CWE-74

High likelihood

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Parent: CWE-707 - Improper Neutralization

The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.

4,808 vulnerabilities with CWE-74
CVE-2025-2647 HIGH
PHPGurukul Art Gallery Management System 1.0 - SQL Injection
CVSS 7.3
CVE-2025-2646 HIGH
PHPGurukul Art Gallery Management System 1.0 - SQL Injection
CVSS 7.3
CVE-2025-2644 HIGH
PHPGurukul Art Gallery Management System 1.0 - SQL Injection
CVSS 7.3
CVE-2025-2643 HIGH
PHPGurukul Art Gallery Management System 1.0 - SQL Injection
CVSS 7.3
CVE-2025-2642 HIGH
PHPGurukul Art Gallery Management System 1.0 - SQL Injection
CVSS 7.3
CVE-2025-2641 HIGH
PHPGurukul Art Gallery Management System 1.0 - SQL Injection
CVSS 7.3
CVE-2025-2640 HIGH
PHPGurukul Doctor Appointment Management System 1.0 - SQL Injection
CVSS 7.3
CVE-2025-2628 MEDIUM
PHPGurukul Art Gallery Management System 1.1 - SQL Injection
CVSS 6.3
CVE-2025-2627 MEDIUM
PHPGurukul Art Gallery Management System 1.0 - SQL Injection
CVSS 6.3
CVE-2025-2626 MEDIUM
SourceCodester Kortex Lite Advocate Office Management System 1.0 - SQL Injection via edit_case.php ID Parameter
CVSS 6.3
CVE-2025-2625 MEDIUM
westboy CicadasCMS 1.0 - SQL Injection
CVSS 6.3
CVE-2025-2624 MEDIUM
westboy CicadasCMS 1.0 - SQL Injection
CVSS 6.3
CVE-2025-2608 MEDIUM
PHPGurukul Banquet Booking System 1.2 - SQL Injection via viewid Parameter
CVSS 6.3
CVE-2025-2604 MEDIUM
Kortex Lite Advocate Office Management System 1.0 - SQL Injection via edit_act.php ID Parameter
CVSS 6.3
CVE-2025-2603 MEDIUM
Kortex Lite Advocate Office Management System 1.0 - SQL Injection via deactivate.php ID Parameter
CVSS 6.3
CVE-2025-2602 MEDIUM
SourceCodester Kortex Lite Advocate Office Management System 1.0 - SQL Injection via deactivate_reg.php ID Parameter
CVSS 6.3
CVE-2025-2601 MEDIUM
SourceCodester Kortex Lite Advocate Office Management System 1.0 - SQL Injection via activate_reg.php ID Parameter
CVSS 6.3
CVE-2025-2593 MEDIUM
FastCMS <= 0.1.5 - SQL Injection via /api/client/article/list orderBy Parameter
CVSS 6.3
CVE-2025-2587 MEDIUM
Jinher OA C6 1.0 - SQL Injection via IncentivePlanFulfillAppprove.aspx httpOID Parameter
CVSS 6.3
CVE-2025-27787 HIGH
Applio < 3.2.8-bugfix - Path Traversal and Denial of Service via Model Name Parameter
CVSS 7.5
CVE-2025-2473 HIGH
PHPGurukul Company Visitor Management System 2.0 - SQL Injection
CVSS 7.3
CVE-2025-2472 HIGH
PHPGurukul Apartment Visitors Management System 1.0 - SQL Injection
CVSS 7.3
CVE-2025-2471 MEDIUM
PHPGurukul Boat Booking System 1.0 - SQL Injection
CVSS 6.3
CVE-2025-2419 MEDIUM
Real Estate Property Management System 1.0 - SQL Injection
CVSS 6.3
CVE-2025-2393 MEDIUM
Online Class and Exam Scheduling System 1.0 - SQL Injection via id Parameter
CVSS 4.7
Details
Vulnerabilities 4,808
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits