CWE-74— Improper Neutralization of Special Elements in Output Used by a Downstream Component (Injection)
The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.— MITRE CWE catalog
5,096 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-74page 70 of 102
- CVE-2025-6955CRITICALCVSS 9.8EG 7.32025-07-01
A vulnerability was found in Campcodes Employee Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /process/aprocess.php. The manipulation of the argument mailuid leads to sql…
- CVE-2025-6956CRITICALCVSS 9.8EG 7.32025-07-01
A vulnerability was found in Campcodes Employee Management System 1.0. It has been classified as critical. This affects an unknown part of the file /changepassemp.php. The manipulation of the argument ID leads to sql injection. It is possi…
- CVE-2025-6957CRITICALCVSS 9.8EG 7.32025-07-01
A vulnerability was found in Campcodes Employee Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /process/eprocess.php. The manipulation of the argument mailuid leads to sql injec…
- CVE-2025-6958CRITICALCVSS 9.8EG 7.32025-07-01
A vulnerability was found in Campcodes Employee Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /edit.php. The manipulation of the argument ID leads to sql injection. The attack …
- CVE-2025-6959CRITICALCVSS 9.8EG 7.32025-07-01
A vulnerability classified as critical has been found in Campcodes Employee Management System 1.0. Affected is an unknown function of the file /eloginwel.php. The manipulation of the argument ID leads to sql injection. It is possible to la…
- CVE-2025-6960CRITICALCVSS 9.8EG 7.32025-07-01
A vulnerability classified as critical was found in Campcodes Employee Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /empproject.php. The manipulation of the argument ID leads to sql injectio…
- CVE-2025-6961CRITICALCVSS 9.8EG 7.32025-07-01
A vulnerability, which was classified as critical, has been found in Campcodes Employee Management System 1.0. Affected by this issue is some unknown functionality of the file /mark.php. The manipulation of the argument ID leads to sql inj…
- CVE-2025-6962CRITICALCVSS 9.8EG 7.32025-07-01
A vulnerability, which was classified as critical, was found in Campcodes Employee Management System 1.0. This affects an unknown part of the file /myprofileup.php. The manipulation of the argument ID leads to sql injection. It is possible…
- CVE-2025-6963CRITICALCVSS 9.8EG 7.32025-07-01
A vulnerability has been found in Campcodes Employee Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /myprofile.php. The manipulation of the argument ID leads to sql injection. The atta…
- CVE-2025-7061LOWCVSS 2.7EG 2.72025-07-04
A vulnerability was found in Intelbras InControl up to 2.21.60.9. It has been declared as problematic. This vulnerability affects unknown code of the file /v1/operador/. The manipulation leads to csv injection. The attack can be initiated …
- CVE-2025-70948CRITICALCVSS 9.3EG 9.32026-03-05
A host header injection vulnerability in the mailer component of @perfood/couch-auth v0.26.0 allows attackers to obtain reset tokens and execute an account takeover via spoofing the HTTP Host header.
- CVE-2025-7101CRITICALCVSS 9.8EG 6.32025-07-07
A vulnerability was found in BoyunCMS up to 1.4.20. It has been classified as critical. This affects an unknown part of the file /install/install_ok.php of the component Configuration File Handler. The manipulation of the argument db_pass …
- CVE-2025-7102CRITICALCVSS 9.8EG 6.32025-07-07
A vulnerability was found in BoyunCMS up to 1.4.20. It has been declared as critical. This vulnerability affects unknown code of the file application/update/controller/Server.php. The manipulation of the argument phone leads to sql injecti…
- CVE-2025-7119CRITICALCVSS 9.8EG 7.32025-07-07
A vulnerability has been found in Campcodes Complaint Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /users/index.php. The manipulation of the argument Username lead…
- CVE-2025-7120CRITICALCVSS 9.8EG 7.32025-07-07
A vulnerability was found in Campcodes Complaint Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /users/check_availability.php. The manipulation of the argument email leads…
- CVE-2025-7121HIGHCVSS 8.8EG 6.32025-07-07
A vulnerability was found in Campcodes Complaint Management System 1.0. It has been classified as critical. This affects an unknown part of the file /users/complaint-details.php. The manipulation of the argument cid leads to sql injection.…
- CVE-2025-7122CRITICALCVSS 9.8EG 7.32025-07-07
A vulnerability was found in Campcodes Complaint Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/index.php. The manipulation of the argument Username leads to sql injectio…
- CVE-2025-7123HIGHCVSS 7.2EG 4.72025-07-07
A vulnerability was found in Campcodes Complaint Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/complaint-details.php. The manipulation of the argument cid/uid leads to s…
- CVE-2025-7125HIGHCVSS 7.2EG 6.32025-07-07
A vulnerability classified as critical was found in itsourcecode Employee Management System up to 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/editempeducation.php. The manipulation of the argument cou…
- CVE-2025-7126HIGHCVSS 7.2EG 6.32025-07-07
A vulnerability, which was classified as critical, has been found in itsourcecode Employee Management System up to 1.0. Affected by this issue is some unknown functionality of the file /admin/adminprofile.php. The manipulation of the argum…
- CVE-2025-7127HIGHCVSS 7.2EG 4.72025-07-07
A vulnerability, which was classified as critical, was found in itsourcecode Employee Management System up to 1.0. This affects an unknown part of the file /admin/changepassword.php. The manipulation of the argument currentpassword leads t…
- CVE-2025-7128CRITICALCVSS 9.8EG 7.32025-07-07
A vulnerability has been found in Campcodes Payroll Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /ajax.php?action=calculate_payroll. The manipulation of the argument ID leads to sql …
- CVE-2025-7129CRITICALCVSS 9.8EG 7.32025-07-07
A vulnerability was found in Campcodes Payroll Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /ajax.php?action=delete_employee_attendance_single. The manipulation of the argument ID…
- CVE-2025-7130CRITICALCVSS 9.8EG 7.32025-07-07
A vulnerability was found in Campcodes Payroll Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /ajax.php?action=delete_payroll. The manipulation of the argument ID leads to sql injecti…
- CVE-2025-7131CRITICALCVSS 9.8EG 7.32025-07-07
A vulnerability was found in Campcodes Payroll Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /ajax.php?action=save_employee_attendance. The manipulation of t…
- CVE-2025-7132CRITICALCVSS 9.8EG 7.32025-07-07
A vulnerability was found in Campcodes Payroll Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /ajax.php?action=save_payroll. The manipulation of the argument ID leads …
- CVE-2025-7134CRITICALCVSS 9.8EG 7.32025-07-07
A vulnerability classified as critical was found in Campcodes Online Recruitment Management System 1.0. This vulnerability affects unknown code of the file /admin/ajax.php?action=delete_application. The manipulation of the argument ID lead…
- CVE-2025-7135CRITICALCVSS 9.8EG 7.32025-07-07
A vulnerability, which was classified as critical, has been found in Campcodes Online Recruitment Management System 1.0. This issue affects some unknown processing of the file /admin/ajax.php?action=save_vacancy. The manipulation of the ar…
- CVE-2025-7136CRITICALCVSS 9.8EG 7.32025-07-07
A vulnerability, which was classified as critical, was found in Campcodes Online Recruitment Management System 1.0. Affected is an unknown function of the file /admin/view_vacancy.php. The manipulation of the argument ID leads to sql injec…
- CVE-2025-7137HIGHCVSS 8.8EG 6.32025-07-07
A vulnerability was found in SourceCodester Best Salon Management System 1.0. It has been classified as critical. This affects an unknown part of the file /panel/schedule-staff.php. The manipulation of the argument staff_id leads to sql in…
- CVE-2025-7138HIGHCVSS 8.8EG 6.32025-07-07
A vulnerability was found in SourceCodester Best Salon Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /panel/admin-profile.php. The manipulation of the argument adminname leads …
- CVE-2025-7147CRITICALCVSS 9.8EG 7.32025-07-07
A vulnerability has been found in CodeAstro Patient Record Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /login.php. The manipulation of the argument uname leads to…
- CVE-2025-7149HIGHCVSS 8.8EG 6.32025-07-07
A vulnerability was found in Campcodes Advanced Online Voting System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/candidates_delete.php. The manipulation of the argument ID leads to sql injection…
- CVE-2025-7150HIGHCVSS 8.8EG 6.32025-07-07
A vulnerability was found in Campcodes Advanced Online Voting System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/voters_delete.php. The manipulation of the argument ID leads to sql inje…
- CVE-2025-7155CRITICALCVSS 9.8EG 7.32025-07-08
A vulnerability, which was classified as critical, was found in PHPGurukul Online Notes Sharing System 1.0. This affects an unknown part of the file /Dashboard of the component Cookie Handler. The manipulation of the argument sessionid lea…
- CVE-2025-7156MEDIUMCVSS 6.3EG 6.32025-07-08
A vulnerability has been found in hitsz-ids airda 0.0.3 and classified as critical. This vulnerability affects the function execute of the file /v1/chat/completions. The manipulation of the argument question leads to sql injection. The att…
- CVE-2025-7157CRITICALCVSS 9.8EG 7.32025-07-08
A vulnerability was found in code-projects Online Note Sharing 1.0. It has been classified as critical. Affected is an unknown function of the file /login.php. The manipulation of the argument username/password leads to sql injection. It i…
- CVE-2025-7158HIGHCVSS 8.8EG 6.32025-07-08
A vulnerability was found in PHPGurukul Zoo Management System 2.1. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/manage-normal-ticket.php. The manipulation of the argument I…
- CVE-2025-7159HIGHCVSS 8.8EG 6.32025-07-08
A vulnerability was found in PHPGurukul Zoo Management System 2.1. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/manage-animals.php. The manipulation of the argument ID leads to sql …
- CVE-2025-7160CRITICALCVSS 9.8EG 7.32025-07-08
A vulnerability classified as critical has been found in PHPGurukul Zoo Management System 2.1. This affects an unknown part of the file /admin/index.php. The manipulation of the argument Username leads to sql injection. It is possible to i…
- CVE-2025-7161HIGHCVSS 8.8EG 6.32025-07-08
A vulnerability classified as critical was found in PHPGurukul Zoo Management System 2.1. This vulnerability affects unknown code of the file /admin/add-normal-ticket.php. The manipulation of the argument cprice leads to sql injection. The…
- CVE-2025-7162HIGHCVSS 8.8EG 6.32025-07-08
A vulnerability, which was classified as critical, has been found in PHPGurukul Zoo Management System 2.1. This issue affects some unknown processing of the file /admin/add-foreigners-ticket.php. The manipulation of the argument cprice lea…
- CVE-2025-7163HIGHCVSS 8.8EG 6.32025-07-08
A vulnerability, which was classified as critical, was found in PHPGurukul Zoo Management System 2.1. Affected is an unknown function of the file /admin/add-animals.php. The manipulation of the argument cnum leads to sql injection. It is p…
- CVE-2025-7164CRITICALCVSS 9.8EG 7.32025-07-08
A vulnerability has been found in PHPGurukul/Campcodes Cyber Cafe Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /index.php. The manipulation of the argument Usernam…
- CVE-2025-7165CRITICALCVSS 9.8EG 7.32025-07-08
A vulnerability was found in PHPGurukul/Campcodes Cyber Cafe Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /forgot-password.php. The manipulation of the argument email le…
- CVE-2025-7166HIGHCVSS 8.8EG 6.32025-07-08
A vulnerability was found in code-projects Responsive Blog Site 1.0. It has been classified as critical. This affects an unknown part of the file /single.php. The manipulation of the argument ID leads to sql injection. It is possible to in…
- CVE-2025-7167HIGHCVSS 8.8EG 6.32025-07-08
A vulnerability was found in code-projects Responsive Blog Site 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /category.php. The manipulation of the argument ID leads to sql injection. The attac…
- CVE-2025-7168CRITICALCVSS 9.8EG 7.32025-07-08
A vulnerability was found in code-projects Crime Reporting System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /userlogin.php. The manipulation of the argument email leads to sql injection. The…
- CVE-2025-7169CRITICALCVSS 9.8EG 7.32025-07-08
A vulnerability classified as critical has been found in code-projects Crime Reporting System 1.0. Affected is an unknown function of the file /complainer_page.php. The manipulation of the argument location leads to sql injection. It is po…
- CVE-2025-7170CRITICALCVSS 9.8EG 7.32025-07-08
A vulnerability classified as critical was found in code-projects Crime Reporting System 1.0. Affected by this vulnerability is an unknown functionality of the file /registration.php. The manipulation of the argument Name leads to sql inje…
Map vulnerabilities like CWE-74 to your infrastructure
EchelonGraph correlates every CVE — across CWE-74 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →