Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-74

CWE-74

High likelihood

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Parent: CWE-707 - Improper Neutralization

The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.

4,808 vulnerabilities with CWE-74

CVE-2024-12898 MEDIUM

1000 Projects Attendance Tracking Management System 1.0 - SQL Injection via faculty_course_id Parameter

CVE-2024-12895 MEDIUM

TreasureHuntGame TreasureHunt < 2024-05-04 - SQL Injection via console_log Function

CVE-2024-12894 MEDIUM

TreasureHuntGame TreasureHunt < 2024-05-04 - SQL Injection via usuario Parameter

CVE-2024-12891 MEDIUM

Online Exam Mastering System 1.0 - SQL Injection via eid Parameter in account.php

CVE-2024-12890 MEDIUM

Online Exam Mastering System 1.0 - SQL Injection via eid Parameter in update.php

CVE-2024-12884 HIGH

Codezips E-Commerce Website 1.0 - SQL Injection via Login Email Parameter

CVE-2024-12794 MEDIUM

Codezips E-Commerce Site 1.0 - SQL Injection via dstatus/quantity/ddate Parameters

CVE-2024-12792 HIGH

Codezips E-Commerce Site 1.0 - SQL Injection via newadmin.php Email Parameter

CVE-2024-12791 HIGH

Codezips E-Commerce Site 1.0 - SQL Injection via Email Parameter in signin.php

CVE-2024-12789 MEDIUM

PbootCMS < 3.2.4 - Remote Code Execution via Tag Parameter in IndexController

CVE-2024-12788 HIGH

Codezips Technical Discussion Forum 1.0 - SQL Injection via signinpost.php Username Parameter

CVE-2024-12787 HIGH

1000 Projects Attendance Tracking Management System 1.0 - SQL Injection via student_emailid Parameter

CVE-2024-12785 MEDIUM

Vehicle Management System 1.0 - SQL Injection via sendmail.php id Parameter

CVE-2024-12784 MEDIUM

itsourcecode Vehicle Management System 1.0 - SQL Injection via editbill.php id Parameter

CVE-2024-12497 HIGH

1000 Projects Attendance Tracking Management System 1.0 - SQL Injection via admin_user_name Parameter

CVE-2024-12492 MEDIUM

code-projects Farmacia 1.0 - SQL Injection via /visualizar-usuario.php id Parameter

CVE-2024-12490 MEDIUM

Online Class and Exam Scheduling System 1.0 - SQL Injection via Teacher Save Page

CVE-2024-12489 MEDIUM

Online Class and Exam Scheduling System 1.0 - SQL Injection via term.php id Parameter

CVE-2024-12488 MEDIUM

Online Class and Exam Scheduling System 1.0 - SQL Injection via subject_update.php id Parameter

CVE-2024-12487 MEDIUM

Online Class and Exam Scheduling System 1.0 - SQL Injection via /pages/room_update.php id Parameter

CVE-2024-12486 MEDIUM

Online Class and Exam Scheduling System 1.0 - SQL Injection via rank_update.php id Parameter

CVE-2024-12485 MEDIUM

Online Class and Exam Scheduling System 1.0 - SQL Injection via Department ID Parameter

CVE-2024-12484 HIGH

Codezips Technical Discussion Forum 1.0 - SQL Injection via Username Parameter in signuppost.php

CVE-2024-12481 MEDIUM

cjbi wetech-cms 1.0/1.1/1.2 - SQL Injection via UserDao.findUser

CVE-2024-12480 MEDIUM

cjbi wetech-cms 1.0/1.1/1.2 - SQL Injection via TopicDao searchTopic Function

Previous Page 146 of 193 Next

Details

Vulnerabilities 4,808

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy