CWE-74— Improper Neutralization of Special Elements in Output Used by a Downstream Component (Injection)
The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.— MITRE CWE catalog
5,096 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-74page 69 of 102
- CVE-2025-6846HIGHCVSS 7.3EG 7.32025-06-29
A vulnerability classified as critical has been found in code-projects Simple Forum 1.0. This affects an unknown part of the file /forum_viewfile.php. The manipulation of the argument Name leads to sql injection. It is possible to initiate…
- CVE-2025-6847CRITICALCVSS 9.8EG 6.32025-06-29
A vulnerability classified as critical was found in code-projects Simple Forum 1.0. This vulnerability affects unknown code of the file /forum_edit.php. The manipulation of the argument iii leads to sql injection. The attack can be initiat…
- CVE-2025-6850HIGHCVSS 8.8EG 6.32025-06-29
A vulnerability has been found in code-projects Simple Forum 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /forum1.php. The manipulation of the argument File leads to sql injection. …
- CVE-2025-6859HIGHCVSS 8.8EG 6.32025-06-29
A vulnerability was found in SourceCodester Best Salon Management System 1.0. It has been classified as critical. This affects an unknown part of the file /panel/pro_sale.php. The manipulation of the argument fromdate/todate leads to sql i…
- CVE-2025-6860HIGHCVSS 8.8EG 6.32025-06-29
A vulnerability was found in SourceCodester Best Salon Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /panel/staff_commision.php. The manipulation of the argument fromdate/todat…
- CVE-2025-6861HIGHCVSS 8.8EG 6.32025-06-29
A vulnerability was found in SourceCodester Best Salon Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /panel/add_plan.php. The manipulation of the argument plan_name/description…
- CVE-2025-6862HIGHCVSS 8.8EG 6.32025-06-29
A vulnerability classified as critical has been found in SourceCodester Best Salon Management System 1.0. Affected is an unknown function of the file /panel/edit_plan.php. The manipulation of the argument editid leads to sql injection. It …
- CVE-2025-6863CRITICALCVSS 9.8EG 7.32025-06-29
A vulnerability classified as critical was found in PHPGurukul Local Services Search Engine Management System 2.1. Affected by this vulnerability is an unknown functionality of the file /admin/edit-category-detail.php. The manipulation of …
- CVE-2025-6867HIGHCVSS 7.2EG 4.72025-06-29
A vulnerability was found in SourceCodester Simple Company Website 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/services/manage.php. The manipulation of the argument ID leads to sql injectio…
- CVE-2025-6868HIGHCVSS 7.2EG 4.72025-06-29
A vulnerability was found in SourceCodester Simple Company Website 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/clients/manage.php. The manipulation of the argument ID leads to sql injection. …
- CVE-2025-6869HIGHCVSS 7.2EG 4.72025-06-29
A vulnerability was found in SourceCodester Simple Company Website 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/testimonials/manage.php. The manipulation of the argume…
- CVE-2025-6871CRITICALCVSS 9.8EG 7.32025-06-29
A vulnerability classified as critical has been found in SourceCodester Simple Company Website 1.0. This affects an unknown part of the file /classes/Login.php. The manipulation of the argument Username leads to sql injection. It is possib…
- CVE-2025-6874HIGHCVSS 8.8EG 6.32025-06-29
A vulnerability, which was classified as critical, was found in SourceCodester Best Salon Management System 1.0. Affected is an unknown function of the file /panel/add_subscribe.php. The manipulation of the argument user_id/plan_id leads t…
- CVE-2025-6875HIGHCVSS 8.8EG 6.32025-06-29
A vulnerability has been found in SourceCodester Best Salon Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /panel/edit-subscription.php. The manipulation of the argu…
- CVE-2025-6876HIGHCVSS 8.8EG 6.32025-06-29
A vulnerability was found in SourceCodester Best Salon Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /panel/add-category.php. The manipulation of the argument Name leads …
- CVE-2025-6877HIGHCVSS 8.8EG 6.32025-06-30
A vulnerability was found in SourceCodester Best Salon Management System 1.0. It has been classified as critical. This affects an unknown part of the file /panel/edit-category.php. The manipulation of the argument editid leads to sql injec…
- CVE-2025-6878HIGHCVSS 8.8EG 6.32025-06-30
A vulnerability was found in SourceCodester Best Salon Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /panel/search-appointment.php. The manipulation of the argument searchdata …
- CVE-2025-6879HIGHCVSS 8.8EG 6.32025-06-30
A vulnerability was found in SourceCodester Best Salon Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /panel/add-tax.php. The manipulation of the argument Name leads to sql inje…
- CVE-2025-6880HIGHCVSS 8.8EG 6.32025-06-30
A vulnerability classified as critical has been found in SourceCodester Best Salon Management System 1.0. Affected is an unknown function of the file /panel/edit-tax.php. The manipulation of the argument editid leads to sql injection. It i…
- CVE-2025-6883MEDIUMCVSS 6.3EG 6.32025-06-30
A vulnerability classified as critical was found in code-projects Staff Audit System 1.0. This vulnerability affects unknown code of the file /update_index.php. The manipulation of the argument updateid leads to sql injection. The attack c…
- CVE-2025-6884HIGHCVSS 8.8EG 6.32025-06-30
A vulnerability, which was classified as critical, has been found in code-projects Staff Audit System 1.0. This issue affects some unknown processing of the file /search_index.php. The manipulation of the argument Search leads to sql injec…
- CVE-2025-6885CRITICALCVSS 9.8EG 7.32025-06-30
A vulnerability, which was classified as critical, was found in PHPGurukul Teachers Record Management System 2.1. Affected is an unknown function of the file /admin/edit-teacher-detail.php. The manipulation of the argument tid leads to sql…
- CVE-2025-6888CRITICALCVSS 9.8EG 7.32025-06-30
A vulnerability was found in PHPGurukul Teachers Record Management System 2.1. It has been classified as critical. This affects an unknown part of the file /admin/changeimage.php. The manipulation of the argument tid leads to sql injection…
- CVE-2025-6889CRITICALCVSS 9.8EG 7.32025-06-30
A vulnerability was found in code-projects Movie Ticketing System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /logIn.php. The manipulation of the argument postName leads to sql injection. The …
- CVE-2025-6890HIGHCVSS 8.8EG 6.32025-06-30
A vulnerability was found in code-projects Movie Ticketing System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /ticketConfirmation.php. The manipulation of the argument Date leads to sql inject…
- CVE-2025-6891CRITICALCVSS 9.8EG 7.32025-06-30
A vulnerability classified as critical has been found in code-projects Inventory Management System 1.0. Affected is an unknown function of the file /php_action/createUser.php. The manipulation of the argument Username leads to sql injectio…
- CVE-2025-6901CRITICALCVSS 9.8EG 7.32025-06-30
A vulnerability was found in code-projects Inventory Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /php_action/removeUser.php. The manipulation of the argument userid leads to sql …
- CVE-2025-6902CRITICALCVSS 9.8EG 7.32025-06-30
A vulnerability was found in code-projects Inventory Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /php_action/editUser.php. The manipulation of the argument edituserName leads to sq…
- CVE-2025-6903CRITICALCVSS 9.8EG 7.32025-06-30
A vulnerability was found in code-projects Car Rental System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/approve.php. The manipulation of the argument ID leads to sql…
- CVE-2025-6904CRITICALCVSS 9.8EG 7.32025-06-30
A vulnerability was found in code-projects Car Rental System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/add_cars.php. The manipulation of the argument car_name leads to sql i…
- CVE-2025-6905CRITICALCVSS 9.8EG 7.32025-06-30
A vulnerability, which was classified as critical, has been found in code-projects Car Rental System 1.0. This issue affects some unknown processing of the file /signup.php. The manipulation of the argument fname leads to sql injection. Th…
- CVE-2025-6906CRITICALCVSS 9.8EG 7.32025-06-30
A vulnerability classified as critical has been found in code-projects Car Rental System 1.0. This affects an unknown part of the file /login.php. The manipulation of the argument uname leads to sql injection. It is possible to initiate th…
- CVE-2025-6907CRITICALCVSS 9.8EG 7.32025-06-30
A vulnerability classified as critical was found in code-projects Car Rental System 1.0. This vulnerability affects unknown code of the file /book_car.php. The manipulation of the argument fname leads to sql injection. The attack can be in…
- CVE-2025-6908HIGHCVSS 8.8EG 6.32025-06-30
A vulnerability, which was classified as critical, was found in PHPGurukul Old Age Home Management System 1.0. Affected is an unknown function of the file /admin/edit-services.php. The manipulation of the argument sertitle leads to sql inj…
- CVE-2025-6909HIGHCVSS 8.8EG 6.32025-06-30
A vulnerability has been found in PHPGurukul Old Age Home Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/add-scdetails.php. The manipulation of the argument e…
- CVE-2025-6910HIGHCVSS 8.8EG 6.32025-06-30
A vulnerability was found in PHPGurukul Student Record System 3.2. It has been classified as critical. This affects an unknown part of the file /session.php. The manipulation of the argument session leads to sql injection. It is possible t…
- CVE-2025-6911HIGHCVSS 8.8EG 6.32025-06-30
A vulnerability was found in PHPGurukul Student Record System 3.2. It has been declared as critical. This vulnerability affects unknown code of the file /manage-subjects.php. The manipulation of the argument del leads to sql injection. The…
- CVE-2025-6912HIGHCVSS 8.8EG 6.32025-06-30
A vulnerability was found in PHPGurukul Student Record System 3.2. It has been rated as critical. This issue affects some unknown processing of the file /manage-students.php. The manipulation of the argument del leads to sql injection. The…
- CVE-2025-6913HIGHCVSS 8.8EG 6.32025-06-30
A vulnerability classified as critical has been found in PHPGurukul Student Record System 3.2. Affected is an unknown function of the file /admin-profile.php. The manipulation of the argument aemailid leads to sql injection. It is possible…
- CVE-2025-6914HIGHCVSS 8.8EG 6.32025-06-30
A vulnerability classified as critical was found in PHPGurukul Student Record System 3.2. Affected by this vulnerability is an unknown functionality of the file /edit-student.php. The manipulation of the argument fmarks2 leads to sql injec…
- CVE-2025-6915HIGHCVSS 8.8EG 6.32025-06-30
A vulnerability, which was classified as critical, has been found in PHPGurukul Student Record System 3.2. Affected by this issue is some unknown functionality of the file /register.php. The manipulation of the argument session leads to sq…
- CVE-2025-6917CRITICALCVSS 9.8EG 7.32025-06-30
A vulnerability has been found in code-projects Online Hotel Booking 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/registration.php. The manipulation of the argument uname leads to sql injection…
- CVE-2025-69205MEDIUMCVSS 6.3EG 6.32025-12-29
Micro Registration Utility (µURU) is a telephone self registration utility based on asterisk. In versions up to and including commit 88db9a953f38a3026bcd6816d51c7f3b93c55893, an attacker can crafts a special federation name and characters…
- CVE-2025-6929HIGHCVSS 8.8EG 6.32025-06-30
A vulnerability was found in PHPGurukul Zoo Management System 2.1. It has been rated as critical. This issue affects some unknown processing of the file /admin/view-normal-ticket.php. The manipulation of the argument viewid leads to sql in…
- CVE-2025-6930HIGHCVSS 8.8EG 6.32025-06-30
A vulnerability classified as critical has been found in PHPGurukul Zoo Management System 2.1. Affected is an unknown function of the file /admin/manage-foreigners-ticket.php. The manipulation of the argument ID leads to sql injection. It …
- CVE-2025-6935CRITICALCVSS 9.8EG 7.32025-07-01
A vulnerability was found in Campcodes Sales and Inventory System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /pages/payment_add.php. The manipulation of the argument cid leads to sql in…
- CVE-2025-6936CRITICALCVSS 9.8EG 7.32025-07-01
A vulnerability was found in code-projects Simple Pizza Ordering System 1.0. It has been classified as critical. This affects an unknown part of the file /addpro.php. The manipulation of the argument ID leads to sql injection. It is possib…
- CVE-2025-6937CRITICALCVSS 9.8EG 7.32025-07-01
A vulnerability was found in code-projects Simple Pizza Ordering System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /large.php. The manipulation of the argument ID leads to sql injection. The …
- CVE-2025-6938CRITICALCVSS 9.8EG 7.32025-07-01
A vulnerability was found in code-projects Simple Pizza Ordering System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /editcus.php. The manipulation of the argument ID leads to sql injection. Th…
- CVE-2025-6954CRITICALCVSS 9.8EG 7.32025-07-01
A vulnerability has been found in Campcodes Employee Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /applyleave.php. The manipulation of the argument ID leads to sql…
Map vulnerabilities like CWE-74 to your infrastructure
EchelonGraph correlates every CVE — across CWE-74 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →