CWE-74— Improper Neutralization of Special Elements in Output Used by a Downstream Component (Injection)
The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.— MITRE CWE catalog
5,096 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-74page 71 of 102
- CVE-2025-7171CRITICALCVSS 9.8EG 7.32025-07-08
A vulnerability, which was classified as critical, has been found in code-projects Crime Reporting System 1.0. Affected by this issue is some unknown functionality of the file /policelogin.php. The manipulation of the argument email leads …
- CVE-2025-7172CRITICALCVSS 9.8EG 7.32025-07-08
A vulnerability, which was classified as critical, was found in code-projects Crime Reporting System 1.0. This affects an unknown part of the file /headlogin.php. The manipulation of the argument email leads to sql injection. It is possibl…
- CVE-2025-7173CRITICALCVSS 9.8EG 7.32025-07-08
A vulnerability has been found in code-projects Library System 1.0 and classified as critical. This vulnerability affects unknown code of the file /add-student.php. The manipulation of the argument Username leads to sql injection. The atta…
- CVE-2025-7174CRITICALCVSS 9.8EG 7.32025-07-08
A vulnerability was found in code-projects Library System 1.0 and classified as critical. This issue affects some unknown processing of the file /teacher-issue-book.php. The manipulation of the argument idn leads to sql injection. The atta…
- CVE-2025-7176CRITICALCVSS 9.8EG 7.32025-07-08
A vulnerability was found in PHPGurukul Hospital Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file view-medhistory.php. The manipulation of the argument viewid l…
- CVE-2025-7177HIGHCVSS 7.2EG 4.72025-07-08
A vulnerability was found in PHPGurukul Car Washing Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/editcar-washpoint.php. The manipulation of the argument wpid …
- CVE-2025-7178CRITICALCVSS 9.8EG 7.32025-07-08
A vulnerability classified as critical has been found in code-projects Food Distributor Site 1.0. This affects an unknown part of the file /admin/login.php. The manipulation of the argument Username leads to sql injection. It is possible t…
- CVE-2025-7179CRITICALCVSS 9.8EG 7.32025-07-08
A vulnerability classified as critical was found in code-projects Library System 1.0. This vulnerability affects unknown code of the file /add-teacher.php. The manipulation of the argument Username leads to sql injection. The attack can be…
- CVE-2025-7180CRITICALCVSS 9.8EG 7.32025-07-08
A vulnerability, which was classified as critical, has been found in code-projects Staff Audit System 1.0. This issue affects some unknown processing of the file /login.php. The manipulation of the argument User leads to sql injection. The…
- CVE-2025-7183CRITICALCVSS 9.8EG 7.32025-07-08
A vulnerability was found in Campcodes Sales and Inventory System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /pages/customer_account.php. The manipulation of the argument Customer leads…
- CVE-2025-7184CRITICALCVSS 9.8EG 7.32025-07-08
A vulnerability was found in code-projects Library System 1.0. It has been classified as critical. This affects an unknown part of the file /user/teacher/books.php. The manipulation of the argument Search leads to sql injection. It is poss…
- CVE-2025-7185CRITICALCVSS 9.8EG 7.32025-07-08
A vulnerability was found in code-projects Library System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /approve.php. The manipulation of the argument ID leads to sql injection. The attack can b…
- CVE-2025-7186HIGHCVSS 8.8EG 6.32025-07-08
A vulnerability was found in code-projects Chat System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /user/fetch_chat.php. The manipulation of the argument ID leads to sql injection. The attack …
- CVE-2025-7187HIGHCVSS 8.8EG 6.32025-07-08
A vulnerability classified as critical has been found in code-projects Chat System 1.0. Affected is an unknown function of the file /user/fetch_member.php. The manipulation of the argument ID leads to sql injection. It is possible to launc…
- CVE-2025-7188HIGHCVSS 8.8EG 6.32025-07-08
A vulnerability classified as critical was found in code-projects Chat System 1.0. Affected by this vulnerability is an unknown functionality of the file /user/addmember.php. The manipulation of the argument ID leads to sql injection. The …
- CVE-2025-7189HIGHCVSS 8.8EG 6.32025-07-08
A vulnerability, which was classified as critical, has been found in code-projects Chat System 1.0. Affected by this issue is some unknown functionality of the file /user/send_message.php. The manipulation of the argument msg leads to sql …
- CVE-2025-7191CRITICALCVSS 9.8EG 7.32025-07-08
A vulnerability has been found in code-projects Student Enrollment System 1.0 and classified as critical. This vulnerability affects unknown code of the file /login.php. The manipulation of the argument Username leads to sql injection. The…
- CVE-2025-7192HIGHCVSS 8.8EG 6.32025-07-08
A vulnerability was found in D-Link DIR-645 up to 1.05B01 and classified as critical. This issue affects the function ssdpcgi_main of the file /htdocs/cgibin of the component ssdpcgi. The manipulation leads to command injection. The attack…
- CVE-2025-7193CRITICALCVSS 9.8EG 7.32025-07-08
A vulnerability was found in itsourcecode Agri-Trading Online Shopping System up to 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/suppliercontroller.php. The manipulation of the argument suppli…
- CVE-2025-7196CRITICALCVSS 9.8EG 7.32025-07-08
A vulnerability was found in code-projects Jonnys Liquor 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /browse.php. The manipulation of the argument Search leads to sql injection. The …
- CVE-2025-7197CRITICALCVSS 9.8EG 7.32025-07-08
A vulnerability classified as critical has been found in code-projects Jonnys Liquor 1.0. This affects an unknown part of the file /admin/delete-row.php. The manipulation of the argument ID leads to sql injection. It is possible to initiat…
- CVE-2025-7198CRITICALCVSS 9.8EG 7.32025-07-08
A vulnerability classified as critical was found in code-projects Jonnys Liquor 1.0. This vulnerability affects unknown code of the file /admin/admin-area.php. The manipulation of the argument drink leads to sql injection. The attack can b…
- CVE-2025-7199CRITICALCVSS 9.8EG 7.32025-07-08
A vulnerability, which was classified as critical, has been found in code-projects Library System 1.0. This issue affects some unknown processing of the file /notapprove.php. The manipulation of the argument ID leads to sql injection. The …
- CVE-2025-7200CRITICALCVSS 9.8EG 6.32025-07-08
A vulnerability, which was classified as critical, was found in krishna9772 Pharmacy Management System up to a2efc8442931ec9308f3b4cf4778e5701153f4e5. Affected is an unknown function of the file quantity_upd.php. The manipulation of the ar…
- CVE-2025-7211CRITICALCVSS 9.8EG 7.32025-07-09
A vulnerability was found in code-projects LifeStyle Store 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /cart_add.php. The manipulation of the argument ID leads to sql injection. The attack can…
- CVE-2025-7212HIGHCVSS 8.8EG 6.32025-07-09
A vulnerability was found in itsourcecode Insurance Management System up to 1.0. It has been rated as critical. This issue affects some unknown processing of the file /insertAgent.php. The manipulation of the argument agent_id leads to sql…
- CVE-2025-7217CRITICALCVSS 9.8EG 7.32025-07-09
A vulnerability has been found in Campcodes Payroll Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /ajax.php?action=save_position. The manipulation of the argument ID leads to sql inje…
- CVE-2025-7218CRITICALCVSS 9.8EG 7.32025-07-09
A vulnerability was found in Campcodes Payroll Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /ajax.php?action=delete_position. The manipulation of the argument ID leads to sql inje…
- CVE-2025-7219CRITICALCVSS 9.8EG 7.32025-07-09
A vulnerability was found in Campcodes Payroll Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /ajax.php?action=delete_allowances. The manipulation of the argument ID leads to sql inje…
- CVE-2025-7220CRITICALCVSS 9.8EG 7.32025-07-09
A vulnerability was found in Campcodes Payroll Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /ajax.php?action=save_deductions. The manipulation of the argume…
- CVE-2025-7350HIGHCVSS 8.6EG 8.62025-09-09
A security issue affecting multiple Cisco devices also directly impacts Stratix® 5410, 5700, and 8000 devices. This can lead to remote code execution by uploading and running malicious configurations without authentication.
- CVE-2025-7409CRITICALCVSS 9.8EG 7.32025-07-10
A vulnerability was found in code-projects Mobile Shop 1.0 and classified as critical. This issue affects some unknown processing of the file /LoginAsAdmin.php. The manipulation of the argument email leads to sql injection. The attack may …
- CVE-2025-7410CRITICALCVSS 9.8EG 7.32025-07-10
A vulnerability was found in code-projects LifeStyle Store 1.0. It has been classified as critical. Affected is an unknown function of the file /cart_remove.php. The manipulation of the argument ID leads to sql injection. It is possible to…
- CVE-2025-7411CRITICALCVSS 9.8EG 7.32025-07-10
A vulnerability was found in code-projects LifeStyle Store 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /success.php. The manipulation of the argument ID leads to sql injecti…
- CVE-2025-7415HIGHCVSS 8.8EG 6.32025-07-10
A vulnerability, which was classified as critical, has been found in Tenda O3V2 1.0.0.12(3880). This issue affects the function fromTraceroutGet of the file /goform/getTraceroute of the component httpd. The manipulation of the argument des…
- CVE-2025-7436CRITICALCVSS 9.8EG 7.32025-07-11
A vulnerability was found in Campcodes Online Recruitment Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/ajax.php?action=delete_vacancy. The manipulation of the argument …
- CVE-2025-7454CRITICALCVSS 9.8EG 7.32025-07-11
A vulnerability classified as critical has been found in Campcodes Online Movie Theater Seat Reservation System 1.0. Affected is an unknown function of the file /admin/manage_theater.php. The manipulation of the argument ID leads to sql in…
- CVE-2025-7455CRITICALCVSS 9.8EG 7.32025-07-11
A vulnerability classified as critical was found in Campcodes Online Movie Theater Seat Reservation System 1.0. Affected by this vulnerability is an unknown functionality of the file /manage_reserve.php. The manipulation of the argument mi…
- CVE-2025-7456CRITICALCVSS 9.8EG 7.32025-07-11
A vulnerability, which was classified as critical, has been found in Campcodes Online Movie Theater Seat Reservation System 1.0. Affected by this issue is some unknown functionality of the file /reserve.php. The manipulation of the argumen…
- CVE-2025-7457CRITICALCVSS 9.8EG 7.32025-07-11
A vulnerability, which was classified as critical, was found in Campcodes Online Movie Theater Seat Reservation System 1.0. This affects an unknown part of the file /admin/manage_movie.php. The manipulation of the argument ID leads to sql …
- CVE-2025-7459CRITICALCVSS 9.8EG 7.32025-07-11
A vulnerability classified as critical was found in code-projects Mobile Shop 1.0. This vulnerability affects unknown code of the file /EditMobile.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated…
- CVE-2025-7461CRITICALCVSS 9.8EG 7.32025-07-12
A vulnerability was found in code-projects Modern Bag 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /action.php. The manipulation of the argument proId leads to sql injection. The attack m…
- CVE-2025-7466CRITICALCVSS 9.8EG 7.32025-07-12
A vulnerability, which was classified as critical, has been found in 1000projects ABC Courier Management 1.0. Affected by this issue is some unknown functionality of the file /add_dealerrequest.php. The manipulation of the argument Name le…
- CVE-2025-7467CRITICALCVSS 9.8EG 7.32025-07-12
A vulnerability, which was classified as critical, was found in code-projects Modern Bag 1.0. This affects an unknown part of the file /product-detail.php. The manipulation of the argument ID leads to sql injection. It is possible to initi…
- CVE-2025-7469CRITICALCVSS 9.8EG 7.32025-07-12
A vulnerability was found in Campcodes Sales and Inventory System 1.0 and classified as critical. This issue affects some unknown processing of the file /pages/product_add.php. The manipulation of the argument prod_name leads to sql inject…
- CVE-2025-7471CRITICALCVSS 9.8EG 7.32025-07-12
A vulnerability was found in code-projects Modern Bag 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/login-back.php. The manipulation of the argument user-name leads to …
- CVE-2025-7474CRITICALCVSS 9.8EG 7.32025-07-12
A vulnerability was found in code-projects Job Diary 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /search.php. The manipulation of the argument Search leads to sql injection. The atta…
- CVE-2025-7475CRITICALCVSS 9.8EG 7.32025-07-12
A vulnerability classified as critical has been found in code-projects Simple Car Rental System 1.0. This affects an unknown part of the file /pay.php. The manipulation of the argument mpesa leads to sql injection. It is possible to initia…
- CVE-2025-7476CRITICALCVSS 9.8EG 7.32025-07-12
A vulnerability classified as critical was found in code-projects Simple Car Rental System 1.0. This vulnerability affects unknown code of the file /admin/approve.php. The manipulation of the argument ID leads to sql injection. The attack …
- CVE-2025-7478CRITICALCVSS 9.8EG 7.32025-07-12
A vulnerability, which was classified as critical, was found in code-projects Modern Bag 1.0. Affected is an unknown function of the file /admin/category-list.php. The manipulation of the argument idCate leads to sql injection. It is possi…
Map vulnerabilities like CWE-74 to your infrastructure
EchelonGraph correlates every CVE — across CWE-74 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →