CWE-74

High likelihood

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Parent: CWE-707 - Improper Neutralization

The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.

4,808 vulnerabilities with CWE-74
CVE-2025-1858 HIGH
Codezips Online Shopping Website 1.0 - SQL Injection
CVSS 7.3
CVE-2025-1857 HIGH
PHPGurukul Nipah Virus Testing Management System 1.0 - SQL Injection
CVSS 7.3
CVE-2025-1856 HIGH
Codezips Gym Management System 1.0 - SQL Injection
CVSS 7.3
CVE-2025-1855 MEDIUM
PHPGurukul Online Shopping Portal 2.1 - SQL Injection
CVSS 6.3
CVE-2025-1854 MEDIUM
Codezips Gym Management System 1.0 - SQL Injection
CVSS 6.3
CVE-2025-1850 HIGH
Codezips College Management System 1.0 - SQL Injection
CVSS 7.3
CVE-2025-1845 MEDIUM
ESAFENET DSM 3.1.2 - Command Injection
CVSS 6.3
CVE-2025-1844 MEDIUM
ESAFENET CDG 5.6.3.154.205_20250114 - SQL Injection
CVSS 6.3
CVE-2025-1843 MEDIUM
Mini-Tmall <20250211 - SQL Injection
CVSS 6.3
CVE-2025-1841 HIGH
ESAFENET CDG 5.6.3.154.205 - SQL Injection
CVSS 7.3
CVE-2025-1840 HIGH
ESAFENET CDG 5.6.3.154.205 - SQL Injection
CVSS 7.3
CVE-2025-1836 MEDIUM
Incorta 2023.4.3 - CSV Injection via Edit Insight Handler Service Name Argument
CVSS 4.3
CVE-2025-1832 MEDIUM
zframeworks zz < 2024-8 - SQL Injection via roleid Parameter in getUserList Function
CVSS 6.3
CVE-2025-1831 MEDIUM
zframeworks zz < 2024-8 - SQL Injection via GetDBUser Function
CVSS 6.3
CVE-2025-1821 MEDIUM
zframeworks zz < 2024-8 - SQL Injection via getUserOrgForUserId Function
CVSS 6.3
CVE-2025-1820 MEDIUM
zframeworks zz < 2024-8 - SQL Injection via tableId Argument in getOaWid Function
CVSS 6.3
CVE-2025-1812 MEDIUM
zframeworks zz < 2024-8 - SQL Injection via GetUserOrg Function
CVSS 6.3
CVE-2025-1811 HIGH
AT Software Solutions ATSVD <3.4.1 - SQL Injection
CVSS 7.3
CVE-2025-1809 HIGH
Pixsoft Sol <7.6.6c - SQL Injection
CVSS 7.3
CVE-2025-1808 HIGH
Pixsoft E-Saphira 1.7.24 - SQL Injection
CVSS 7.3
CVE-2025-1807 LOW
Eastnets PaymentSafe <2.5.26.0 - XSS
CVSS 3.5
CVE-2025-1800 MEDIUM
D-Link DAR-7000 3.2 - Command Injection
CVSS 6.3
CVE-2025-1797 MEDIUM
Hunan Zhonghe Baiyi Information Technology Baiyiyun Asset Managemen...
CVSS 6.3
CVE-2025-25477 HIGH
SysPass 3.2.0-3.2.10 - Host Header Injection
CVSS 8.1
CVE-2025-1691 HIGH
mongodb/mongosh < 2.3.9 - Control Character Injection via Autocomplete Feature
CVSS 7.6
Details
Vulnerabilities 4,808
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits