CWE-74

High likelihood

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Parent: CWE-707 - Improper Neutralization

The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.

4,808 vulnerabilities with CWE-74
CVE-2025-0793 MEDIUM
ESAFENET CDG V5 - SQL Injection via /todoDetail.jsp flowId Parameter
CVSS 6.3
CVE-2025-0792 MEDIUM
ESAFENET CDG V5 - SQL Injection via /sdTodoDetail.jsp flowId Parameter
CVSS 6.3
CVE-2025-0791 MEDIUM
ESAFENET CDG V5 - SQL Injection via /sdDoneDetail.jsp flowId Parameter
CVSS 6.3
CVE-2025-0789 MEDIUM
ESAFENET CDG V5 - SQL Injection via flowId Parameter in doneDetail.jsp
CVSS 6.3
CVE-2025-0788 MEDIUM
ESAFENET CDG V5 - SQL Injection via /content_top.jsp id Parameter
CVSS 6.3
CVE-2025-0786 MEDIUM
ESAFENET CDG V5 - SQL Injection via /appDetail.jsp flowId Parameter
CVSS 6.3
CVE-2025-24364 HIGH
vaultwarden < 1.33.0 - Authenticated Remote Code Execution via Sendmail Configuration
CVSS 7.2
CVE-2025-0701 MEDIUM
JoeyBling bootplus < 2020-08-24 - SQL Injection via /admin/sys/user/list sort Parameter
CVSS 6.3
CVE-2025-0700 MEDIUM
JoeyBling bootplus < 247d5f6 - SQL Injection via /admin/sys/log/list logId Parameter
CVSS 6.3
CVE-2025-0699 MEDIUM
JoeyBling bootplus - SQL Injection via /admin/sys/role/list Sort Parameter
CVSS 6.3
CVE-2025-0698 MEDIUM
bootplus < 2020-08-24 - SQL Injection via sort/order Parameter
CVSS 6.3
CVE-2025-0697 MEDIUM
Telstra Smart Modem Gen 2 <20250115 - Code Injection
CVSS 5.3
CVE-2025-0579 HIGH
Shiprocket Module 3/4 - SQL Injection
CVSS 7.3
CVE-2025-0565 HIGH
ZZCMS 2023 - SQL Injection via /index.php id Parameter
CVSS 7.3
CVE-2025-0564 HIGH
Fantasy-Cricket 1.0 - SQL Injection
CVSS 7.3
CVE-2025-0563 MEDIUM
Fantasy-Cricket 1.0 - SQL Injection
CVSS 6.3
CVE-2025-0562 MEDIUM
Codezips Gym Management System 1.0 - SQL Injection
CVSS 6.3
CVE-2025-0561 MEDIUM
itsourcecode Farm Management System 1.0 - SQL Injection
CVSS 6.3
CVE-2025-0558 MEDIUM
TDuckCloud tduck-platform <4.0 - SQL Injection
CVSS 6.3
CVE-2025-0541 MEDIUM
Codezips Gym Management System 1.0 - SQL Injection
CVSS 6.3
CVE-2025-0540 MEDIUM
itsourcecode Tailoring Management System 1.0 - SQL Injection
CVSS 6.3
CVE-2025-0536 MEDIUM
1000 Projects Attendance Tracking Management System 1.0 - SQL Injection via attendance_id Parameter
CVSS 6.3
CVE-2025-0535 MEDIUM
Codezips Gym Management System 1.0 - SQL Injection
CVSS 6.3
CVE-2025-0534 HIGH
1000 Projects Campaign Management System Platform 1.0 - SQL Injection
CVSS 7.3
CVE-2025-0533 HIGH
1000 Projects Campaign Management System Platform 1.0 - SQL Injection
CVSS 7.3
Details
Vulnerabilities 4,808
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits