CWE-74

High likelihood

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Parent: CWE-707 - Improper Neutralization

The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.

4,807 vulnerabilities with CWE-74
CVE-2025-5402 HIGH
chaitak-gorai Blogbook < 2021-11-22 - SQL Injection via edit_post_id Parameter
CVSS 7.3
CVE-2025-5401 HIGH
chaitak-gorai Blogbook < 2021-11-22 - SQL Injection via p_id Parameter
CVSS 7.3
CVE-2025-5400 HIGH
chaitak-gorai/blogbook < 2021-11-22 - SQL Injection via u_id Parameter
CVSS 7.3
CVE-2025-5388 MEDIUM
JeeWMS < 2025-05-04 - SQL Injection via /generateController.do?dogenerate
CVSS 6.3
CVE-2025-5386 MEDIUM
JeeWMS < 2025-05-04 - SQL Injection via transEditor Function
CVSS 6.3
CVE-2025-5384 MEDIUM
JeeWMS < 2025-05-04 - SQL Injection via CgAutoListController
CVSS 6.3
CVE-2025-5376 HIGH
Health Center Patient Record Management System 1.0 - SQL Injection via patient.php itr_no Parameter
CVSS 7.3
CVE-2025-5375 MEDIUM
PHPGurukul Online Birth Certificate System 2.0 - SQL Injection via /admin/registered-users.php del Parameter
CVSS 6.3
CVE-2025-5374 MEDIUM
PHPGurukul Online Birth Certificate System 2.0 - SQL Injection via del Parameter in all-applications.php
CVSS 6.3
CVE-2025-5373 MEDIUM
PHPGurukul Online Birth Certificate System 2.0 - SQL Injection via userid Parameter
CVSS 6.3
CVE-2025-5371 HIGH
Health Center Patient Record Management System 1.0 - SQL Injection via Username Parameter
CVSS 7.3
CVE-2025-5370 HIGH
PHPGurukul News Portal 4.1 - SQL Injection via Username Parameter in Forgot Password
CVSS 7.3
CVE-2025-5369 HIGH
SourceCodester PHP Display Username After Login 1.0 - SQL Injection via Username Parameter
CVSS 7.3
CVE-2025-5368 MEDIUM
Daily Expense Tracker System 1.1 - SQL Injection via todate Parameter
CVSS 6.3
CVE-2025-5367 HIGH
PHPGurukul Online Shopping Portal Project 1.0 - SQL Injection via Product Argument
CVSS 7.3
CVE-2025-5365 HIGH
Campcodes Online Hospital Management System 1.0 - SQL Injection via searchdata Parameter
CVSS 7.3
CVE-2025-5364 HIGH
Campcodes Online Hospital Management System 1.0 - SQL Injection via patname Parameter
CVSS 7.3
CVE-2025-5363 HIGH
Campcodes Online Hospital Management System 1.0 - SQL Injection via Username Parameter in /doctor/index.php
CVSS 7.3
CVE-2025-5362 HIGH
Campcodes Online Hospital Management System 1.0 - SQL Injection via doctorspecilization Parameter
CVSS 7.3
CVE-2025-5361 HIGH
Campcodes Online Hospital Management System 1.0 - SQL Injection via Contact Form Fullname Parameter
CVSS 7.3
CVE-2025-5360 HIGH
Campcodes Online Hospital Management System 1.0 - SQL Injection via Doctor Parameter in Book Appointment
CVSS 7.3
CVE-2025-5359 HIGH
Campcodes Online Hospital Management System 1.0 - SQL Injection via ID Parameter in /appointment-history.php
CVSS 7.3
CVE-2025-5358 HIGH
PHPGurukul Cyber Cafe Management System 1.0 - SQL Injection via fromdate/todate Parameters
CVSS 7.3
CVE-2025-5332 HIGH
1000 Projects Online Notice Board 1.0 - SQL Injection via Email Parameter
CVSS 7.3
CVE-2025-5298 HIGH
Campcodes Online Hospital Management System 1.0 - SQL Injection via fromdate/todate Parameter
CVSS 7.3
Details
Vulnerabilities 4,807
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits