CWE-74

High likelihood

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Parent: CWE-707 - Improper Neutralization

The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.

4,808 vulnerabilities with CWE-74
CVE-2025-3206 MEDIUM
code-projects Hospital Management System 1.0 - SQL Injection via doctorspecilization Parameter
CVSS 6.3
CVE-2025-3205 MEDIUM
CodeAstro Student Grading System 1.0 - SQL Injection via studentId Parameter
CVSS 6.3
CVE-2025-3204 MEDIUM
CodeAstro Car Rental System 1.0 - SQL Injection via /returncar.php ID Parameter
CVSS 6.3
CVE-2025-3195 HIGH
Online Blood Bank Management System 1.0 - SQL Injection via Search Parameter
CVSS 7.3
CVE-2025-3188 HIGH
PHPGurukul e-Diary Management System 1.0 - SQL Injection via Category Parameter in add-notes.php
CVSS 7.3
CVE-2025-3187 HIGH
PHPGurukul e-Diary Management System 1.0 - SQL Injection via Login Detail Parameter
CVSS 7.3
CVE-2025-3186 HIGH
projectworlds Online Doctor Appointment Booking System 1.0 - SQL Injection via appid Parameter in invoice.php
CVSS 7.3
CVE-2025-3185 HIGH
projectworlds Online Doctor Appointment Booking System 1.0 - SQL Injection via patientFirstName Parameter
CVSS 7.3
CVE-2025-3184 HIGH
projectworlds Online Doctor Appointment Booking System 1.0 - SQL Injection via patientFirstName Parameter
CVSS 7.3
CVE-2025-3183 HIGH
projectworlds Online Doctor Appointment Booking System 1.0 - SQL Injection via patientFirstName Parameter
CVSS 7.3
CVE-2025-3182 HIGH
projectworlds Online Doctor Appointment Booking System 1.0 - SQL Injection via /patient/getschedule.php q Parameter
CVSS 7.3
CVE-2025-3181 HIGH
projectworlds Online Doctor Appointment Booking System 1.0 - SQL Injection via scheduleDate Parameter
CVSS 7.3
CVE-2025-3180 HIGH
projectworlds Online Doctor Appointment Booking System 1.0 - SQL Injection via /doctor/deleteschedule.php ID Parameter
CVSS 7.3
CVE-2025-3179 HIGH
projectworlds Online Doctor Appointment Booking System 1.0 - SQL Injection via /doctor/deletepatient.php ic Parameter
CVSS 7.3
CVE-2025-3178 HIGH
projectworlds Online Doctor Appointment Booking System 1.0 - SQL Injection via ID Parameter in deleteappointment.php
CVSS 7.3
CVE-2025-3176 HIGH
Online Lawyer Management System 1.0 - SQL Injection via u_id Parameter
CVSS 7.3
CVE-2025-3175 HIGH
Online Lawyer Management System 1.0 - SQL Injection via first_Name Parameter
CVSS 7.3
CVE-2025-3174 HIGH
Project Worlds Online Lawyer Management System 1.0 - SQL Injection via searchLawyer.php Experience Parameter
CVSS 7.3
CVE-2025-3173 HIGH
Project Worlds Online Lawyer Management System 1.0 - SQL Injection via save_booking.php lawyer_id/description Parameter
CVSS 7.3
CVE-2025-3172 HIGH
Online Lawyer Management System 1.0 - SQL Injection via unblock_id Parameter
CVSS 7.3
CVE-2025-3171 HIGH
Project Worlds Online Lawyer Management System 1.0 - SQL Injection via unblock_id Parameter
CVSS 7.3
CVE-2025-3170 HIGH
Project Worlds Online Lawyer Management System 1.0 - SQL Injection via block_id/unblock_id Parameter
CVSS 7.3
CVE-2025-3168 HIGH
PHPGurukul Time Table Generator System 1.0 - SQL Injection via editid Parameter
CVSS 7.3
CVE-2025-3164 MEDIUM
Tencent Music Entertainment SuperSonic <= 0.9.8 - Remote Code Execution via H2 Database Connection Handler
CVSS 4.7
CVE-2025-3163 MEDIUM
InternLM LMDeploy <= 0.7.1 - Code Injection in Open Function
CVSS 5.3
Details
Vulnerabilities 4,808
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits