CWE-74— Improper Neutralization of Special Elements in Output Used by a Downstream Component (Injection)
The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.— MITRE CWE catalog
5,096 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-74page 73 of 102
- CVE-2025-7584HIGHCVSS 8.8EG 6.32025-07-14
A vulnerability was found in PHPGurukul Online Fire Reporting System 1.2 and classified as critical. This issue affects some unknown processing of the file /admin/add-team.php. The manipulation of the argument teammember leads to sql injec…
- CVE-2025-7585HIGHCVSS 8.8EG 6.32025-07-14
A vulnerability was found in PHPGurukul Online Fire Reporting System 1.2. It has been classified as critical. Affected is an unknown function of the file /admin/manage-site.php. The manipulation of the argument webtitle leads to sql inject…
- CVE-2025-7587CRITICALCVSS 9.8EG 7.32025-07-14
A vulnerability was found in code-projects Online Appointment Booking System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /cover.php. The manipulation of the argument uname/psw leads …
- CVE-2025-7588HIGHCVSS 8.8EG 6.32025-07-14
A vulnerability classified as critical has been found in PHPGurukul Dairy Farm Shop Management System 1.3. This affects an unknown part of the file edit-product.php. The manipulation of the argument productname leads to sql injection. It i…
- CVE-2025-7589HIGHCVSS 8.8EG 6.32025-07-14
A vulnerability classified as critical was found in PHPGurukul Dairy Farm Shop Management System 1.3. This vulnerability affects unknown code of the file edit-company.php. The manipulation of the argument companyname leads to sql injection…
- CVE-2025-7590HIGHCVSS 8.8EG 6.32025-07-14
A vulnerability, which was classified as critical, has been found in PHPGurukul Dairy Farm Shop Management System 1.3. This issue affects some unknown processing of the file edit-category.php. The manipulation of the argument categorycode …
- CVE-2025-7591HIGHCVSS 8.8EG 6.32025-07-14
A vulnerability, which was classified as critical, was found in PHPGurukul Dairy Farm Shop Management System 1.3. Affected is an unknown function of the file view-invoice.php. The manipulation of the argument invid leads to sql injection. …
- CVE-2025-7592HIGHCVSS 8.8EG 6.32025-07-14
A vulnerability has been found in PHPGurukul Dairy Farm Shop Management System 1.3 and classified as critical. Affected by this vulnerability is an unknown functionality of the file invoices.php. The manipulation of the argument del leads …
- CVE-2025-7593CRITICALCVSS 9.8EG 7.32025-07-14
A vulnerability was found in code-projects Job Diary 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /view-all.php. The manipulation of the argument ID leads to sql injection. The attack may…
- CVE-2025-7594CRITICALCVSS 9.8EG 7.32025-07-14
A vulnerability was found in code-projects Job Diary 1.0. It has been classified as critical. This affects an unknown part of the file /view-emp.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate th…
- CVE-2025-7595CRITICALCVSS 9.8EG 7.32025-07-14
A vulnerability was found in code-projects Job Diary 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /view-cad.php. The manipulation of the argument ID leads to sql injection. The attack can be in…
- CVE-2025-7599HIGHCVSS 8.8EG 6.32025-07-14
A vulnerability, which was classified as critical, has been found in PHPGurukul Dairy Farm Shop Management System 1.3. Affected by this issue is some unknown functionality of the file /invoice.php. The manipulation of the argument del lead…
- CVE-2025-7600HIGHCVSS 8.8EG 6.32025-07-14
A vulnerability, which was classified as critical, was found in PHPGurukul Online Library Management System 3.0. This affects an unknown part of the file /admin/student-history.php. The manipulation of the argument stdid leads to sql injec…
- CVE-2025-7604CRITICALCVSS 9.8EG 7.32025-07-14
A vulnerability was found in PHPGurukul Hospital Management System 4.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /user-login.php. The manipulation of the argument Username lea…
- CVE-2025-7605CRITICALCVSS 9.8EG 7.32025-07-14
A vulnerability was found in code-projects AVL Rooms 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /profile.php. The manipulation of the argument first_name leads to sql injection. The…
- CVE-2025-7606CRITICALCVSS 9.8EG 7.32025-07-14
A vulnerability classified as critical has been found in code-projects AVL Rooms 1.0. This affects an unknown part of the file /city.php. The manipulation of the argument city leads to sql injection. It is possible to initiate the attack r…
- CVE-2025-7607CRITICALCVSS 9.8EG 7.32025-07-14
A vulnerability, which was classified as critical, has been found in code-projects Simple Shopping Cart 1.0. This issue affects some unknown processing of the file /Customers/save_order.php. The manipulation of the argument order_price lea…
- CVE-2025-7608CRITICALCVSS 9.8EG 7.32025-07-14
A vulnerability, which was classified as critical, was found in code-projects Simple Shopping Cart 1.0. Affected is an unknown function of the file /userlogin.php. The manipulation of the argument user_email leads to sql injection. It is p…
- CVE-2025-7609CRITICALCVSS 9.8EG 7.32025-07-14
A vulnerability has been found in code-projects Simple Shopping Cart 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /register.php. The manipulation of the argument ruser_email leads t…
- CVE-2025-7610CRITICALCVSS 9.8EG 7.32025-07-14
A vulnerability was found in code-projects Electricity Billing System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /user/change_password.php. The manipulation of the argument new_password…
- CVE-2025-7611CRITICALCVSS 9.8EG 7.32025-07-14
A vulnerability was found in code-projects Wedding Reservation 1.0. It has been classified as critical. This affects an unknown part of the file /global.php. The manipulation of the argument lu leads to sql injection. It is possible to ini…
- CVE-2025-7612CRITICALCVSS 9.8EG 7.32025-07-14
A vulnerability was found in code-projects Mobile Shop 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /login.php. The manipulation of the argument email leads to sql injection. The attack can be …
- CVE-2025-7613HIGHCVSS 8.8EG 6.32025-07-14
A vulnerability was found in TOTOLINK T6 4.1.5cu.748. It has been rated as critical. This issue affects the function CloudSrvVersionCheck of the file /cgi-bin/cstecgi.cgi of the component HTTP POST Request Handler. The manipulation of the …
- CVE-2025-7614HIGHCVSS 8.8EG 6.32025-07-14
A vulnerability classified as critical has been found in TOTOLINK T6 4.1.5cu.748. Affected is the function delDevice of the file /cgi-bin/cstecgi.cgi of the component HTTP POST Request Handler. The manipulation of the argument ipAddr leads…
- CVE-2025-7615HIGHCVSS 8.8EG 6.32025-07-14
A vulnerability classified as critical was found in TOTOLINK T6 4.1.5cu.748. Affected by this vulnerability is the function clearPairCfg of the file /cgi-bin/cstecgi.cgi of the component HTTP POST Request Handler. The manipulation of the a…
- CVE-2025-7749CRITICALCVSS 9.8EG 7.32025-07-17
A vulnerability, which was classified as critical, has been found in code-projects Online Appointment Booking System 1.0. This issue affects some unknown processing of the file /admin/getmanagerregion.php. The manipulation of the argument …
- CVE-2025-7750CRITICALCVSS 9.8EG 7.32025-07-17
A vulnerability, which was classified as critical, was found in code-projects Online Appointment Booking System 1.0. Affected is an unknown function of the file /admin/adddoctorclinic.php. The manipulation of the argument clinic leads to s…
- CVE-2025-7751CRITICALCVSS 9.8EG 7.32025-07-17
A vulnerability has been found in code-projects Online Appointment Booking System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/addclinic.php. The manipulation of the argument…
- CVE-2025-7752CRITICALCVSS 9.8EG 7.32025-07-17
A vulnerability was found in code-projects Online Appointment Booking System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/deletedoctor.php. The manipulation of the argument did lea…
- CVE-2025-7753CRITICALCVSS 9.8EG 7.32025-07-17
A vulnerability was found in code-projects Online Appointment Booking System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/adddoctor.php. The manipulation of the argument Username leads to sql inj…
- CVE-2025-7754HIGHCVSS 7.5EG 6.32025-07-17
A vulnerability was found in code-projects Patient Record Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /xray_form.php. The manipulation of the argument itr_no leads to sql inj…
- CVE-2025-7757CRITICALCVSS 9.8EG 7.32025-07-17
A vulnerability classified as critical was found in PHPGurukul Land Record System 1.0. Affected by this vulnerability is an unknown functionality of the file /edit-property.php. The manipulation of the argument editid leads to sql injectio…
- CVE-2025-7764CRITICALCVSS 9.8EG 7.32025-07-17
A vulnerability classified as critical has been found in code-projects Online Appointment Booking System 1.0. Affected is an unknown function of the file /admin/deletedoctorclinic.php. The manipulation of the argument clinic leads to sql i…
- CVE-2025-7765CRITICALCVSS 9.8EG 7.32025-07-17
A vulnerability classified as critical was found in code-projects Online Appointment Booking System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/addmanagerclinic.php. The manipulation of the argument c…
- CVE-2025-7798MEDIUMCVSS 6.3EG 6.32025-07-18
A vulnerability classified as critical has been found in Beijing Shenzhou Shihan Technology Multimedia Integrated Business Display System up to 8.2. This affects an unknown part of the file /admin/system/structure/getdirectorydata/web/base…
- CVE-2025-7801HIGHCVSS 7.3EG 7.32025-07-18
A vulnerability has been found in BossSoft CRM 6.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /crm/module/HNDCBas_customPrmSearchDtl.jsp. The manipulation of the argument cstid leads …
- CVE-2025-7814CRITICALCVSS 9.8EG 7.32025-07-18
A vulnerability classified as critical was found in code-projects Food Ordering Review System 1.0. This vulnerability affects unknown code of the file /pages/signup_function.php. The manipulation of the argument fname leads to sql injectio…
- CVE-2025-7829CRITICALCVSS 9.8EG 7.32025-07-19
A vulnerability was found in code-projects Church Donation System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /login.php. The manipulation of the argument Username leads to …
- CVE-2025-7830CRITICALCVSS 9.8EG 7.32025-07-19
A vulnerability was found in code-projects Church Donation System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /reg.php. The manipulation of the argument mobile leads to sql injection…
- CVE-2025-7831CRITICALCVSS 9.8EG 7.32025-07-19
A vulnerability classified as critical has been found in code-projects Church Donation System 1.0. This affects an unknown part of the file /members/Tithes.php. The manipulation of the argument trcode leads to sql injection. It is possible…
- CVE-2025-7832CRITICALCVSS 9.8EG 7.32025-07-19
A vulnerability classified as critical was found in code-projects Church Donation System 1.0. This vulnerability affects unknown code of the file /members/offering.php. The manipulation of the argument trcode leads to sql injection. The at…
- CVE-2025-7833CRITICALCVSS 9.8EG 7.32025-07-19
A vulnerability, which was classified as critical, has been found in code-projects Church Donation System 1.0. This issue affects some unknown processing of the file /members/giving.php. The manipulation of the argument Amount leads to sql…
- CVE-2025-7836HIGHCVSS 8.8EG 6.32025-07-19
A vulnerability has been found in D-Link DIR-816L up to 2.06B01 and classified as critical. Affected by this vulnerability is the function lxmldbc_system of the file /htdocs/cgibin of the component Environment Variable Handler. The manipul…
- CVE-2025-7838CRITICALCVSS 9.8EG 7.32025-07-19
A vulnerability has been found in Campcodes Online Movie Theater Seat Reservation System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/manage_seat.php. The manipulation of the argument ID leads …
- CVE-2025-7859CRITICALCVSS 9.8EG 7.32025-07-20
A vulnerability classified as critical was found in code-projects Church Donation System 1.0. This vulnerability affects unknown code of the file /members/update_password_admin.php. The manipulation of the argument new_password leads to sq…
- CVE-2025-7860CRITICALCVSS 9.8EG 7.32025-07-20
A vulnerability, which was classified as critical, has been found in code-projects Church Donation System 1.0. This issue affects some unknown processing of the file /members/login_admin.php. The manipulation of the argument Username leads…
- CVE-2025-7861CRITICALCVSS 9.8EG 7.32025-07-20
A vulnerability, which was classified as critical, was found in code-projects Church Donation System 1.0. Affected is an unknown function of the file /members/search.php. The manipulation of the argument Username leads to sql injection. It…
- CVE-2025-7873CRITICALCVSS 9.8EG 6.32025-07-20
A vulnerability was found in Metasoft 美特软件 MetaCRM up to 6.4.2. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file mcc_login.jsp. The manipulation of the argument workerid leads…
- CVE-2025-7883HIGHCVSS 7.8EG 7.82025-07-20
A vulnerability classified as critical has been found in Eluktronics Control Center 5.23.51.41. Affected is an unknown function of the file \AiStoneService\MyControlCenter\Command of the component Powershell Script Handler. The manipulatio…
- CVE-2025-7886HIGHCVSS 7.3EG 7.32025-07-20
A vulnerability, which was classified as critical, was found in pmTicket Project-Management-Software up to 2ef379da2075f4761a2c9029cf91d073474e7486. This affects the function getUserLanguage of the file classes/class.database.php. The mani…
Map vulnerabilities like CWE-74 to your infrastructure
EchelonGraph correlates every CVE — across CWE-74 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →