Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-74

CWE-74

High likelihood

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Parent: CWE-707 - Improper Neutralization

The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.

4,808 vulnerabilities with CWE-74

CVE-2025-1641 HIGH

Benner ModernaNet < 1.1.1 - SQL Injection via /AGE0000700/GetHorariosDoDia Endpoint

CVE-2025-1640 HIGH

Benner ModernaNet < 1.1.1 - SQL Injection via JS_CarregaCombo Endpoint

CVE-2025-1611 MEDIUM

ShopXO < 6.4.0 - Remote Code Execution in Template Handler

CVE-2025-1596 HIGH

Best Church Management Software 1.0 - SQL Injection via Email Parameter in fpassword.php

CVE-2025-1583 MEDIUM

PHPGurukul Online Nurse Hiring System 1.0 - SQL Injection via searchinput Parameter

CVE-2025-1582 MEDIUM

PHPGurukul Online Nurse Hiring System 1.0 - SQL Injection via /admin/all-request.php viewid Parameter

CVE-2025-1581 MEDIUM

PHPGurukul Online Nurse Hiring System 1.0 - SQL Injection via book-nurse.php contactname Parameter

CVE-2025-1580 MEDIUM

PHPGurukul Nipah Virus Testing Management System 1.0 - SQL Injection via searchdata Parameter

CVE-2025-1578 MEDIUM

PHPGurukul Online Shopping Portal 2.1 - SQL Injection via Product Parameter in search-result.php

CVE-2025-1576 MEDIUM

Real Estate Property Management System 1.0 - SQL Injection via StateName Parameter in /ajax_state.php

CVE-2025-1544 MEDIUM

dingfanzu CMS <20250210 - SQL Injection

CVE-2025-1537 MEDIUM

Harpia DiagSystem 12 - SQL Injection

CVE-2025-1535 HIGH

Baiyi Cloud Asset Management System <8.142.100.161 - SQL Injection

CVE-2025-1465 MEDIUM

lmxcms 1.41 - Code Injection in Maintenance Component

CVE-2025-1464 HIGH

Baiyi Cloud Asset Management System <20250204 - SQL Injection

CVE-2025-1448 HIGH

Synway SMG Gateway Management Software <20250204 - Command Injection

CVE-2025-1381 MEDIUM

Real Estate Property Management System 1.0 - SQL Injection via CityName Parameter in /ajax_city.php

CVE-2025-1380 MEDIUM

Codezips Gym Management System 1.0 - SQL Injection via del_plan.php Name Parameter

CVE-2025-1379 MEDIUM

Real Estate Property Management System 1.0 - SQL Injection via CustomerReport.php City Parameter

CVE-2025-1374 MEDIUM

Real Estate Property Management System 1.0 - SQL Injection via StateName/CityName/AreaName/CatId Parameter

CVE-2025-1356 MEDIUM

needyamin Library Card System 1.0 - SQL Injection via card.php id Parameter

CVE-2025-1338 HIGH

NUUO Camera <20250203 - Command Injection

CVE-2025-24904 HIGH

Whisperfish libsignal-service-rs - Plaintext Injection Bypassing E2EE

CVE-2025-1227 MEDIUM

yimioa < 2024-07-04 - SQL Injection in AddressDao.xml selectList Function

CVE-2025-1224 MEDIUM

yimioa < 2024-07-04 - SQL Injection in UserMapper.xml listNameBySql Function

Previous Page 136 of 193 Next

Details

Vulnerabilities 4,808

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy