CWE-74— Improper Neutralization of Special Elements in Output Used by a Downstream Component (Injection)
The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.— MITRE CWE catalog
5,096 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-74page 80 of 102
- CVE-2025-9706CRITICALCVSS 9.8EG 7.32025-08-30
A security vulnerability has been detected in SourceCodester Water Billing System 1.0. Affected by this vulnerability is an unknown functionality of the file /edit.php. Such manipulation of the argument ID leads to sql injection. The attac…
- CVE-2025-9726CRITICALCVSS 9.8EG 9.82025-08-31
A security flaw has been discovered in Campcodes Farm Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /review.php. The manipulation of the argument pid results in sql injection. The attack may …
- CVE-2025-9729CRITICALCVSS 9.8EG 7.32025-08-31
A vulnerability was detected in PHPGurukul Online Course Registration 3.1. This vulnerability affects unknown code of the file /admin/student-registration.php. Performing manipulation of the argument studentname results in sql injection. T…
- CVE-2025-9730CRITICALCVSS 9.8EG 7.32025-08-31
A vulnerability was found in itsourcecode Apartment Management System 1.0. The affected element is an unknown function of the file /ajax/updateProfile.php. The manipulation of the argument user_id results in sql injection. It is possible t…
- CVE-2025-9733CRITICALCVSS 9.8EG 7.32025-08-31
A security flaw has been discovered in code-projects Human Resource Integrated System 1.0. This impacts an unknown function of the file /login_timeee.php. Performing manipulation of the argument emp_id results in sql injection. The attack …
- CVE-2025-9739CRITICALCVSS 9.8EG 9.82025-08-31
A vulnerability has been found in Campcodes Online Water Billing System 1.0. Affected by this issue is some unknown functionality of the file /process.php. The manipulation of the argument Username leads to sql injection. The attack is pos…
- CVE-2025-9740CRITICALCVSS 9.8EG 9.82025-08-31
A vulnerability was found in code-projects Human Resource Integrated System 1.0. This affects an unknown part of the file /log_query.php. The manipulation of the argument ID results in sql injection. The attack may be performed from remote…
- CVE-2025-9741MEDIUMCVSS 5.3EG 5.32025-08-31
A vulnerability was determined in code-projects Human Resource Integrated System 1.0. This vulnerability affects unknown code of the file /login_query12.php. This manipulation of the argument ID causes sql injection. It is possible to init…
- CVE-2025-9742HIGHCVSS 7.5EG 7.52025-08-31
A vulnerability was identified in code-projects Human Resource Integrated System 1.0. This issue affects some unknown processing of the file /login.php. Such manipulation of the argument user/pass leads to sql injection. It is possible to …
- CVE-2025-9743CRITICALCVSS 9.8EG 7.32025-08-31
A security flaw has been discovered in code-projects Human Resource Integrated System 1.0. Impacted is an unknown function of the file login_attendance2.php. Performing manipulation of the argument employee_id/date results in sql injection…
- CVE-2025-9744CRITICALCVSS 9.8EG 7.32025-08-31
A weakness has been identified in Campcodes Online Loan Management System 1.0. The affected element is an unknown function of the file /ajax.php?action=login. Executing manipulation of the argument Username can lead to sql injection. The a…
- CVE-2025-9749CRITICALCVSS 9.8EG 9.82025-08-31
A vulnerability was identified in HKritesh009 Grocery List Management Web App up to f491b681eb70d465f445c9a721415c965190f83b. This affects an unknown part of the file /src/update.php. The manipulation of the argument ID leads to sql inject…
- CVE-2025-9750CRITICALCVSS 9.8EG 9.82025-08-31
A security flaw has been discovered in Campcodes Online Learning Management System 1.0. This vulnerability affects unknown code of the file /admin/login.php. The manipulation of the argument Username results in sql injection. It is possibl…
- CVE-2025-9751CRITICALCVSS 9.8EG 9.82025-09-01
A weakness has been identified in Campcodes Online Learning Management System 1.0. This issue affects some unknown processing of the file /login.php. This manipulation of the argument Username causes sql injection. The attack can be initia…
- CVE-2025-9756HIGHCVSS 8.8EG 8.82025-09-01
A vulnerability was found in PHPGurukul User Management System 1.0. This impacts an unknown function of the file /admin/change-emailid.php. The manipulation of the argument uid results in sql injection. The attack can be executed remotely.…
- CVE-2025-9757CRITICALCVSS 9.8EG 9.82025-09-01
A vulnerability was determined in Campcodes/SourceCodester Courier Management System 1.0. Affected is the function Login of the file /ajax.php. This manipulation of the argument email causes sql injection. The attack is possible to be carr…
- CVE-2025-9758CRITICALCVSS 9.8EG 9.82025-09-01
A vulnerability was identified in deepakmisal24 Chemical Inventory Management System up to 1.0. Affected by this vulnerability is an unknown functionality of the file /inventory_form.php. Such manipulation of the argument chem_name leads t…
- CVE-2025-9759CRITICALCVSS 9.8EG 9.82025-09-01
A security flaw has been discovered in Campcodes/SourceCodester Courier Management System 1.0. Affected by this issue is the function Signup of the file /ajax.php. Performing manipulation of the argument lastname results in sql injection. …
- CVE-2025-9761CRITICALCVSS 9.8EG 9.82025-09-01
A security vulnerability has been detected in Campcodes Online Feeds Product Inventory System 1.0. This vulnerability affects unknown code of the file /feeds/index.php of the component Login. The manipulation of the argument Username leads…
- CVE-2025-9763CRITICALCVSS 9.8EG 9.82025-09-01
A vulnerability was detected in Campcodes Online Learning Management System 1.0. This issue affects some unknown processing of the file /student_signup.php. The manipulation of the argument Username results in sql injection. The attack can…
- CVE-2025-9764CRITICALCVSS 9.8EG 9.82025-09-01
A flaw has been found in itsourcecode Sports Management System 1.0. Impacted is an unknown function of the file /Admin/resultdetails.php. This manipulation of the argument ID causes sql injection. The attack may be initiated remotely. The …
- CVE-2025-9765CRITICALCVSS 9.8EG 9.82025-09-01
A vulnerability has been found in itsourcecode Sports Management System 1.0. The affected element is an unknown function of the file /Admin/tournament_details.php. Such manipulation of the argument ID leads to sql injection. The attack may…
- CVE-2025-9766CRITICALCVSS 9.8EG 9.82025-09-01
A vulnerability was found in itsourcecode Sports Management System 1.0. The impacted element is an unknown function of the file /Admin/facilitator.php. Performing manipulation of the argument code results in sql injection. Remote exploitat…
- CVE-2025-9767CRITICALCVSS 9.8EG 9.82025-09-01
A vulnerability was determined in itsourcecode Sports Management System 1.0. This affects an unknown function of the file /Admin/sporttype.php. Executing manipulation of the argument code can lead to sql injection. The attack can be execut…
- CVE-2025-9768CRITICALCVSS 9.8EG 6.32025-09-01
A vulnerability was identified in itsourcecode Sports Management System 1.0. This impacts an unknown function of the file /Admin/mode.php. The manipulation of the argument code leads to sql injection. The attack is possible to be carried o…
- CVE-2025-9769MEDIUMCVSS 6.2EG 6.22025-09-01
A security flaw has been discovered in D-Link DI-7400G+ 19.12.25A1. Affected is the function sub_478D28 of the file /mng_platform.asp. The manipulation of the argument addr with the input `echo 12345 > poc.txt` results in command injection…
- CVE-2025-9770CRITICALCVSS 9.8EG 9.82025-09-01
A weakness has been identified in Campcodes Hospital Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/ of the component Admin Dashboard Login. This manipulation of the argument Password c…
- CVE-2025-9771CRITICALCVSS 9.8EG 9.82025-09-01
A security vulnerability has been detected in SourceCodester Eye Clinic Management System 1.0. Affected by this issue is some unknown functionality of the file /main/search_index_Diagnosis.php. Such manipulation of the argument Search lead…
- CVE-2025-9786CRITICALCVSS 9.8EG 9.82025-09-01
A vulnerability was found in Campcodes Online Learning Management System 1.0. Affected is an unknown function of the file /teacher_signup.php. Performing manipulation of the argument firstname results in sql injection. The attack can be in…
- CVE-2025-9788CRITICALCVSS 9.8EG 7.32025-09-01
A vulnerability was determined in SourceCodester/Campcodes School Log Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/admin_class.php. Executing manipulation of the argument id_no can le…
- CVE-2025-9789CRITICALCVSS 9.8EG 7.32025-09-01
A vulnerability was identified in SourceCodester Online Hotel Reservation System 1.0. Affected by this issue is some unknown functionality of the file /admin/edituser.php. The manipulation of the argument userid leads to sql injection. The…
- CVE-2025-9790CRITICALCVSS 9.8EG 7.32025-09-01
A security flaw has been discovered in SourceCodester Hotel Reservation System 1.0. This affects an unknown part of the file /admin/updateabout.php. The manipulation of the argument address results in sql injection. The attack may be launc…
- CVE-2025-9792CRITICALCVSS 9.8EG 7.32025-09-01
A security vulnerability has been detected in itsourcecode Apartment Management System 1.0. This issue affects some unknown processing of the file /e_dashboard/e_all_info.php. Such manipulation of the argument mid leads to sql injection. T…
- CVE-2025-9793CRITICALCVSS 9.8EG 7.32025-09-01
A vulnerability was detected in itsourcecode Apartment Management System 1.0. Impacted is an unknown function of the file /setting/admin.php of the component Setting Handler. Performing manipulation of the argument ddlBranch results in sql…
- CVE-2025-9794CRITICALCVSS 9.8EG 7.32025-09-01
A flaw has been found in Campcodes Computer Sales and Inventory System 1.0. The affected element is an unknown function of the file /pages/pos_transac.php?action=add. Executing manipulation of the argument cash/firstname can lead to sql in…
- CVE-2025-9797LOWCVSS 2.4EG 2.42025-09-01
A vulnerability was determined in mrvautin expressCart up to b31302f4e99c3293bd742c6d076a721e168118b0. This impacts an unknown function of the file /admin/product/edit/ of the component Edit Product Page. This manipulation causes injection…
- CVE-2025-9802MEDIUMCVSS 4.7EG 4.72025-09-02
A vulnerability was detected in RemoteClinic 2.0. This vulnerability affects unknown code of the file /staff/profile.php. The manipulation of the argument ID results in sql injection. The attack can be executed remotely.
- CVE-2025-9811CRITICALCVSS 9.8EG 7.32025-09-02
A vulnerability was found in Campcodes Farm Management System 1.0. This affects an unknown part of the file /reviewInput.php. Performing manipulation of the argument rating results in sql injection. The attack is possible to be carried out…
- CVE-2025-9814CRITICALCVSS 9.8EG 7.32025-09-02
A security flaw has been discovered in PHPGurukul Beauty Parlour Management System 1.1. Impacted is an unknown function of the file /admin/contact-us.php. The manipulation of the argument mobnumber results in sql injection. It is possible …
- CVE-2025-9829CRITICALCVSS 9.8EG 7.32025-09-02
A vulnerability was identified in PHPGurukul Beauty Parlour Management System 1.1. The impacted element is an unknown function of the file /signup.php. The manipulation of the argument mobilenumber leads to sql injection. Remote exploitati…
- CVE-2025-9830CRITICALCVSS 9.8EG 7.32025-09-02
A security flaw has been discovered in PHPGurukul Beauty Parlour Management System 1.1. This affects an unknown function of the file /admin/add-customer-services.php. The manipulation of the argument sids[] results in sql injection. The at…
- CVE-2025-9831CRITICALCVSS 9.8EG 7.32025-09-02
A weakness has been identified in PHPGurukul Beauty Parlour Management System 1.1. This impacts an unknown function of the file /admin/edit-services.php. This manipulation of the argument sername causes sql injection. The attack is possibl…
- CVE-2025-9832CRITICALCVSS 9.8EG 7.32025-09-02
A security vulnerability has been detected in SourceCodester Food Ordering Management System 1.0. Affected is an unknown function of the file /routers/register-router.php. Such manipulation of the argument phone leads to sql injection. The…
- CVE-2025-9833CRITICALCVSS 9.8EG 7.32025-09-02
A vulnerability was detected in SourceCodester Online Farm Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /Login/login.php. Performing manipulation of the argument uname results in sql injecti…
- CVE-2025-9837CRITICALCVSS 9.8EG 7.32025-09-02
A vulnerability was determined in itsourcecode Student Information Management System 1.0. This issue affects some unknown processing of the file /admin/modules/student/index.php. This manipulation of the argument studentId causes sql injec…
- CVE-2025-9838CRITICALCVSS 9.8EG 7.32025-09-02
A vulnerability was identified in itsourcecode Student Information Management System 1.0. Impacted is an unknown function of the file /admin/modules/subject/index.php. Such manipulation of the argument ID leads to sql injection. The attack…
- CVE-2025-9839CRITICALCVSS 9.8EG 7.32025-09-02
A security flaw has been discovered in itsourcecode Student Information Management System 1.0. The affected element is an unknown function of the file /admin/modules/course/index.php. Performing manipulation of the argument ID results in s…
- CVE-2025-9840CRITICALCVSS 9.8EG 6.32025-09-02
A weakness has been identified in itsourcecode Sports Management System 1.0. The impacted element is an unknown function of the file /Admin/gametype.php. Executing manipulation of the argument code can lead to sql injection. The attack can…
- CVE-2025-9919CRITICALCVSS 9.8EG 9.82025-09-03
A vulnerability was identified in 1000projects Beauty Parlour Management System 1.0. This affects an unknown function of the file /admin/bwdates-reports-details.php. The manipulation of the argument fromdate/todate leads to sql injection. …
- CVE-2025-9924CRITICALCVSS 9.8EG 9.82025-09-03
A vulnerability has been found in projectworlds Travel Management System 1.0. This vulnerability affects unknown code of the file /enquiry.php. The manipulation of the argument t2 leads to sql injection. Remote exploitation of the attack i…
Map vulnerabilities like CWE-74 to your infrastructure
EchelonGraph correlates every CVE — across CWE-74 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →