Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-74

CWE-74

High likelihood

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Parent: CWE-707 - Improper Neutralization

The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.

4,808 vulnerabilities with CWE-74

CVE-2025-3151 HIGH

Gym Management System 1.0 - SQL Injection via user_name Parameter in signup.php

CVE-2025-3147 HIGH

PHPGurukul Boat Booking System 1.0 - SQL Injection via sadminusername Parameter

CVE-2025-3146 HIGH

PHPGurukul Bus Pass Management System 1.0 - SQL Injection via viewid Parameter

CVE-2025-3143 MEDIUM

SourceCodester Apartment Visitor Management System 1.0 - SQL Injection via visname/address Parameters

CVE-2025-3142 MEDIUM

Apartment Visitor Management System 1.0 - SQL Injection via Building Number Parameter

CVE-2025-3141 MEDIUM

SourceCodester Online Medicine Ordering System 1.0 - SQL Injection via manage_category.php ID Parameter

CVE-2025-3140 MEDIUM

SourceCodester Online Medicine Ordering System 1.0 - SQL Injection via /view_category.php ID Parameter

CVE-2025-3138 HIGH

PHPGurukul Online Security Guards Hiring System 1.0 - SQL Injection via editid Parameter

CVE-2025-3137 HIGH

PHPGurukul Online Security Guards Hiring System 1.0 - SQL Injection via editid Parameter

CVE-2025-3135 MEDIUM

fcba_zzm Smart Park Management System 2.1 - SQL Injection via /api/system/dept/update

CVE-2025-3134 MEDIUM

Payroll Management System 1.0 - SQL Injection via /add_overtime.php Rate Parameter

CVE-2025-3120 MEDIUM

Apartment Visitors Management System 1.0 - SQL Injection via apartmentno Parameter

CVE-2025-3119 MEDIUM

SourceCodester Online Tutor Portal 1.0 - SQL Injection via ID Parameter in manage_course.php

CVE-2025-3118 MEDIUM

SourceCodester Online Tutor Portal 1.0 - SQL Injection via ID Parameter in view_course.php

CVE-2025-3045 MEDIUM

oretnom23 Apartment Visitor Management System 1.0 - SQL Injection via /remove-apartment.php ID Parameter

CVE-2025-3039 MEDIUM

Payroll Management System 1.0 - SQL Injection via lname/fname Parameter

CVE-2025-3038 MEDIUM

Payroll Management System 1.0 - SQL Injection via salary_rate Parameter in view_account.php

CVE-2025-3018 MEDIUM

SourceCodester Online Eyewear Shop 1.0 - SQL Injection via Users.php ID Parameter

CVE-2025-3009 MEDIUM

Jinher Network OA C6 - SQL Injection

CVE-2025-3008 MEDIUM

Novastar CX40 <2.44.0 - Command Injection

CVE-2025-3006 HIGH

PHPGurukul e-Diary Management System 1.0 - SQL Injection via Category Parameter in edit-category.php

CVE-2025-3003 MEDIUM

ESAFENET CDG 3 - SQL Injection via Username Parameter in UserAjax

CVE-2025-3026 MEDIUM

EJBCA 8.0-<9.1 - Open Redirect via Host Header Manipulation

CVE-2025-2985 MEDIUM

code-projects Payroll Management System 1.0 - SQL Injection

CVE-2025-2984 MEDIUM

code-projects Payroll Management System 1.0 - SQL Injection

Previous Page 128 of 193 Next

Details

Vulnerabilities 4,808

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy