Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-74

CWE-74

High likelihood

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Parent: CWE-707 - Improper Neutralization

The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.

4,808 vulnerabilities with CWE-74

CVE-2025-4861 HIGH

PHPGurukul Beauty Parlour Management System 1.1 - SQL Injection via Admin Profile Contact Number Parameter

CVE-2025-4851 MEDIUM

TOTOLINK N300RH 6.1c.1390_B20191101 - OS Command Injection via FileName Parameter in setUploadUserData

CVE-2025-4850 MEDIUM

TOTOLINK N300RH 6.1c.1390_B20191101 - OS Command Injection via plugin_name Parameter

CVE-2025-4849 MEDIUM

TOTOLINK N300RH 6.1c.1390_B20191101 - OS Command Injection via CloudACMunualUpdateUserdata URL Parameter

CVE-2025-4837 HIGH

projectworlds Student Project Allocation System 1.0 - SQL Injection via mem1/mem2/mem3 Parameters

CVE-2025-4836 HIGH

Projectworlds Life Insurance Management System 1.0 - SQL Injection via /deleteAgent.php agent_id Parameter

CVE-2025-47948 HIGH

cocotais-bot 1.5.0-test2-hotfix-1.6.2 - Unauthenticated Privilege Escalation via Command Echo Injection

CVE-2025-4818 HIGH

SourceCodester Doctor's Appointment System 1.0 - SQL Injection

CVE-2025-4817 HIGH

Sourcecodester Doctor's Appointment System 1.0 - SQL Injection

CVE-2025-4816 HIGH

SourceCodester Doctor's Appointment System 1.0 - SQL Injection

CVE-2025-4815 HIGH

Campcodes Sales and Inventory System 1.0 - SQL Injection

CVE-2025-4814 HIGH

Campcodes Sales & Inventory System 1.0 - SQL Injection

CVE-2025-4813 HIGH

PHPGurukul Human Metapneumovirus Testing Management System 1.0 - SQ...

CVE-2025-4812 HIGH

PHPGurukul Human Metapneumovirus Testing Management System 1.0 - SQ...

CVE-2025-4811 HIGH

CodeAstro Pharmacy Management System 1.0 - SQL Injection

CVE-2025-4808 MEDIUM

PHPGurukul Park Ticketing Management System 2.0 - SQL Injection

CVE-2025-4806 MEDIUM

SourceCodester/oretnom23 Stock Management System 1.0 - SQL Injection

CVE-2025-4795 MEDIUM

schoolcms 2.3.1 - SQL Injection via SaveInfo Function ID Parameter

CVE-2025-4794 HIGH

PHPGurukul Online Course Registration 3.1 - SQL Injection via News Title Parameter

CVE-2025-4793 HIGH

PHPGurukul Online Course Registration 3.1 - SQL Injection via cgpa Parameter

CVE-2025-4787 MEDIUM

SourceCodester Stock Management System 1.0 - SQL Injection via Sales View ID Parameter

CVE-2025-4786 MEDIUM

oretnom23 Stock Management System 1.0 - SQL Injection via /admin/?page=return/view_return ID Parameter

CVE-2025-4785 HIGH

PHPGurukul Daily Expense Tracker System 1.1 - SQL Injection via User Profile Fullname/Contactnumber

CVE-2025-4782 MEDIUM

SourceCodester oretnom23 Stock Management System 1.0 - SQL Injection via ID Parameter

CVE-2025-4781 MEDIUM

Park Ticketing Management System 2.0 - SQL Injection via Forgot Password Email/Contact Parameter

Previous Page 113 of 193 Next

Details

Vulnerabilities 4,808

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy