CWE-74— Improper Neutralization of Special Elements in Output Used by a Downstream Component (Injection)
The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.— MITRE CWE catalog
5,096 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-74page 75 of 102
- CVE-2025-8234CRITICALCVSS 9.8EG 7.32025-07-27
A vulnerability was found in code-projects Online Ordering System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/delete_member.php. The manipulation of the argument ID leads to sql i…
- CVE-2025-8235CRITICALCVSS 9.8EG 7.32025-07-27
A vulnerability was found in code-projects Online Ordering System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/product.php. The manipulation of the argument Name leads to sql injection. It is pos…
- CVE-2025-8236CRITICALCVSS 9.8EG 7.32025-07-27
A vulnerability was found in code-projects Online Ordering System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/edit_product.php. The manipulation of the argument Name leads to sql inject…
- CVE-2025-8237CRITICALCVSS 9.8EG 7.32025-07-27
A vulnerability was found in code-projects Exam Form Submission 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/update_s1.php. The manipulation of the argument credits leads to sql injectio…
- CVE-2025-8238CRITICALCVSS 9.8EG 7.32025-07-27
A vulnerability classified as critical has been found in code-projects Exam Form Submission 1.0. Affected is an unknown function of the file /admin/update_s2.php. The manipulation of the argument credits leads to sql injection. It is possi…
- CVE-2025-8239CRITICALCVSS 9.8EG 7.32025-07-27
A vulnerability classified as critical was found in code-projects Exam Form Submission 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/. The manipulation of the argument email leads to sql injection. The …
- CVE-2025-8240CRITICALCVSS 9.8EG 7.32025-07-27
A vulnerability, which was classified as critical, has been found in code-projects Exam Form Submission 1.0. Affected by this issue is some unknown functionality of the file /user/dashboard.php. The manipulation of the argument phone leads…
- CVE-2025-8241CRITICALCVSS 9.8EG 7.32025-07-27
A vulnerability, which was classified as critical, was found in 1000 Projects ABC Courier Management System 1.0. This affects an unknown part of the file /report.php. The manipulation of the argument From leads to sql injection. It is poss…
- CVE-2025-8247HIGHCVSS 8.8EG 6.32025-07-28
A vulnerability classified as critical has been found in Projectworlds Online Admission System 1.0. This affects an unknown part of the file /admin.php. The manipulation of the argument markof leads to sql injection. It is possible to init…
- CVE-2025-8248CRITICALCVSS 9.8EG 7.32025-07-28
A vulnerability classified as critical was found in code-projects Online Ordering System 1.0. This vulnerability affects unknown code of the file /signup.php. The manipulation of the argument firstname leads to sql injection. The attack ca…
- CVE-2025-8249CRITICALCVSS 9.8EG 7.32025-07-28
A vulnerability, which was classified as critical, has been found in code-projects Exam Form Submission 1.0. This issue affects some unknown processing of the file /admin/update_s3.php. The manipulation of the argument credits leads to sql…
- CVE-2025-8250CRITICALCVSS 9.8EG 7.32025-07-28
A vulnerability, which was classified as critical, was found in code-projects Exam Form Submission 1.0. Affected is an unknown function of the file /admin/update_s4.php. The manipulation of the argument credits leads to sql injection. It i…
- CVE-2025-8251CRITICALCVSS 9.8EG 7.32025-07-28
A vulnerability has been found in code-projects Exam Form Submission 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/delete_s4.php. The manipulation of the argument ID leads to …
- CVE-2025-8252CRITICALCVSS 9.8EG 7.32025-07-28
A vulnerability was found in code-projects Exam Form Submission 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/delete_s5.php. The manipulation of the argument ID leads to sql injecti…
- CVE-2025-8253CRITICALCVSS 9.8EG 7.32025-07-28
A vulnerability was found in code-projects Exam Form Submission 1.0. It has been classified as critical. This affects an unknown part of the file /admin/delete_s6.php. The manipulation of the argument ID leads to sql injection. It is possi…
- CVE-2025-8254CRITICALCVSS 9.8EG 6.32025-07-28
A vulnerability was found in Campcodes Courier Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /view_parcel.php. The manipulation of the argument ID leads to sql injection. The a…
- CVE-2025-8269CRITICALCVSS 9.8EG 7.32025-07-28
A vulnerability was found in code-projects Exam Form Submission 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/delete_s1.php. The manipulation of the argument ID leads to sql injecti…
- CVE-2025-8270CRITICALCVSS 9.8EG 7.32025-07-28
A vulnerability was found in code-projects Exam Form Submission 1.0. It has been classified as critical. This affects an unknown part of the file /admin/delete_s2.php. The manipulation of the argument ID leads to sql injection. It is possi…
- CVE-2025-8271CRITICALCVSS 9.8EG 7.32025-07-28
A vulnerability was found in code-projects Exam Form Submission 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/delete_s3.php. The manipulation of the argument ID leads to sql injection. Th…
- CVE-2025-8272CRITICALCVSS 9.8EG 7.32025-07-28
A vulnerability was found in code-projects Exam Form Submission 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/update_fst.php. The manipulation of the argument credits leads to sql injecti…
- CVE-2025-8273CRITICALCVSS 9.8EG 7.32025-07-28
A vulnerability classified as critical has been found in code-projects Exam Form Submission 1.0. Affected is an unknown function of the file /admin/update_s8.php. The manipulation of the argument credits leads to sql injection. It is possi…
- CVE-2025-8274CRITICALCVSS 9.8EG 7.32025-07-28
A vulnerability classified as critical was found in Campcodes Online Recruitment Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/ajax.php?action=save_recruitment_status. The manipulation…
- CVE-2025-8276CRITICALCVSS 9.8EG 10.02025-09-16
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting'), Improper Encoding or Escaping of Output, Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulner…
- CVE-2025-8326CRITICALCVSS 9.8EG 7.32025-07-30
A vulnerability classified as critical has been found in code-projects Exam Form Submission 1.0. Affected is an unknown function of the file /admin/delete_s7.php. The manipulation of the argument ID leads to sql injection. It is possible t…
- CVE-2025-8327CRITICALCVSS 9.8EG 7.32025-07-30
A vulnerability classified as critical was found in code-projects Exam Form Submission 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/delete_s8.php. The manipulation of the argument ID leads to sql injec…
- CVE-2025-8328CRITICALCVSS 9.8EG 7.32025-07-30
A vulnerability, which was classified as critical, has been found in code-projects Exam Form Submission 1.0. Affected by this issue is some unknown functionality of the file /register.php. The manipulation of the argument USN leads to sql …
- CVE-2025-8329CRITICALCVSS 9.8EG 7.32025-07-30
A vulnerability, which was classified as critical, was found in code-projects Vehicle Management 1.0. This affects an unknown part of the file /filter3.php. The manipulation of the argument company leads to sql injection. It is possible to…
- CVE-2025-8330CRITICALCVSS 9.8EG 7.32025-07-30
A vulnerability has been found in code-projects Vehicle Management 1.0 and classified as critical. This vulnerability affects unknown code of the file /edit1.php. The manipulation of the argument sno leads to sql injection. The attack can …
- CVE-2025-8331CRITICALCVSS 9.8EG 7.32025-07-30
A vulnerability was found in code-projects Online Farm System 1.0 and classified as critical. This issue affects some unknown processing of the file /forgot_pass.php. The manipulation of the argument email leads to sql injection. The attac…
- CVE-2025-8332CRITICALCVSS 9.8EG 7.32025-07-30
A vulnerability was found in code-projects Online Farm System 1.0. It has been classified as critical. Affected is an unknown function of the file /register.php. The manipulation of the argument Username leads to sql injection. It is possi…
- CVE-2025-8333CRITICALCVSS 9.8EG 7.32025-07-30
A vulnerability was found in code-projects Online Farm System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /categoryvalue.php. The manipulation of the argument Value leads to…
- CVE-2025-8334CRITICALCVSS 9.8EG 7.32025-07-30
A vulnerability was found in Campcodes Online Recruitment Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/ajax.php?action=delete_recruitment_status. The manipula…
- CVE-2025-8336CRITICALCVSS 9.8EG 7.32025-07-30
A vulnerability classified as critical was found in Campcodes Online Recruitment Management System 1.0. This vulnerability affects unknown code of the file /admin/ajax.php?action=save_user. The manipulation of the argument ID leads to sql …
- CVE-2025-8338CRITICALCVSS 9.8EG 7.32025-07-31
A vulnerability was found in projectworlds Online Admission System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /adminac.php. The manipulation of the argument ID leads to sql injection. T…
- CVE-2025-8339CRITICALCVSS 9.8EG 7.32025-07-31
A vulnerability was found in code-projects Intern Membership Management System 1.0. It has been classified as critical. This affects an unknown part of the file /student_login.php. The manipulation of the argument user_name/password leads …
- CVE-2025-8345CRITICALCVSS 9.8EG 6.32025-07-31
A vulnerability classified as critical was found in Shanghai Lingdang Information Technology Lingdang CRM up to 8.6.4.7. Affected by this vulnerability is the function delete_user of the file crm/WeiXinApp/yunzhijia/yunzhijiaApi.php. The m…
- CVE-2025-8347MEDIUMCVSS 6.5EG 6.32025-07-31
A vulnerability, which was classified as critical, was found in Kehua Charging Pile Cloud Platform 1.0. This affects an unknown part of the file /sys/task/findAllTask. The manipulation leads to sql injection. It is possible to initiate the…
- CVE-2025-8371CRITICALCVSS 9.8EG 7.32025-07-31
A vulnerability has been found in code-projects Exam Form Submission 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/update_s5.php. The manipulation of the argument credits lead…
- CVE-2025-8372CRITICALCVSS 9.8EG 7.32025-07-31
A vulnerability was found in code-projects Exam Form Submission 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/update_s7.php. The manipulation of the argument credits leads to sql in…
- CVE-2025-8373CRITICALCVSS 9.8EG 7.32025-07-31
A vulnerability was found in code-projects Vehicle Management 1.0. It has been classified as critical. This affects an unknown part of the file /print.php. The manipulation of the argument sno leads to sql injection. It is possible to init…
- CVE-2025-8374CRITICALCVSS 9.8EG 7.32025-07-31
A vulnerability was found in code-projects Vehicle Management 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /addcompany.php. The manipulation of the argument company leads to sql injection. The …
- CVE-2025-8375CRITICALCVSS 9.8EG 7.32025-07-31
A vulnerability was found in code-projects Vehicle Management 1.0. It has been rated as critical. This issue affects some unknown processing of the file /addvehicle.php. The manipulation of the argument vehicle leads to sql injection. The …
- CVE-2025-8376CRITICALCVSS 9.8EG 7.32025-07-31
A vulnerability classified as critical has been found in code-projects Vehicle Management 1.0. Affected is an unknown function of the file /updatebal.php. The manipulation of the argument company leads to sql injection. It is possible to l…
- CVE-2025-8378CRITICALCVSS 9.8EG 7.32025-07-31
A vulnerability was found in Campcodes Online Hotel Reservation System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/index.php of the component Login. The manipulation of the ar…
- CVE-2025-8381HIGHCVSS 8.8EG 6.32025-07-31
A vulnerability, which was classified as critical, has been found in Campcodes Online Hotel Reservation System 1.0. This issue affects some unknown processing of the file /add_reserve.php. The manipulation of the argument room_id leads to …
- CVE-2025-8382HIGHCVSS 8.8EG 6.32025-07-31
A vulnerability, which was classified as critical, was found in Campcodes Online Hotel Reservation System 1.0. Affected is an unknown function of the file /admin/edit_room.php. The manipulation of the argument room_id leads to sql injectio…
- CVE-2025-8407CRITICALCVSS 9.8EG 7.32025-07-31
A vulnerability, which was classified as critical, has been found in code-projects Vehicle Management 1.0. This issue affects some unknown processing of the file /filter2.php. The manipulation of the argument from leads to sql injection. T…
- CVE-2025-8408CRITICALCVSS 9.8EG 7.32025-07-31
A vulnerability, which was classified as critical, was found in code-projects Vehicle Management 1.0. Affected is an unknown function of the file /filter1.php. The manipulation of the argument vehicle leads to sql injection. It is possible…
- CVE-2025-8409CRITICALCVSS 9.8EG 7.32025-07-31
A vulnerability has been found in code-projects Vehicle Management 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /filter.php. The manipulation of the argument from leads to sql injec…
- CVE-2025-8431CRITICALCVSS 9.8EG 7.32025-08-01
A vulnerability has been found in PHPGurukul Boat Booking System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/add-boat.php. The manipulation of the argument boatname leads to sql injection. The…
Map vulnerabilities like CWE-74 to your infrastructure
EchelonGraph correlates every CVE — across CWE-74 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →