CWE-74

High likelihood

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Parent: CWE-707 - Improper Neutralization

The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.

4,808 vulnerabilities with CWE-74
CVE-2025-4192 HIGH
itsourcecode Restaurant Management System 1.0 - SQL Injection via Category Parameter in /admin/category_save.php
CVSS 7.3
CVE-2025-4191 HIGH
PHPGurukul Employee Record Management System 1.3 - SQL Injection via editmyeducation.php coursepg/yophsc Parameter
CVSS 7.3
CVE-2025-4176 HIGH
PHPGurukul Blood Bank & Donor Management System 2.4 - SQL Injection via searchdata Parameter
CVSS 7.3
CVE-2025-4174 HIGH
PHPGurukul COVID19 Testing Management System 1.0 - SQL Injection via Username Parameter in Login
CVSS 7.3
CVE-2025-4173 MEDIUM
SourceCodester Online Eyewear Shop 1.0 - SQL Injection via Master.php delete_cart ID Parameter
CVSS 6.3
CVE-2025-4164 HIGH
PHPGurukul Employee Record Management System 1.3 - SQL Injection via changepassword.php currentpassword Parameter
CVSS 7.3
CVE-2025-4163 MEDIUM
PHPGurukul Land Record System 1.0 - SQL Injection via pagetitle Parameter
CVSS 6.3
CVE-2025-4157 MEDIUM
PHPGurukul Boat Booking System 1.0 - SQL Injection via Status Parameter in Booking Details
CVSS 6.3
CVE-2025-4156 MEDIUM
PHPGurukul Boat Booking System 1.0 - SQL Injection via /admin/change-image.php ID Parameter
CVSS 6.3
CVE-2025-4155 MEDIUM
PHPGurukul Boat Booking System 1.0 - SQL Injection via /admin/edit-boat.php bid Parameter
CVSS 6.3
CVE-2025-4154 MEDIUM
PHPGurukul Pre-School Enrollment System 1.0 - SQL Injection via Status Parameter in /admin/enrollment-details.php
CVSS 6.3
CVE-2025-4153 HIGH
PHPGurukul Park Ticketing Management System 2.0 - SQL Injection via adminname Parameter
CVSS 7.3
CVE-2025-4152 HIGH
PHPGurukul Online Birth Certificate System 1.0 - SQL Injection via fromdate Parameter
CVSS 7.3
CVE-2025-4151 HIGH
PHPGurukul Curfew e-Pass Management System 1.0 - SQL Injection via fromdate Parameter
CVSS 7.3
CVE-2025-4135 MEDIUM
Netgear WG302v2 Firmware < 5.2.9 - Remote Command Injection via ui_get_input_value Host Argument
CVSS 6.3
CVE-2025-4122 MEDIUM
Netgear JWNR2000v2 1.0.0.11 - Command Injection via host Argument in sub_435E04
CVSS 6.3
CVE-2025-4121 MEDIUM
Netgear JWNR2000v2 1.0.0.11 - OS Command Injection via cmd_wireless host Argument
CVSS 6.3
CVE-2025-4113 MEDIUM
PHPGurukul Curfew e-Pass Management System 1.0 - SQL Injection via editid Parameter
CVSS 6.3
CVE-2025-4112 HIGH
PHPGurukul Student Record System 3.20 - SQL Injection via Course-Short Parameter
CVSS 7.3
CVE-2025-4111 MEDIUM
PHPGurukul Pre-School Enrollment System 1.0 - SQL Injection via Status Parameter
CVSS 6.3
CVE-2025-4110 MEDIUM
PHPGurukul Pre-School Enrollment System 1.0 - SQL Injection via mobilenumber Parameter
CVSS 6.3
CVE-2025-4109 MEDIUM
PHPGurukul Pre-School Enrollment System 1.0 - SQL Injection via mobilenumber Parameter
CVSS 6.3
CVE-2025-4108 HIGH
PHPGurukul Student Record System 3.20 - SQL Injection via sub1 Parameter in add-subject.php
CVSS 7.3
CVE-2025-4080 MEDIUM
PHPGurukul Online Nurse Hiring System 1.0 - SQL Injection via viewid Parameter
CVSS 6.3
CVE-2025-4076 MEDIUM
LB-LINK BL-AC3600 <1.0.22 - Command Injection
CVSS 6.3
Details
Vulnerabilities 4,808
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits