Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-74

CWE-74

High likelihood

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Parent: CWE-707 - Improper Neutralization

The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.

4,808 vulnerabilities with CWE-74

CVE-2025-4914 HIGH

PHPGurukul Auto Taxi Stand Management System 1.0 - SQL Injection via Forgot Password Email Parameter

CVE-2025-4913 HIGH

PHPGurukul Auto Taxi Stand Management System 1.0 - SQL Injection via Username Parameter

CVE-2025-4911 HIGH

PHPGurukul Zoo Management System 2.1 - SQL Injection via viewid Parameter

CVE-2025-4910 HIGH

PHPGurukul Zoo Management System 2.1 - SQL Injection via aname Parameter

CVE-2025-4908 HIGH

PHPGurukul Daily Expense Tracker System 1.1 - SQL Injection via fromdate/todate Parameters

CVE-2025-4907 HIGH

PHPGurukul Daily Expense Tracker System 1.1 - SQL Injection via Forgot Password Email Parameter

CVE-2025-4906 HIGH

PHPGurukul Notice Board System 1.0 - SQL Injection via Username Parameter in Login

CVE-2025-4900 HIGH

Campcodes Sales and Inventory System 1.0 - SQL Injection via Payment Page cid Parameter

CVE-2025-4899 HIGH

Campcodes Sales and Inventory System 1.0 - SQL Injection via Transaction Update ID Parameter

CVE-2025-4895 HIGH

SourceCodester Doctors Appointment System 1.0 - SQL Injection via ID Parameter in Delete Session

CVE-2025-4886 HIGH

Sales and Inventory System 1.0 - SQL Injection via serial Parameter in product_update.php

CVE-2025-4885 HIGH

Sales and Inventory System 1.0 - SQL Injection via Product Add Serial Parameter

CVE-2025-4884 HIGH

itsourcecode Restaurant Management System 1.0 - SQL Injection via /admin/assign_save.php Team Argument

CVE-2025-4882 HIGH

itsourcecode Restaurant Management System 1.0 - SQL Injection via /admin/team_update.php team Parameter

CVE-2025-4881 HIGH

itsourcecode Restaurant Management System 1.0 - SQL Injection via /admin/user_save.php Username Parameter

CVE-2025-4880 HIGH

PHPGurukul News Portal 4.1 - SQL Injection via pagetitle Parameter in /admin/aboutus.php

CVE-2025-4875 HIGH

Campcodes Online Shopping Portal 1.0 - SQL Injection via Forgot Password Email Parameter

CVE-2025-4874 HIGH

PHPGurukul News Portal Project 4.1 - SQL Injection via Contactus Page Title Parameter

CVE-2025-4873 HIGH

PHPGurukul News Portal 4.1 - SQL Injection via Username Parameter in Login

CVE-2025-4870 HIGH

itsourcecode Restaurant Management System 1.0 - SQL Injection via /admin/menu_save.php Menu Parameter

CVE-2025-4869 HIGH

itsourcecode Restaurant Management System 1.0 - SQL Injection via menu Parameter in member_update.php

CVE-2025-4866 MEDIUM

weibocom rill-flow 0.1.18 - Remote Code Injection in Management Console

CVE-2025-4865 HIGH

Restaurant Management System 1.0 - SQL Injection via last Parameter

CVE-2025-4864 HIGH

itsourcecode Restaurant Management System 1.0 - SQL Injection via /admin/finished.php ID Parameter

CVE-2025-4863 MEDIUM

Advaya Softech GEMS ERP Portal 2.1 - SQL Injection via userId Parameter

Previous Page 112 of 193 Next

Details

Vulnerabilities 4,808

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy