CWE-74

High likelihood

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Parent: CWE-707 - Improper Neutralization

The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.

4,807 vulnerabilities with CWE-74
CVE-2025-5779 MEDIUM
Patient Record Management System 1.0 - SQL Injection via birthing.php itr_no/comp_id Parameter
CVSS 6.3
CVE-2025-5778 HIGH
1000 Projects ABC Courier Management System 1.0 - SQL Injection via Username Parameter
CVSS 7.3
CVE-2025-5763 MEDIUM
Tenda CP3 11.10.00.2311090948 - OS Command Injection via sub_F3C8C Function
CVSS 4.7
CVE-2025-5762 MEDIUM
code-projects Patient Record Management System 1.0 - SQL Injection via view_hematology.php itr_no Parameter
CVSS 6.3
CVE-2025-5761 MEDIUM
PHPGurukul BP Monitoring Management System 1.0 - SQL Injection via memberage Parameter
CVSS 6.3
CVE-2025-5759 HIGH
PHPGurukul Local Services Search Engine Management System 2.1 - SQL Injection via editid Parameter
CVSS 7.3
CVE-2025-5758 HIGH
Open Source Clinic Management System 1.0 - SQL Injection via Doctor Name Parameter
CVSS 7.3
CVE-2025-5756 HIGH
Real Estate Property Management System 1.0 - SQL Injection via EditCity.php
CVSS 7.3
CVE-2025-5755 HIGH
Open Source Clinic Management System 1.0 - SQL Injection via email Parameter in email_config.php
CVSS 7.3
CVE-2025-5729 MEDIUM
Health Center Patient Record Management System 1.0 - SQL Injection via birthing_record.php itr_no Parameter
CVSS 6.3
CVE-2025-5716 HIGH
Open Source Clinic Management System 1.0 - SQL Injection via Email Parameter in Login
CVSS 7.3
CVE-2025-5712 HIGH
Open Source Clinic Management System 1.0 - SQL Injection via Patient Parameter in Appointment.php
CVSS 7.3
CVE-2025-5711 HIGH
Real Estate Property Management System 1.0 - SQL Injection via cmbState Parameter
CVSS 7.3
CVE-2025-5710 HIGH
Real Estate Property Management System 1.0 - SQL Injection via txtStateName Parameter
CVSS 7.3
CVE-2025-5709 HIGH
Real Estate Property Management System 1.0 - SQL Injection via txtCategoryName Parameter
CVSS 7.3
CVE-2025-5708 HIGH
Real Estate Property Management System 1.0 - SQL Injection via NewsReport txtFrom Parameter
CVSS 7.3
CVE-2025-5707 HIGH
Human Metapneumovirus Testing Management System 1.0 - SQL Injection via testtype Parameter
CVSS 7.3
CVE-2025-5706 HIGH
Human Metapneumovirus Testing Management System 1.0 - SQL Injection via state Parameter
CVSS 7.3
CVE-2025-5705 HIGH
Real Estate Property Management System 1.0 - SQL Injection via cmbCat Parameter
CVSS 7.3
CVE-2025-5704 HIGH
Real Estate Property Management System 1.0 - SQL Injection via txtUserName Parameter
CVSS 7.3
CVE-2025-5698 MEDIUM
Brilliance Golden Link Secondary System < 2025-04-24 - SQL Injection via nodename Parameter in logSelect.htm
CVSS 6.3
CVE-2025-5697 MEDIUM
Brilliance Golden Link Secondary System < 2025-04-24 - SQL Injection via custTradeId Parameter
CVSS 6.3
CVE-2025-5696 MEDIUM
Brilliance Golden Link Secondary System < 2025-04-24 - SQL Injection via clientname Parameter
CVSS 6.3
CVE-2025-5695 MEDIUM
FLIR AX8 Firmware 1.46.0-1.46.16 - Remote Command Injection via subscriptions.php
CVSS 4.7
CVE-2025-5694 MEDIUM
PHPGurukul Human Metapneumovirus Testing Management System 1.0 - SQL Injection via Search Report Result Parameter
CVSS 6.3
Details
Vulnerabilities 4,807
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits