CWE-74— Improper Neutralization of Special Elements in Output Used by a Downstream Component (Injection)
The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.— MITRE CWE catalog
5,096 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-74page 77 of 102
- CVE-2025-8936CRITICALCVSS 9.8EG 7.32025-08-14
A vulnerability was determined in 1000 Projects Sales Management System 1.0. Affected by this issue is some unknown functionality of the file /superstore/dist/dordupdate.php. The manipulation of the argument select2 leads to sql injection.…
- CVE-2025-8937HIGHCVSS 8.8EG 6.32025-08-14
A vulnerability has been found in TOTOLINK N350R 1.2.3-B20130826. This vulnerability affects unknown code of the file /boafrm/formSysCmd. The manipulation leads to command injection. The attack can be initiated remotely. The exploit has be…
- CVE-2025-8946CRITICALCVSS 9.8EG 7.32025-08-14
A vulnerability has been found in projectworlds Online Notes Sharing Platform 1.0. This vulnerability affects unknown code of the file /login.php. The manipulation of the argument User leads to sql injection. The attack can be initiated re…
- CVE-2025-8947CRITICALCVSS 9.8EG 7.32025-08-14
A vulnerability was found in projectworlds Visitor Management System 1.0. This issue affects some unknown processing of the file /query_data.php. The manipulation of the argument dateF/dateP leads to sql injection. The attack may be initia…
- CVE-2025-8948CRITICALCVSS 9.8EG 7.32025-08-14
A vulnerability was determined in projectworlds Visitor Management System 1.0. Affected is an unknown function of the file /front.php. The manipulation of the argument rid leads to sql injection. It is possible to launch the attack remotel…
- CVE-2025-8950CRITICALCVSS 9.8EG 7.32025-08-14
A vulnerability was identified in Campcodes Online Recruitment Management System 1.0. This issue affects some unknown processing of the file /Recruitment/index.php?page=view_vacancy. The manipulation of the argument ID leads to sql injecti…
- CVE-2025-8951CRITICALCVSS 9.8EG 7.32025-08-14
A vulnerability has been found in PHPGurukul Teachers Record Management System 2.1. Affected is an unknown function of the file /admin/search.php. The manipulation of the argument searchdata leads to sql injection. It is possible to launch…
- CVE-2025-8952CRITICALCVSS 9.8EG 7.32025-08-14
A vulnerability was found in Campcodes Online Flight Booking Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/ajax.php?action=login of the component Login. The manipulation of the argumen…
- CVE-2025-8953CRITICALCVSS 9.8EG 7.32025-08-14
A vulnerability was determined in SourceCodester COVID 19 Testing Management System 1.0. Affected by this issue is some unknown functionality of the file /check_availability.php. The manipulation of the argument employeeid leads to sql inj…
- CVE-2025-8954CRITICALCVSS 9.8EG 7.32025-08-14
A vulnerability was identified in PHPGurukul Hospital Management System 4.0. This affects an unknown part of the file /admin/doctor-specilization.php. The manipulation of the argument doctorspecilization leads to sql injection. It is possi…
- CVE-2025-8955CRITICALCVSS 9.8EG 7.32025-08-14
A vulnerability has been found in PHPGurukul Hospital Management System 4.0. This vulnerability affects unknown code of the file /admin/edit-doctor.php. The manipulation of the argument docfees leads to sql injection. The attack can be ini…
- CVE-2025-8956HIGHCVSS 8.8EG 6.32025-08-14
A vulnerability was found in D-Link DIR‑818L up to 1.05B01. This issue affects the function getenv of the file /htdocs/cgibin of the component ssdpcgi. The manipulation leads to command injection. The attack may be initiated remotely. Th…
- CVE-2025-8957CRITICALCVSS 9.8EG 7.32025-08-14
A vulnerability was determined in Campcodes Online Flight Booking Management System 1.0. Affected is an unknown function of the file /flights.php. The manipulation of the argument departure_airport_id leads to sql injection. It is possible…
- CVE-2025-8960CRITICALCVSS 9.8EG 7.32025-08-14
A vulnerability has been found in Campcodes Online Flight Booking Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/save_airlines.php. The manipulation of the argument ID leads to sql injection.…
- CVE-2025-8966CRITICALCVSS 9.8EG 7.32025-08-14
A vulnerability was found in itsourcecode Online Tour and Travel Management System 1.0. This issue affects some unknown processing of the file /admin/operations/tax.php. The manipulation of the argument tname leads to sql injection. The at…
- CVE-2025-8967CRITICALCVSS 9.8EG 7.32025-08-14
A vulnerability was determined in itsourcecode Online Tour and Travel Management System 1.0. Affected is an unknown function of the file /admin/operations/packages.php. The manipulation of the argument pname leads to sql injection. It is p…
- CVE-2025-8968CRITICALCVSS 9.8EG 7.32025-08-14
A vulnerability was identified in itsourcecode Online Tour and Travel Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/disapprove_user.php. The manipulation of the argument ID leads to sq…
- CVE-2025-8969CRITICALCVSS 9.8EG 7.32025-08-14
A vulnerability has been found in itsourcecode Online Tour and Travel Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/approve_user.php. The manipulation of the argument ID leads to sql injecti…
- CVE-2025-8970CRITICALCVSS 9.8EG 7.32025-08-14
A vulnerability was found in itsourcecode Online Tour and Travel Management System 1.0. This affects an unknown part of the file /admin/operations/booking.php. The manipulation of the argument ID leads to sql injection. It is possible to i…
- CVE-2025-8971CRITICALCVSS 9.8EG 7.32025-08-14
A vulnerability was determined in itsourcecode Online Tour and Travel Management System 1.0. This vulnerability affects unknown code of the file /admin/operations/travellers.php. The manipulation of the argument val-username leads to sql i…
- CVE-2025-8972CRITICALCVSS 9.8EG 7.32025-08-14
A vulnerability was identified in itsourcecode Online Tour and Travel Management System 1.0. This issue affects some unknown processing of the file /admin/page-login.php. The manipulation of the argument email leads to sql injection. The a…
- CVE-2025-8973CRITICALCVSS 9.8EG 7.32025-08-14
A vulnerability has been found in SourceCodester Cashier Queuing System 1.0. Affected is an unknown function of the file /Actions.php. The manipulation of the argument Username leads to sql injection. It is possible to launch the attack re…
- CVE-2025-8981CRITICALCVSS 9.8EG 7.32025-08-14
A vulnerability was found in itsourcecode Online Tour and Travel Management System 1.0. This affects an unknown part of the file /admin/operations/payment.php. The manipulation of the argument payment_type leads to sql injection. It is pos…
- CVE-2025-8982CRITICALCVSS 9.8EG 7.32025-08-14
A vulnerability was determined in itsourcecode Online Tour and Travel Management System 1.0. This vulnerability affects unknown code of the file /admin/operations/currency.php. The manipulation of the argument curr_code leads to sql inject…
- CVE-2025-8983CRITICALCVSS 9.8EG 7.32025-08-14
A vulnerability was identified in itsourcecode Online Tour and Travel Management System 1.0. This issue affects some unknown processing of the file /admin/operations/expense.php. The manipulation of the argument expense_for leads to sql in…
- CVE-2025-8984CRITICALCVSS 9.8EG 7.32025-08-14
A vulnerability has been found in itsourcecode Online Tour and Travel Management System 1.0. Affected is an unknown function of the file /admin/operations/expense_category.php. The manipulation of the argument expense_name leads to sql inj…
- CVE-2025-8985CRITICALCVSS 9.8EG 7.32025-08-14
A vulnerability was found in SourceCodester COVID 19 Testing Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /profile.php. The manipulation of the argument mobilenumber leads to sql injection. …
- CVE-2025-8986CRITICALCVSS 9.8EG 7.32025-08-14
A vulnerability was determined in SourceCodester COVID 19 Testing Management System 1.0. Affected by this issue is some unknown functionality of the file /search-report-result.php. The manipulation of the argument serachdata leads to sql i…
- CVE-2025-8987CRITICALCVSS 9.8EG 7.32025-08-14
A vulnerability was identified in SourceCodester COVID 19 Testing Management System 1.0. This affects an unknown part of the file /test-details.php. The manipulation of the argument remark leads to sql injection. It is possible to initiate…
- CVE-2025-8988CRITICALCVSS 9.8EG 7.32025-08-14
A vulnerability has been found in SourceCodester COVID 19 Testing Management System 1.0. This vulnerability affects unknown code of the file /bwdates-report-result.php. The manipulation of the argument fromdate leads to sql injection. The …
- CVE-2025-8989CRITICALCVSS 9.8EG 7.32025-08-15
A vulnerability was found in SourceCodester COVID 19 Testing Management System 1.0. This issue affects some unknown processing of the file /edit-phlebotomist.php. The manipulation of the argument mobilenumber leads to sql injection. The at…
- CVE-2025-8990CRITICALCVSS 9.8EG 7.32025-08-15
A vulnerability was determined in code-projects Online Medicine Guide 1.0. Affected is an unknown function of the file /browsemdcn.php. The manipulation of the argument Search leads to sql injection. It is possible to launch the attack rem…
- CVE-2025-8993CRITICALCVSS 9.8EG 7.32025-08-15
A vulnerability was found in itsourcecode Online Tour and Travel Management System 1.0. This affects an unknown part of the file /admin/expense_report.php. The manipulation of the argument from_date leads to sql injection. It is possible t…
- CVE-2025-9002CRITICALCVSS 9.8EG 7.32025-08-15
A vulnerability was identified in Surbowl dormitory-management-php 1.0. This affects an unknown part of the file login.php. The manipulation of the argument Account leads to sql injection. It is possible to initiate the attack remotely. Th…
- CVE-2025-9008CRITICALCVSS 9.8EG 7.32025-08-15
A vulnerability was identified in itsourcecode Online Tour and Travel Management System 1.0. This issue affects some unknown processing of the file /admin/sms_setting.php. The manipulation of the argument uname leads to sql injection. The …
- CVE-2025-9009CRITICALCVSS 9.8EG 7.32025-08-15
A vulnerability has been found in itsourcecode Online Tour and Travel Management System 1.0. Affected is an unknown function of the file /admin/email_setup.php. The manipulation of the argument Name leads to sql injection. It is possible t…
- CVE-2025-9010CRITICALCVSS 9.8EG 7.32025-08-15
A vulnerability was found in itsourcecode Online Tour and Travel Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/booking_report.php. The manipulation of the argument from_date leads to s…
- CVE-2025-9011CRITICALCVSS 9.8EG 7.32025-08-15
A vulnerability was determined in PHPGurukul Online Shopping Portal Project 2.0. Affected by this issue is some unknown functionality of the file /shopping/signup.php. The manipulation of the argument emailid leads to sql injection. The at…
- CVE-2025-9012CRITICALCVSS 9.8EG 7.32025-08-15
A vulnerability was identified in PHPGurukul Online Shopping Portal Project 2.0. This affects an unknown part of the file shopping/bill-ship-addresses.php. The manipulation of the argument billingpincode leads to sql injection. It is possi…
- CVE-2025-9013CRITICALCVSS 9.8EG 7.32025-08-15
A vulnerability has been found in PHPGurukul Online Shopping Portal Project 2.0. This vulnerability affects unknown code of the file /shopping/password-recovery.php. The manipulation of the argument emailid leads to sql injection. The atta…
- CVE-2025-9021CRITICALCVSS 9.8EG 7.32025-08-15
A vulnerability was determined in SourceCodester Online Bank Management System up to 1.0. This vulnerability affects unknown code of the file /bank/transfer.php. The manipulation of the argument email leads to sql injection. The attack can…
- CVE-2025-9022CRITICALCVSS 9.8EG 7.32025-08-15
A vulnerability was identified in SourceCodester Online Bank Management System up to 1.0. This issue affects some unknown processing of the file /bank/statements.php. The manipulation of the argument email leads to sql injection. The attac…
- CVE-2025-9024CRITICALCVSS 9.8EG 7.32025-08-15
A vulnerability was found in PHPGurukul Beauty Parlour Management System 1.1. Affected by this vulnerability is an unknown functionality of the file /book-appointment.php. The manipulation of the argument Message leads to sql injection. Th…
- CVE-2025-9025HIGHCVSS 8.8EG 6.32025-08-15
A vulnerability was determined in code-projects Simple Cafe Ordering System 1.0. Affected by this issue is some unknown functionality of the file /portal.php. The manipulation of the argument ID leads to sql injection. The attack may be la…
- CVE-2025-9027CRITICALCVSS 9.8EG 7.32025-08-15
A vulnerability has been found in code-projects Online Medicine Guide 1.0. This vulnerability affects unknown code of the file /addelivery.php. The manipulation of the argument deName leads to sql injection. The attack can be initiated rem…
- CVE-2025-9028CRITICALCVSS 9.8EG 7.32025-08-15
A flaw has been found in code-projects Online Medicine Guide 1.0. This vulnerability affects unknown code of the file /adphar.php. Executing manipulation of the argument phuname can lead to sql injection. The attack can be launched remotel…
- CVE-2025-9047CRITICALCVSS 9.8EG 7.32025-08-15
A vulnerability has been found in projectworlds Visitor Management System 1.0. Affected is an unknown function of the file /visitor_out.php. The manipulation of the argument rid leads to sql injection. It is possible to launch the attack r…
- CVE-2025-9050CRITICALCVSS 9.8EG 7.32025-08-15
A vulnerability was found in projectworlds Travel Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /addcategory.php. The manipulation of the argument t1 leads to sql injection. The attack can be…
- CVE-2025-9051CRITICALCVSS 9.8EG 7.32025-08-15
A vulnerability was determined in projectworlds Travel Management System 1.0. Affected by this issue is some unknown functionality of the file /updatecategory.php. The manipulation of the argument t1 leads to sql injection. The attack may …
- CVE-2025-9052CRITICALCVSS 9.8EG 7.32025-08-15
A vulnerability was identified in projectworlds Travel Management System 1.0. This affects an unknown part of the file /updatepackage.php. The manipulation of the argument s1 leads to sql injection. It is possible to initiate the attack re…
Map vulnerabilities like CWE-74 to your infrastructure
EchelonGraph correlates every CVE — across CWE-74 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →