06-22
A vulnerability classified as critical has been found in code-projects Simple Pizza Ordering System 1.0. This affects an unknown part of the file /salesreport.php. The manipulation of the argument dayfrom leads to sql injection. It is poss…
- CVE-2025-6480CRITICALCVSS 9.8EG 7.32025-06-22
A vulnerability classified as critical was found in code-projects Simple Pizza Ordering System 1.0. This vulnerability affects unknown code of the file /addcatexec.php. The manipulation of the argument textfield leads to sql injection. The…
- CVE-2025-6481CRITICALCVSS 9.8EG 7.32025-06-22
A vulnerability, which was classified as critical, has been found in code-projects Simple Pizza Ordering System 1.0. This issue affects some unknown processing of the file /update.php. The manipulation of the argument ID leads to sql injec…
- CVE-2025-6482CRITICALCVSS 9.8EG 7.32025-06-22
A vulnerability, which was classified as critical, was found in code-projects Simple Pizza Ordering System 1.0. Affected is an unknown function of the file /edituser-exec.php. The manipulation of the argument userid leads to sql injection.…
- CVE-2025-6483CRITICALCVSS 9.8EG 7.32025-06-22
A vulnerability has been found in code-projects Simple Pizza Ordering System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /edituser.php. The manipulation of the argument ID leads to…
- CVE-2025-6484HIGHCVSS 7.2EG 4.72025-06-22
A vulnerability was found in code-projects Online Shopping Store 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /action.php. The manipulation of the argument cat_id/brand_id/keyword/proId/p…
- CVE-2025-6489CRITICALCVSS 9.8EG 7.32025-06-22
A vulnerability has been found in itsourcecode Agri-Trading Online Shopping System 1.0 and classified as critical. This vulnerability affects unknown code of the file /transactionsave.php. The manipulation of the argument del leads to sql …
- CVE-2025-6500CRITICALCVSS 9.8EG 7.32025-06-23
A vulnerability, which was classified as critical, has been found in code-projects Inventory Management System 1.0. Affected by this issue is some unknown functionality of the file /php_action/editCategories.php. The manipulation of the ar…
- CVE-2025-6501CRITICALCVSS 9.8EG 7.32025-06-23
A vulnerability, which was classified as critical, was found in code-projects Inventory Management System 1.0. This affects an unknown part of the file /php_action/createCategories.php. The manipulation of the argument categoriesStatus lea…
- CVE-2025-6502CRITICALCVSS 9.8EG 7.32025-06-23
A vulnerability has been found in code-projects Inventory Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /php_action/changePassword.php. The manipulation of the argument user_id leads …
- CVE-2025-6503CRITICALCVSS 9.8EG 7.32025-06-23
A vulnerability was found in code-projects Inventory Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /php_action/fetchSelectedCategories.php. The manipulation of the argument categor…
Map vulnerabilities like CWE-74 to your infrastructure
EchelonGraph correlates every CVE — across CWE-74 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →