CWE-74— Improper Neutralization of Special Elements in Output Used by a Downstream Component (Injection)
The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.— MITRE CWE catalog
5,097 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-74page 81 of 102
- CVE-2025-9925CRITICALCVSS 9.8EG 9.82025-09-03
A vulnerability was found in projectworlds Travel Management System 1.0. This issue affects some unknown processing of the file /detail.php. The manipulation of the argument pid results in sql injection. The attack can be executed remotely…
- CVE-2025-9926CRITICALCVSS 9.8EG 9.82025-09-03
A vulnerability was determined in projectworlds Travel Management System 1.0. Impacted is an unknown function of the file /viewsubcategory.php. This manipulation of the argument t1 causes sql injection. The attack is possible to be carried…
- CVE-2025-9927CRITICALCVSS 9.8EG 9.82025-09-03
A vulnerability was identified in projectworlds Travel Management System 1.0. The affected element is an unknown function of the file /viewpackage.php. Such manipulation of the argument t1 leads to sql injection. The attack may be performe…
- CVE-2025-9928CRITICALCVSS 9.8EG 9.82025-09-03
A security flaw has been discovered in projectworlds Travel Management System 1.0. The impacted element is an unknown function of the file /viewcategory.php. Performing manipulation of the argument t1 results in sql injection. It is possib…
- CVE-2025-9930CRITICALCVSS 9.8EG 7.32025-09-04
A security vulnerability has been detected in 1000projects Beauty Parlour Management System 1.0. This impacts an unknown function of the file /admin/contact-us.php. The manipulation of the argument mobnumber leads to sql injection. The att…
- CVE-2025-9932CRITICALCVSS 9.8EG 7.32025-09-04
A flaw has been found in PHPGurukul Beauty Parlour Management System 1.1. Affected by this vulnerability is an unknown functionality of the file /admin/update-image.php. This manipulation of the argument lid causes sql injection. The attac…
- CVE-2025-9933CRITICALCVSS 9.8EG 7.32025-09-04
A vulnerability has been found in PHPGurukul Beauty Parlour Management System 1.1. Affected by this issue is some unknown functionality of the file /admin/view-appointment.php. Such manipulation of the argument viewid leads to sql injectio…
- CVE-2025-9934CRITICALCVSS 9.8EG 6.32025-09-04
A vulnerability was found in TOTOLINK X5000R 9.1.0cu.2415_B20250515. This affects the function sub_410C34 of the file /cgi-bin/cstecgi.cgi. Performing manipulation of the argument pid results in command injection. Remote exploitation of th…
- CVE-2025-9935CRITICALCVSS 9.8EG 7.32025-09-04
A vulnerability was determined in TOTOLINK N600R 4.3.0cu.7866_B20220506. This vulnerability affects the function sub_4159F8 of the file /web_cste/cgi-bin/cstecgi.cgi. Executing manipulation can lead to command injection. The attack can be …
- CVE-2026-0284CRITICALCVSS 9.9EG 9.92026-07-09
An XML injection vulnerability in the Large Scale VPN (LSVPN) functionality of Palo Alto Networks PAN-OS® software enables an unauthenticated attacker with network access to inject malicious XML content, potentially leading to information…
- CVE-2026-0544HIGHCVSS 7.3EG 7.32026-01-01
A security flaw has been discovered in itsourcecode School Management System 1.0. This affects an unknown part of the file /student/index.php. The manipulation of the argument ID results in sql injection. It is possible to launch the attac…
- CVE-2026-0546HIGHCVSS 7.3EG 7.32026-01-02
A vulnerability was determined in code-projects Content Management System 1.0. This impacts an unknown function of the file search.php. This manipulation of the argument Value causes sql injection. The attack is possible to be carried out …
- CVE-2026-0565HIGHCVSS 7.3EG 7.32026-01-02
A weakness has been identified in code-projects Content Management System 1.0. This issue affects some unknown processing of the file /admin/delete.php. Executing a manipulation of the argument del can lead to sql injection. The attack can…
- CVE-2026-0567HIGHCVSS 7.3EG 7.32026-01-02
A vulnerability was detected in code-projects Content Management System 1.0. The affected element is an unknown function of the file /pages.php. The manipulation of the argument ID results in sql injection. The attack may be performed from…
- CVE-2026-0568HIGHCVSS 7.3EG 7.32026-01-02
A flaw has been found in code-projects Online Music Site 1.0. The impacted element is an unknown function of the file /Frontend/ViewSongs.php. This manipulation of the argument ID causes sql injection. It is possible to initiate the attack…
- CVE-2026-0569HIGHCVSS 7.3EG 7.32026-01-02
A vulnerability has been found in code-projects Online Music Site 1.0. This affects an unknown function of the file /Frontend/AlbumByCategory.php. Such manipulation of the argument ID leads to sql injection. It is possible to launch the at…
- CVE-2026-0570HIGHCVSS 7.3EG 7.32026-01-02
A vulnerability was found in code-projects Online Music Site 1.0. This impacts an unknown function of the file /Frontend/Feedback.php. Performing a manipulation of the argument fname results in sql injection. The attack can be initiated re…
- CVE-2026-0575HIGHCVSS 7.3EG 7.32026-01-04
A security vulnerability has been detected in code-projects Online Product Reservation System 1.0. This impacts an unknown function of the file /handgunner-administrator/adminlogin.php of the component Administrator Login. Such manipulatio…
- CVE-2026-0576HIGHCVSS 7.3EG 7.32026-01-04
A vulnerability was detected in code-projects Online Product Reservation System 1.0. Affected is an unknown function of the file /handgunner-administrator/prod.php of the component Parameter Handler. Performing a manipulation of the argume…
- CVE-2026-0578HIGHCVSS 7.3EG 7.32026-01-04
A vulnerability has been found in code-projects Online Product Reservation System 1.0. Affected by this issue is some unknown functionality of the file /handgunner-administrator/delete.php. The manipulation of the argument ID leads to sql …
- CVE-2026-0579HIGHCVSS 7.3EG 7.32026-01-04
A vulnerability was found in code-projects Online Product Reservation System 1.0. This affects an unknown part of the file /handgunner-administrator/edit.php of the component POST Parameter Handler. The manipulation of the argument prod_id…
- CVE-2026-0581MEDIUMCVSS 6.3EG 6.32026-01-05
A vulnerability was determined in Tenda AC1206 15.03.06.23. Affected by this issue is the function formBehaviorManager of the file /goform/BehaviorManager of the component httpd. Executing a manipulation of the argument modulename/option/d…
- CVE-2026-0582MEDIUMCVSS 6.3EG 6.32026-01-05
A vulnerability was identified in itsourcecode Society Management System 1.0. This affects an unknown part of the file /admin/edit_activity_query.php. The manipulation of the argument Title leads to sql injection. The attack may be initiat…
- CVE-2026-0583HIGHCVSS 7.3EG 7.32026-01-05
A security flaw has been discovered in code-projects Online Product Reservation System 1.0. This vulnerability affects unknown code of the file app/user/login.php of the component User Login. The manipulation of the argument emailadd resul…
- CVE-2026-0584MEDIUMCVSS 6.3EG 6.32026-01-05
A weakness has been identified in code-projects Online Product Reservation System 1.0. This issue affects some unknown processing of the file app/products/left_cart.php. This manipulation of the argument ID causes sql injection. Remote exp…
- CVE-2026-0585HIGHCVSS 7.3EG 7.32026-01-05
A security vulnerability has been detected in code-projects Online Product Reservation System 1.0. Impacted is an unknown function of the file /order_view.php of the component GET Parameter Handler. Such manipulation of the argument transa…
- CVE-2026-0590MEDIUMCVSS 6.3EG 6.32026-01-05
A vulnerability was determined in code-projects Online Product Reservation System 1.0. The affected element is an unknown function of the file /app/checkout/delete.php of the component POST Parameter Handler. This manipulation of the argum…
- CVE-2026-0591MEDIUMCVSS 6.3EG 6.32026-01-05
A vulnerability was identified in code-projects Online Product Reservation System 1.0. The impacted element is an unknown function of the file /app/checkout/update.php of the component Cart Update Handler. Such manipulation of the argument…
- CVE-2026-0592HIGHCVSS 7.3EG 7.32026-01-05
A security flaw has been discovered in code-projects Online Product Reservation System 1.0. This affects an unknown function of the file /handgunner-administrator/register_code.php of the component User Registration Handler. Performing a m…
- CVE-2026-0597MEDIUMCVSS 6.3EG 6.32026-01-05
A flaw has been found in Campcodes Supplier Management System 1.0. Affected by this issue is some unknown functionality of the file /retailer/edit_profile.php. This manipulation of the argument txtRetailerAddress causes sql injection. Remo…
- CVE-2026-0605HIGHCVSS 7.3EG 7.32026-01-05
A security vulnerability has been detected in code-projects Online Music Site 1.0. Affected by this vulnerability is an unknown functionality of the file /login.php. Such manipulation of the argument username/password leads to sql injectio…
- CVE-2026-0606HIGHCVSS 7.3EG 7.32026-01-05
A vulnerability was detected in code-projects Online Music Site 1.0. Affected by this issue is some unknown functionality of the file /FrontEnd/Albums.php. Performing a manipulation of the argument ID results in sql injection. It is possib…
- CVE-2026-0607HIGHCVSS 7.3EG 7.32026-01-06
A flaw has been found in code-projects Online Music Site 1.0. This affects an unknown part of the file /Administrator/PHP/AdminViewSongs.php. Executing a manipulation of the argument ID can lead to sql injection. It is possible to launch t…
- CVE-2026-0641MEDIUMCVSS 6.3EG 6.32026-01-06
A security vulnerability has been detected in TOTOLINK WA300 5.2cu.7112_B20190227. This vulnerability affects the function sub_401510 of the file cstecgi.cgi. The manipulation of the argument UPLOAD_FILENAME leads to command injection. The…
- CVE-2026-0697MEDIUMCVSS 4.7EG 4.72026-01-08
A flaw has been found in code-projects Intern Membership Management System 1.0. The impacted element is an unknown function of the file /intern/admin/edit_admin.php. This manipulation of the argument admin_id causes sql injection. The atta…
- CVE-2026-0698MEDIUMCVSS 4.7EG 4.72026-01-08
A vulnerability has been found in code-projects Intern Membership Management System 1.0. This affects an unknown function of the file /intern/admin/edit_students.php. Such manipulation of the argument admin_id leads to sql injection. The a…
- CVE-2026-0699MEDIUMCVSS 4.7EG 4.72026-01-08
A vulnerability was found in code-projects Intern Membership Management System 1.0. This impacts an unknown function of the file /intern/admin/edit_activity.php. Performing a manipulation of the argument activity_id results in sql injectio…
- CVE-2026-0700HIGHCVSS 7.3EG 7.32026-01-08
A vulnerability was determined in code-projects Intern Membership Management System 1.0. Affected is an unknown function of the file /intern/admin/check_admin.php. Executing a manipulation of the argument Username can lead to sql injection…
- CVE-2026-0701MEDIUMCVSS 4.7EG 4.72026-01-08
A vulnerability was identified in code-projects Intern Membership Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /intern/admin/add_admin.php. The manipulation of the argument Username leads to…
- CVE-2026-0728MEDIUMCVSS 4.7EG 4.72026-01-08
A security vulnerability has been detected in code-projects Intern Membership Management System 1.0. This issue affects some unknown processing of the file /intern/admin/delete_admin.php. Such manipulation of the argument admin_id leads to…
- CVE-2026-0729MEDIUMCVSS 4.7EG 4.72026-01-08
A vulnerability was detected in code-projects Intern Membership Management System 1.0. Impacted is an unknown function of the file /intern/admin/add_activity.php. Performing a manipulation of the argument Title results in sql injection. Re…
- CVE-2026-0732MEDIUMCVSS 6.3EG 6.32026-01-09
A vulnerability was found in D-Link DI-8200G 17.12.20A1. This affects an unknown function of the file /upgrade_filter.asp. The manipulation of the argument path results in command injection. The attack may be performed from remote. The exp…
- CVE-2026-0733MEDIUMCVSS 6.3EG 6.32026-01-09
A vulnerability was determined in PHPGurukul Online Course Registration System up to 3.1. This impacts an unknown function of the file /onlinecourse/admin/manage-students.php. This manipulation of the argument id/cid causes sql injection. …
- CVE-2026-0803MEDIUMCVSS 6.3EG 6.32026-01-09
A vulnerability was found in PHPGurukul Online Course Registration System up to 3.1. This affects an unknown part of the file /enroll.php. The manipulation of the argument studentregno/Pincode/session/department/level/course/sem results in…
- CVE-2026-0843MEDIUMCVSS 6.3EG 6.32026-01-11
A vulnerability has been found in jiujiujia/victor123/wxw850227 jjjfood and jjjshop_food up to 20260103. This vulnerability affects unknown code of the file /index.php/api/product.category/index. Such manipulation of the argument latitude …
- CVE-2026-0850MEDIUMCVSS 4.7EG 4.72026-01-11
A vulnerability was determined in code-projects Intern Membership Management System 1.0. Impacted is an unknown function of the file /admin/delete_activity.php. Executing a manipulation of the argument activity_id can lead to sql injection…
- CVE-2026-0851HIGHCVSS 7.3EG 7.32026-01-12
A vulnerability was identified in code-projects Online Music Site 1.0. The affected element is an unknown function of the file /Administrator/PHP/AdminAddUser.php. The manipulation of the argument txtusername leads to sql injection. Remote…
- CVE-2026-0852HIGHCVSS 7.3EG 7.32026-01-12
A security flaw has been discovered in code-projects Online Music Site 1.0. The impacted element is an unknown function of the file /Administrator/PHP/AdminUpdateUser.php. The manipulation of the argument ID results in sql injection. The a…
- CVE-2026-0864MEDIUMCVSS 4.1EG 4.12026-06-23
When using the "configparser" module to write configuration files containing multi-line text values with carriage return characters (\r) the resulting file could be injected with unexpected keys and values if the attacker controls the writ…
- CVE-2026-0865MEDIUMCVSS 5.9EG 5.92026-01-20
User-controlled header names and values containing newlines can allow injecting HTTP headers.
Map vulnerabilities like CWE-74 to your infrastructure
EchelonGraph correlates every CVE — across CWE-74 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →