CWE-74

High likelihood

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Parent: CWE-707 - Improper Neutralization

The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.

4,808 vulnerabilities with CWE-74
CVE-2025-5004 HIGH
projectworlds Online Time Table Generator 1.0 - SQL Injection
CVSS 7.3
CVE-2025-5003 HIGH
projectworlds Online Time Table Generator 1.0 - SQL Injection
CVSS 7.3
CVE-2025-5002 HIGH
SourceCodester Client Database Management System 1.0 - SQL Injection
CVSS 7.3
CVE-2025-5000 MEDIUM
Linksys FGW3000-AH/HK <1.0.17.000000 - Command Injection
CVSS 6.3
CVE-2025-4999 MEDIUM
Linksys FGW3000-AH and FGW3000-HK < 1.0.17.000000 - Command Injection via supplicant_rnd_id_en Parameter
CVSS 6.3
CVE-2025-48056 MEDIUM
Hubble < 1.17.2 - Terminal Output Manipulation via Malicious Control Characters
CVSS 5.3
CVE-2025-4941 HIGH
PHPGurukul Credit Card Application Management System 1.0 - SQL Injection via Username Parameter
CVSS 7.3
CVE-2025-4940 HIGH
1000projects Daily College Class Work Report Book 1.0 - SQL Injection via batch Parameter in admin_info.php
CVSS 7.3
CVE-2025-4938 MEDIUM
PHPGurukul Employee Record Management System 1.3 - SQL Injection via Email Parameter in registererms.php
CVSS 6.3
CVE-2025-4937 HIGH
Apartment Visitor Management System 1.0 - SQL Injection via Profile Mobile Number Parameter
CVSS 7.3
CVE-2025-4936 HIGH
projectworlds Online Food Ordering System 1.0 - SQL Injection via /admin-page.php 1_price Parameter
CVSS 7.3
CVE-2025-4935 HIGH
SourceCodester Stock Management System 1.0 - SQL Injection via changePassword.php user_id Parameter
CVSS 7.3
CVE-2025-4934 HIGH
PHPGurukul User Registration & Login and User Management System 3.3 - SQL Injection via Contact Parameter
CVSS 7.3
CVE-2025-4933 MEDIUM
ponaravindb Hospital-Management-System 1.0 - SQL Injection via /doctor-panel.php ID Parameter
CVSS 6.3
CVE-2025-4932 HIGH
Online Lawyer Management System 1.0 - SQL Injection via Email Parameter in Lawyer Registration
CVSS 7.3
CVE-2025-4931 HIGH
Online Lawyer Management System 1.0 - SQL Injection via Email Parameter in User Registration
CVSS 7.3
CVE-2025-4930 HIGH
Campcodes Online Shopping Portal 1.0 - SQL Injection via billingaddress Parameter
CVSS 7.3
CVE-2025-4929 HIGH
Campcodes Online Shopping Portal 1.0 - SQL Injection via Name Parameter in /my-account.php
CVSS 7.3
CVE-2025-4928 HIGH
Online Lawyer Management System 1.0 - SQL Injection via save_lawyer_edit_profile.php
CVSS 7.3
CVE-2025-4927 HIGH
PHPGurukul Online Marriage Registration System 1.0 - SQL Injection via fromdate/todate Parameters
CVSS 7.3
CVE-2025-4925 HIGH
PHPGurukul Daily Expense Tracker System 1.1 - SQL Injection via fromdate/todate Parameters
CVSS 7.3
CVE-2025-4924 HIGH
SourceCodester Client Database Management System 1.0 - SQL Injection via order_id Parameter
CVSS 7.3
CVE-2025-4917 HIGH
PHPGurukul Auto Taxi Stand Management System 1.0 - SQL Injection via drivername Parameter
CVSS 7.3
CVE-2025-4916 HIGH
PHPGurukul Auto Taxi Stand Management System 1.0 - SQL Injection via Admin Profile Mobile Number Parameter
CVSS 7.3
CVE-2025-4915 HIGH
PHPGurukul Auto Taxi Stand Management System 1.0 - SQL Injection via Price Parameter
CVSS 7.3
Details
Vulnerabilities 4,808
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits