CWE-74— Improper Neutralization of Special Elements in Output Used by a Downstream Component (Injection)
The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.— MITRE CWE catalog
5,096 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-74page 79 of 102
- CVE-2025-9532HIGHCVSS 8.8EG 6.32025-08-27
A flaw has been found in Portabilis i-Educar up to 2.10. This impacts an unknown function of the file /RegraAvaliacao/view. Executing manipulation of the argument ID can lead to sql injection. It is possible to launch the attack remotely. …
- CVE-2025-9581CRITICALCVSS 9.8EG 6.32025-08-28
A vulnerability was detected in Comfast CF-N1 2.6.0. This impacts the function multi_pppoe of the file /usr/bin/webmgnt. Performing manipulation of the argument phy_interface results in command injection. The attack may be initiated remote…
- CVE-2025-9582CRITICALCVSS 9.8EG 6.32025-08-28
A flaw has been found in Comfast CF-N1 2.6.0. Affected is the function ntp_timezone of the file /usr/bin/webmgnt. Executing manipulation of the argument timestr can lead to command injection. The attack may be launched remotely. The exploi…
- CVE-2025-9583HIGHCVSS 8.8EG 6.32025-08-28
A vulnerability has been found in Comfast CF-N1 2.6.0. Affected by this vulnerability is the function ping_config of the file /usr/bin/webmgnt. The manipulation leads to command injection. Remote exploitation of the attack is possible. The…
- CVE-2025-9584HIGHCVSS 8.8EG 6.32025-08-28
A vulnerability was found in Comfast CF-N1 2.6.0. Affected by this issue is the function update_interface_png of the file /usr/bin/webmgnt. The manipulation of the argument interface/display_name results in command injection. The attack ca…
- CVE-2025-9585HIGHCVSS 8.8EG 6.32025-08-28
A vulnerability was determined in Comfast CF-N1 2.6.0. This affects the function wifilith_delete_pic_file of the file /usr/bin/webmgnt. This manipulation of the argument portal_delete_picname causes command injection. The attack is possibl…
- CVE-2025-9586HIGHCVSS 8.8EG 6.32025-08-28
A vulnerability was identified in Comfast CF-N1 2.6.0. This vulnerability affects the function wireless_device_dissoc of the file /usr/bin/webmgnt. Such manipulation of the argument mac leads to command injection. The attack may be perform…
- CVE-2025-9592CRITICALCVSS 9.8EG 7.32025-08-28
A vulnerability was detected in itsourcecode Apartment Management System 1.0. This issue affects some unknown processing of the file /report/bill_info.php. Performing manipulation of the argument vid results in sql injection. Remote exploi…
- CVE-2025-9593CRITICALCVSS 9.8EG 7.32025-08-28
A flaw has been found in itsourcecode Apartment Management System 1.0. Impacted is an unknown function of the file /report/unit_status_info.php. Executing manipulation of the argument usid can lead to sql injection. The attack can be execu…
- CVE-2025-9594CRITICALCVSS 9.8EG 7.32025-08-28
A vulnerability has been found in itsourcecode Apartment Management System 1.0. The affected element is an unknown function of the file /report/complain_info.php. The manipulation of the argument vid leads to sql injection. The attack is p…
- CVE-2025-9596CRITICALCVSS 9.8EG 7.32025-08-29
A vulnerability was determined in itsourcecode Sports Management System 1.0. This affects an unknown function of the file /login.php. This manipulation of the argument User causes sql injection. It is possible to initiate the attack remote…
- CVE-2025-9597CRITICALCVSS 9.8EG 7.32025-08-29
A vulnerability was identified in itsourcecode Apartment Management System 1.0. This impacts an unknown function of the file /o_dashboard/rented_all_info.php. Such manipulation of the argument uid leads to sql injection. It is possible to …
- CVE-2025-9598CRITICALCVSS 9.8EG 7.32025-08-29
A security flaw has been discovered in itsourcecode Apartment Management System 1.0. Affected is an unknown function of the file /setting/year_setup.php. Performing manipulation of the argument txtXYear results in sql injection. The attack…
- CVE-2025-9599CRITICALCVSS 9.8EG 7.32025-08-29
A weakness has been identified in itsourcecode Apartment Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /setting/month_setup.php. Executing manipulation of the argument txtMonthName can lead t…
- CVE-2025-9600CRITICALCVSS 9.8EG 7.32025-08-29
A security vulnerability has been detected in itsourcecode Apartment Management System 1.0. Affected by this issue is some unknown functionality of the file /setting/member_type_setup.php. The manipulation of the argument txtMemberType lea…
- CVE-2025-9601CRITICALCVSS 9.8EG 7.32025-08-29
A vulnerability was detected in itsourcecode Apartment Management System 1.0. This affects an unknown part of the file /setting/employee_salary_setup.php. The manipulation of the argument ddlEmpName results in sql injection. The attack may…
- CVE-2025-9603CRITICALCVSS 9.8EG 6.32025-08-29
A vulnerability was determined in Telesquare TLR-2005KSH 1.2.4. The affected element is an unknown function of the file /cgi-bin/internet.cgi?Command=lanCfg. Executing manipulation of the argument Hostname can lead to command injection. Th…
- CVE-2025-9606HIGHCVSS 8.8EG 6.32025-08-29
A vulnerability was detected in Portabilis i-Educar up to 2.10. Affected by this vulnerability is an unknown functionality of the file /intranet/agenda_preferencias.php. Performing manipulation of the argument cod_agenda results in sql inj…
- CVE-2025-9607HIGHCVSS 8.8EG 6.32025-08-29
A flaw has been found in Portabilis i-Educar up to 2.10. Affected by this issue is some unknown functionality of the file /module/TabelaArredondamento/view of the component Tabelas de Arredondamento Page. Executing manipulation of the argu…
- CVE-2025-9608HIGHCVSS 8.8EG 6.32025-08-29
A vulnerability has been found in Portabilis i-Educar up to 2.10. This affects an unknown part of the file /module/FormulaMedia/view of the component Formula de Cálculo de Média Page. The manipulation of the argument ID leads to sql inje…
- CVE-2025-9610CRITICALCVSS 9.8EG 7.32025-08-29
A vulnerability was determined in code-projects Online Event Judging System 1.0. This issue affects some unknown processing of the file /create_account.php. This manipulation of the argument fname causes sql injection. The attack is possib…
- CVE-2025-9643CRITICALCVSS 9.8EG 7.32025-08-29
A vulnerability was found in itsourcecode Apartment Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /setting/utility_bill_setup.php. Performing manipulation of the argument txtGasBill results i…
- CVE-2025-9644CRITICALCVSS 9.8EG 7.32025-08-29
A vulnerability was determined in itsourcecode Apartment Management System 1.0. Affected by this issue is some unknown functionality of the file /setting/bill_setup.php. Executing manipulation of the argument txtBillType can lead to sql in…
- CVE-2025-9645CRITICALCVSS 9.8EG 7.32025-08-29
A vulnerability was identified in itsourcecode Apartment Management System 1.0. This affects an unknown part of the file /t_dashboard/r_all_info.php. The manipulation of the argument mid leads to sql injection. The attack can be initiated …
- CVE-2025-9651MEDIUMCVSS 6.3EG 6.32025-08-29
A vulnerability was found in shafhasan chatbox up to 156a39cde62f78532c3265a70eda12c70907e56f. This impacts an unknown function of the file /chat.php. The manipulation of the argument user_id results in sql injection. The attack may be per…
- CVE-2025-9654MEDIUMCVSS 6.3EG 6.32025-08-29
A security flaw has been discovered in AiondaDotCom mcp-ssh up to 1.0.3. Affected by this issue is some unknown functionality of the file server-simple.mjs. Performing manipulation results in command injection. The attack can be initiated …
- CVE-2025-9660CRITICALCVSS 9.8EG 7.32025-08-29
A vulnerability was found in SourceCodester Bakeshop Online Ordering System 1.0. The impacted element is an unknown function of the file /passwordrecover.php. Performing manipulation of the argument phonenumber results in sql injection. Th…
- CVE-2025-9662CRITICALCVSS 9.8EG 7.32025-08-29
A vulnerability was determined in code-projects Simple Grading System 1.0. This affects an unknown function of the file /login.php of the component Admin Panel. Executing manipulation can lead to sql injection. The attack may be performed …
- CVE-2025-9663HIGHCVSS 8.8EG 6.32025-08-29
A vulnerability was identified in code-projects Simple Grading System 1.0. This impacts an unknown function of the file /edit_account.php of the component Admin Panel. The manipulation of the argument ID leads to sql injection. It is possi…
- CVE-2025-9664HIGHCVSS 8.8EG 6.32025-08-29
A security flaw has been discovered in code-projects Simple Grading System 1.0. Affected is an unknown function of the file /add_student_grade.php of the component Admin Panel. The manipulation of the argument Add results in sql injection.…
- CVE-2025-9665HIGHCVSS 8.8EG 6.32025-08-29
A weakness has been identified in code-projects Simple Grading System 1.0. Affected by this vulnerability is an unknown functionality of the file /edit_student.php of the component Admin Panel. This manipulation of the argument ID causes s…
- CVE-2025-9666HIGHCVSS 8.8EG 6.32025-08-29
A security vulnerability has been detected in code-projects Simple Grading System 1.0. Affected by this issue is some unknown functionality of the file /delete_student.php of the component Admin Panel. Such manipulation of the argument ID …
- CVE-2025-9667HIGHCVSS 8.8EG 6.32025-08-29
A vulnerability was detected in code-projects Simple Grading System 1.0. This affects an unknown part of the file /delete_account.php of the component Admin Panel. Performing manipulation of the argument ID results in sql injection. The at…
- CVE-2025-9669CRITICALCVSS 9.8EG 7.32025-08-29
A vulnerability has been found in Jinher OA 1.0. This issue affects some unknown processing of the file GetTreeDate.aspx. The manipulation of the argument ID leads to sql injection. Remote exploitation of the attack is possible. The exploi…
- CVE-2025-9678CRITICALCVSS 9.8EG 7.32025-08-29
A weakness has been identified in Campcodes Online Loan Management System 1.0. The impacted element is an unknown function of the file /ajax.php?action=delete_borrower. This manipulation of the argument ID causes sql injection. It is possi…
- CVE-2025-9679CRITICALCVSS 9.8EG 9.82025-08-30
A security vulnerability has been detected in itsourcecode Student Information System 1.0. This affects an unknown function of the file /course_edit1.php. Such manipulation of the argument ID leads to sql injection. It is possible to launc…
- CVE-2025-9684HIGHCVSS 8.8EG 6.32025-08-30
A vulnerability was determined in Portabilis i-Educar up to 2.10. This affects an unknown part of the file /module/FormulaMedia/edit of the component Formula de Cálculo de Média Page. This manipulation of the argument ID causes sql injec…
- CVE-2025-9685HIGHCVSS 8.8EG 6.32025-08-30
A vulnerability was identified in Portabilis i-Educar up to 2.10. This vulnerability affects unknown code of the file /module/AreaConhecimento/view of the component Listagem de áreas de conhecimento Page. Such manipulation of the argument…
- CVE-2025-9686HIGHCVSS 8.8EG 6.32025-08-30
A security flaw has been discovered in Portabilis i-Educar up to 2.10. This issue affects some unknown processing of the file /module/AreaConhecimento/edit of the component Listagem de áreas de conhecimento Page. Performing manipulation o…
- CVE-2025-9689HIGHCVSS 8.8EG 8.82025-08-30
A vulnerability was detected in SourceCodester Advanced School Management System 1.0. The impacted element is an unknown function of the file /index.php/stock/item_select. The manipulation of the argument q results in sql injection. It is …
- CVE-2025-9690HIGHCVSS 8.8EG 8.82025-08-30
A flaw has been found in SourceCodester Advanced School Management System 1.0. This affects an unknown function of the file /index.php/stock/vendordetails. This manipulation of the argument ID causes sql injection. The attack can be initia…
- CVE-2025-9691CRITICALCVSS 9.8EG 9.82025-08-30
A vulnerability has been found in Campcodes Online Shopping System 1.0. This impacts an unknown function of the file /login.php. Such manipulation of the argument Password leads to sql injection. The attack can be launched remotely. The ex…
- CVE-2025-9692CRITICALCVSS 9.8EG 9.82025-08-30
A vulnerability was found in Campcodes Online Shopping System 1.0. Affected is an unknown function of the file /product.php. Performing manipulation of the argument p results in sql injection. The attack may be initiated remotely. The expl…
- CVE-2025-9694CRITICALCVSS 9.8EG 9.82025-08-30
A vulnerability was determined in Campcodes Advanced Online Voting System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/login.php. Executing manipulation of the argument Username can lead to sql injecti…
- CVE-2025-9699CRITICALCVSS 9.8EG 9.82025-08-30
A vulnerability was detected in SourceCodester Online Polling System Code 1.0. This vulnerability affects unknown code of the file /admin/checklogin.php. The manipulation of the argument myusername results in sql injection. The attack may …
- CVE-2025-9700CRITICALCVSS 9.8EG 9.82025-08-30
A flaw has been found in SourceCodester Online Book Store 1.0. This issue affects some unknown processing of the file /publisher_list.php. This manipulation of the argument pubid causes sql injection. It is possible to initiate the attack …
- CVE-2025-9701CRITICALCVSS 9.8EG 9.82025-08-30
A vulnerability was determined in SourceCodester Simple Cafe Billing System 1.0. The impacted element is an unknown function of the file /receipt.php. Executing manipulation of the argument ID can lead to sql injection. The attack can be l…
- CVE-2025-9702CRITICALCVSS 9.8EG 7.32025-08-30
A vulnerability was identified in SourceCodester Simple Cafe Billing System 1.0. This affects an unknown function of the file /sales_report.php. The manipulation of the argument month leads to sql injection. The attack may be initiated rem…
- CVE-2025-9704CRITICALCVSS 9.8EG 7.32025-08-30
A security flaw has been discovered in SourceCodester Water Billing System 1.0. This impacts an unknown function of the file /viewbill.php. The manipulation of the argument ID results in sql injection. The attack may be launched remotely. …
- CVE-2025-9705CRITICALCVSS 9.8EG 7.32025-08-30
A weakness has been identified in SourceCodester Water Billing System 1.0. Affected is an unknown function of the file /paybill.php. This manipulation of the argument ID causes sql injection. Remote exploitation of the attack is possible. …
Map vulnerabilities like CWE-74 to your infrastructure
EchelonGraph correlates every CVE — across CWE-74 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →