CWE-74

High likelihood

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Parent: CWE-707 - Improper Neutralization

The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.

4,807 vulnerabilities with CWE-74
CVE-2025-5574 HIGH
PHPGurukul Dairy Farm Shop Management System 1.3 - SQL Injection
CVSS 7.3
CVE-2025-5569 MEDIUM
ideacms < 1.7 - SQL Injection via Article/Goods Field Parameter
CVSS 6.3
CVE-2025-5566 MEDIUM
PHPGurukul Notice Board System 1.0 - SQL Injection
CVSS 6.3
CVE-2025-5562 HIGH
PHPGurukul Curfew e-Pass Management System 1.0 - SQL Injection
CVSS 7.3
CVE-2025-5561 HIGH
PHPGurukul Curfew e-Pass Management System 1.0 - SQL Injection
CVSS 7.3
CVE-2025-5560 HIGH
PHPGurukul Curfew e-Pass Management System 1.0 - SQL Injection
CVSS 7.3
CVE-2025-5558 MEDIUM
PHPGurukul Teacher Subject Allocation Management System 1.0 - SQL Injection via editid Parameter
CVSS 6.3
CVE-2025-5557 MEDIUM
PHPGurukul Teacher Subject Allocation Management System 1.0 - SQL Injection via editid Parameter
CVSS 6.3
CVE-2025-5556 MEDIUM
PHPGurukul Teacher Subject Allocation Management System 1.0 - SQL Injection via editid Parameter
CVSS 6.3
CVE-2025-5554 MEDIUM
PHPGurukul Rail Pass Management System 1.0 - SQL Injection
CVSS 6.3
CVE-2025-5553 HIGH
PHPGurukul Rail Pass Management System 1.0 - SQL Injection
CVSS 7.3
CVE-2025-5546 MEDIUM
PHPGurukul Daily Expense Tracker System 1.1 - SQL Injection
CVSS 6.3
CVE-2025-5515 MEDIUM
TOTOLINK X2000R 1.0.0-B20230726.1108 - Command Injection
CVSS 6.3
CVE-2025-5504 MEDIUM
TOTOLINK X2000R 1.0.0-B20230726.1108 - Command Injection
CVSS 6.3
CVE-2025-5502 MEDIUM
TOTOLINK X15 1.0.0-B20230714.1105 - Command Injection
CVSS 6.3
CVE-2025-5493 MEDIUM
Baison Channel Middleware Product 2.0.1 - SQL Injection
CVSS 6.3
CVE-2025-5492 MEDIUM
D-Link DI-500WF-WT <20250511 - Command Injection
CVSS 6.3
CVE-2025-5438 MEDIUM
Linksys RE6500, RE6250, RE6300, RE6350, RE7000, RE9000 - OS Command Injection via WPS PIN Parameter
CVSS 6.3
CVE-2025-5435 HIGH
Marwal Infotech CMS 1.0 - SQL Injection
CVSS 7.3
CVE-2025-5434 HIGH
Aem Solutions CMS <1.0 - SQL Injection
CVSS 7.3
CVE-2025-5433 MEDIUM
Feng Office 3.5.1.5 - SQL Injection
CVSS 6.3
CVE-2025-5432 MEDIUM
AssamLook CMS 1.0 - SQL Injection via /view_tender.php ID Parameter
CVSS 6.3
CVE-2025-5431 MEDIUM
AssamLook CMS 1.0 - SQL Injection via Department Profile ID Parameter
CVSS 6.3
CVE-2025-5430 MEDIUM
AssamLook CMS 1.0 - SQL Injection via /product.php ID Parameter
CVSS 6.3
CVE-2025-5403 MEDIUM
chaitak-gorai Blogbook - SQL Injection via post_id Parameter
CVSS 6.3
Details
Vulnerabilities 4,807
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits