CWE-74— Improper Neutralization of Special Elements in Output Used by a Downstream Component (Injection)
The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.— MITRE CWE catalog
5,096 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-74page 76 of 102
- CVE-2025-8436CRITICALCVSS 9.8EG 7.32025-08-01
A vulnerability was found in projectworlds Online Admission System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /viewdoc.php. The manipulation of the argument ID leads to sql injectio…
- CVE-2025-8437CRITICALCVSS 9.8EG 7.32025-08-01
A vulnerability classified as critical has been found in code-projects Kitchen Treasure 1.0. This affects an unknown part of the file /userregistration.php. The manipulation of the argument email leads to sql injection. It is possible to i…
- CVE-2025-8438CRITICALCVSS 9.8EG 7.32025-08-01
A vulnerability classified as critical was found in code-projects Wazifa System 1.0. This vulnerability affects unknown code of the file /controllers/postpublish.php. The manipulation of the argument post leads to sql injection. The attack…
- CVE-2025-8439CRITICALCVSS 9.8EG 7.32025-08-01
A vulnerability, which was classified as critical, has been found in code-projects Wazifa System 1.0. This issue affects some unknown processing of the file /controllers/updatesettings.php. The manipulation of the argument Password leads t…
- CVE-2025-8441CRITICALCVSS 9.8EG 7.32025-08-01
A vulnerability, which was classified as critical, was found in code-projects Online Medicine Guide 1.0. Affected is an unknown function of the file /pharsignup.php. The manipulation of the argument phuname leads to sql injection. It is po…
- CVE-2025-8442CRITICALCVSS 9.8EG 7.32025-08-01
A vulnerability has been found in code-projects Online Medicine Guide 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /cussignup.php. The manipulation of the argument uname leads to sq…
- CVE-2025-8443CRITICALCVSS 9.8EG 7.32025-08-01
A vulnerability was found in code-projects Online Medicine Guide 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /login.php. The manipulation of the argument uname leads to sql injection. Th…
- CVE-2025-8466CRITICALCVSS 9.8EG 7.32025-08-02
A vulnerability was found in code-projects Online Farm System 1.0. It has been classified as critical. Affected is an unknown function of the file /forgot_passfarmer.php. The manipulation of the argument email leads to sql injection. It is…
- CVE-2025-8467CRITICALCVSS 9.8EG 7.32025-08-02
A vulnerability was found in code-projects Wazifa System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /controllers/regcontrol.php. The manipulation of the argument Username l…
- CVE-2025-8468CRITICALCVSS 9.8EG 7.32025-08-02
A vulnerability was found in code-projects Wazifa System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /controllers/reset.php. The manipulation of the argument email leads to sql injec…
- CVE-2025-8469CRITICALCVSS 9.8EG 7.32025-08-02
A vulnerability classified as critical has been found in SourceCodester Online Hotel Reservation System 1.0. This affects an unknown part of the file /admin/deletegallery.php. The manipulation of the argument ID leads to sql injection. It …
- CVE-2025-8470CRITICALCVSS 9.8EG 7.32025-08-02
A vulnerability classified as critical was found in SourceCodester Online Hotel Reservation System 1.0. This vulnerability affects unknown code of the file /admin/deleteroom.php. The manipulation of the argument ID leads to sql injection. …
- CVE-2025-8471CRITICALCVSS 9.8EG 7.32025-08-02
A vulnerability, which was classified as critical, has been found in projectworlds Online Admission System 1.0. This issue affects some unknown processing of the file /adminlogin.php. The manipulation of the argument a_id leads to sql inje…
- CVE-2025-8493CRITICALCVSS 9.8EG 7.32025-08-02
A vulnerability classified as critical was found in code-projects Intern Membership Management System 1.0. This vulnerability affects unknown code of the file /admin/edit_student_query.php. The manipulation of the argument ID leads to sql …
- CVE-2025-8494CRITICALCVSS 9.8EG 7.32025-08-03
A vulnerability, which was classified as critical, has been found in code-projects Intern Membership Management System 1.0. This issue affects some unknown processing of the file /admin/delete_student.php. The manipulation of the argument …
- CVE-2025-8495CRITICALCVSS 9.8EG 7.32025-08-03
A vulnerability, which was classified as critical, was found in code-projects Intern Membership Management System 1.0. Affected is an unknown function of the file /admin/edit_admin_query.php. The manipulation of the argument Username leads…
- CVE-2025-8496CRITICALCVSS 9.8EG 7.32025-08-03
A vulnerability has been found in projectworlds Online Admission System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /viewform.php. The manipulation of the argument ID leads to sql …
- CVE-2025-8497CRITICALCVSS 9.8EG 7.32025-08-03
A weakness has been identified in code-projects Online Medicine Guide 1.0. This affects an unknown part of the file /cusfindphar2.php. This manipulation of the argument Search causes sql injection. Remote exploitation of the attack is poss…
- CVE-2025-8498CRITICALCVSS 9.8EG 7.32025-08-03
A security vulnerability has been detected in code-projects Online Medicine Guide 1.0. This vulnerability affects unknown code of the file /cart/index.php. Such manipulation of the argument uname leads to sql injection. The attack can be e…
- CVE-2025-8499CRITICALCVSS 9.8EG 7.32025-08-03
A vulnerability was found in code-projects Online Medicine Guide 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /cusfindambulence2.php. The manipulation of the argument Search leads to sql inject…
- CVE-2025-8500HIGHCVSS 8.8EG 6.32025-08-03
A vulnerability was found in code-projects Human Resource Integrated System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /insert-and-view/action.php. The manipulation of the argument content le…
- CVE-2025-8502CRITICALCVSS 9.8EG 7.32025-08-03
A vulnerability classified as critical was found in code-projects Online Medicine Guide 1.0. Affected by this vulnerability is an unknown functionality of the file /changepass.php. The manipulation of the argument ups leads to sql injectio…
- CVE-2025-8503CRITICALCVSS 9.8EG 7.32025-08-03
A vulnerability, which was classified as critical, has been found in code-projects Online Medicine Guide 1.0. Affected by this issue is some unknown functionality of the file /adaddmed.php. The manipulation of the argument mname leads to s…
- CVE-2025-8518HIGHCVSS 7.2EG 4.72025-08-04
A vulnerability was found in givanz Vvveb 1.0.5. It has been rated as critical. Affected by this issue is the function Save of the file admin/controller/editor/code.php of the component Code Editor. The manipulation leads to code injection…
- CVE-2025-8701HIGHCVSS 8.8EG 6.32025-08-07
A vulnerability was found in Wanzhou WOES Intelligent Optimization Energy Saving System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /OL_OprationLog/GetPageList. The manipulation of t…
- CVE-2025-8702HIGHCVSS 8.8EG 6.32025-08-08
A vulnerability classified as critical has been found in Wanzhou WOES Intelligent Optimization Energy Saving System 1.0. This affects an unknown part of the file /CommonSolution/GetVariableByOneIDNew of the component Historical Data Query …
- CVE-2025-8703HIGHCVSS 8.8EG 6.32025-08-08
A vulnerability classified as critical was found in Wanzhou WOES Intelligent Optimization Energy Saving System 1.0. This vulnerability affects unknown code of the file /WEAS_HomePage/GetAreaTrendChartData of the component Environmental Rea…
- CVE-2025-8704HIGHCVSS 8.8EG 6.32025-08-08
A vulnerability, which was classified as critical, has been found in Wanzhou WOES Intelligent Optimization Energy Saving System 1.0. This issue affects some unknown processing of the file /WEAS_AlarmResult/GetAlarmResultProcessList of the …
- CVE-2025-8705HIGHCVSS 8.8EG 6.32025-08-08
A vulnerability, which was classified as critical, was found in Wanzhou WOES Intelligent Optimization Energy Saving System 1.0. Affected is an unknown function of the file /WEAS_HomePage/GetTargetConfig of the component Energy Overview Mod…
- CVE-2025-8706HIGHCVSS 8.8EG 6.32025-08-08
A vulnerability has been found in Wanzhou WOES Intelligent Optimization Energy Saving System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /CommonSolution/CreateFunctionLog of the co…
- CVE-2025-8744HIGHCVSS 7.3EG 7.32025-08-09
A vulnerability classified as critical was found in CesiumLab Web up to 4.0. This vulnerability affects unknown code of the file /lodmodels/. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely.…
- CVE-2025-8752CRITICALCVSS 9.8EG 7.32025-08-09
A vulnerability was found in wangzhixuan spring-shiro-training up to 94812c1fd8f7fe796c931f4984ff1aa0671ab562. It has been declared as critical. This vulnerability affects unknown code of the file /role/add. The manipulation leads to comma…
- CVE-2025-8773CRITICALCVSS 9.8EG 7.32025-08-09
A vulnerability, which was classified as critical, was found in Dinstar Monitoring Platform 甘肃省危险品库监控平台 1.0. Affected is an unknown function of the file /itc/$%7BappPath%7D/login_getPasswordErrorNum.action. The manipu…
- CVE-2025-8806CRITICALCVSS 9.8EG 6.32025-08-10
A vulnerability was found in zhilink 智互联(深圳)科技有限公司 ADP Application Developer Platform 应用开发者平台 1.0.0. It has been classified as critical. This affects an unknown part of the file /adpweb/a/sys/office/tree…
- CVE-2025-8808MEDIUMCVSS 4.3EG 4.32025-08-10
A vulnerability was found in xujeff tianti 天梯 up to 2.3. It has been rated as problematic. This issue affects the function exportOrder of the file /tianti-module-admin/user/ajax/save of the component com.jeff.tianti.controller. The man…
- CVE-2025-8809CRITICALCVSS 9.8EG 7.32025-08-10
A vulnerability classified as critical has been found in code-projects Online Medicine Guide 1.0. Affected is an unknown function of the file /addelidetails.php. The manipulation of the argument del leads to sql injection. It is possible t…
- CVE-2025-8811CRITICALCVSS 9.8EG 7.32025-08-10
A vulnerability, which was classified as critical, has been found in code-projects Simple Art Gallery 1.0. Affected by this issue is some unknown functionality of the file /Admin/registration.php. The manipulation of the argument fname lea…
- CVE-2025-8908CRITICALCVSS 9.8EG 6.32025-08-13
A vulnerability was determined in Shanghai Lingdang Information Technology Lingdang CRM up to 8.6.5.4. Affected by this issue is some unknown functionality of the file crm/WeiXinApp/yunzhijia/event.php. The manipulation of the argument ope…
- CVE-2025-8921CRITICALCVSS 9.8EG 7.32025-08-13
A vulnerability has been found in code-projects Job Diary 1.0. Affected by this issue is some unknown functionality of the file /user-apply.php. The manipulation of the argument job_title leads to sql injection. The attack may be launched …
- CVE-2025-8922CRITICALCVSS 9.8EG 7.32025-08-13
A vulnerability was found in code-projects Job Diary 1.0. This affects an unknown part of the file /admin-inbox.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit ha…
- CVE-2025-8923CRITICALCVSS 9.8EG 7.32025-08-13
A vulnerability was determined in code-projects Job Diary 1.0. This vulnerability affects unknown code of the file /edit-details.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exp…
- CVE-2025-8924CRITICALCVSS 9.8EG 7.32025-08-13
A vulnerability was identified in Campcodes Online Water Billing System 1.0. This issue affects some unknown processing of the file /viewbill.php. The manipulation of the argument ID leads to sql injection. The attack may be initiated remo…
- CVE-2025-8925CRITICALCVSS 9.8EG 7.32025-08-13
A vulnerability has been found in itsourcecode Sports Management System 1.0. Affected is an unknown function of the file /Admin/match.php. The manipulation of the argument code leads to sql injection. It is possible to launch the attack re…
- CVE-2025-8926CRITICALCVSS 9.8EG 7.32025-08-13
A vulnerability was found in SourceCodester COVID 19 Testing Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /login.php. The manipulation of the argument Username leads to sql injection. The at…
- CVE-2025-8928HIGHCVSS 8.8EG 6.32025-08-13
A vulnerability was identified in code-projects Medical Store Management System 1.0. This affects an unknown part of the file UpdateMedicines.java of the component Update Medicines Page. The manipulation of the argument productNameTxt lead…
- CVE-2025-8929HIGHCVSS 8.8EG 6.32025-08-13
A vulnerability has been found in code-projects Medical Store Management System 1.0. This vulnerability affects unknown code of the file MainPanel.java. The manipulation of the argument searchTxt leads to sql injection. The attack can be i…
- CVE-2025-8930HIGHCVSS 8.8EG 6.32025-08-14
A vulnerability was found in code-projects Medical Store Management System 1.0. This issue affects some unknown processing of the file UpdateCompany.java of the component Update Company Page. The manipulation of the argument companyNameTxt…
- CVE-2025-8931HIGHCVSS 8.8EG 6.32025-08-14
A vulnerability was determined in code-projects Medical Store Management System 1.0. Affected is an unknown function of the file ChangePassword.java. The manipulation of the argument newPassTxt leads to sql injection. It is possible to lau…
- CVE-2025-8932CRITICALCVSS 9.8EG 7.32025-08-14
A vulnerability was determined in 1000 Projects Sales Management System 1.0. This vulnerability affects unknown code of the file /superstore/admin/sales.php. The manipulation of the argument ssalescat leads to sql injection. The attack can…
- CVE-2025-8935CRITICALCVSS 9.8EG 7.32025-08-14
A vulnerability was found in 1000 Projects Sales Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /superstore/custcmp.php. The manipulation of the argument Username leads to sql injection. The a…
Map vulnerabilities like CWE-74 to your infrastructure
EchelonGraph correlates every CVE — across CWE-74 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →