CWE-74

High likelihood

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Parent: CWE-707 - Improper Neutralization

The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.

4,808 vulnerabilities with CWE-74
CVE-2024-11257 HIGH
1000 Projects Beauty Parlour Management System 1.0 - SQL Injection via Forgot Password Email Parameter
CVSS 7.3
CVE-2024-11256 HIGH
1000 Projects Portfolio Management System MCA 1.0 - SQL Injection via Username Parameter
CVSS 7.3
CVE-2024-11251 MEDIUM
Jeewms < 2024-11-08 - SQL Injection via cgReportController.do begin_date Parameter
CVSS 6.3
CVE-2024-11250 MEDIUM
code-projects Inventory Management <= 1.0 - SQL Injection via /model/editProduct.php id Parameter
CVSS 6.3
CVE-2024-11245 MEDIUM
code-projects Farmacia 1.0 - SQL Injection via /editar-produto.php id Parameter
CVSS 6.3
CVE-2024-11244 MEDIUM
code-projects Farmacia 1.0 - SQL Injection via /editar-cliente.php id Parameter
CVSS 6.3
CVE-2024-11242 MEDIUM
ZZCMS 2023 - SQL Injection via Keyword Filtering in /admin/ad_list.php
CVSS 4.7
CVE-2024-11241 HIGH
Job Recruitment 1.0 - SQL Injection via reset.php e Parameter
CVSS 7.3
CVE-2024-11213 MEDIUM
Best Employee Management System 1.0 - SQL Injection via /admin/edit_role.php id Parameter
CVSS 4.7
CVE-2024-11212 MEDIUM
Best Employee Management System 1.0 - SQL Injection via Barcode Parameter
CVSS 6.3
CVE-2024-11127 MEDIUM
Job Recruitment <= 1.0 - SQL Injection via admin.php userid Parameter
CVSS 6.3
CVE-2024-11124 MEDIUM
TimGeyssens UIOMatic 5 - SQL Injection in uioMaticObject.r
CVSS 4.7
CVE-2024-50572 HIGH
Siemens SCALANCE and RUGGEDCOM Devices < V8.2 - Authenticated Remote Code Execution via Input Field Injection
CVSS 7.2
CVE-2024-11121 MEDIUM
Lingdang CRM < 8.6.4.3 - SQL Injection via userid Parameter
CVSS 6.3
CVE-2024-11101 MEDIUM
1000 Projects Beauty Parlour Management System 1.0 - SQL Injection via Searchdata Parameter
CVSS 4.7
CVE-2024-11100 HIGH
1000 Projects Beauty Parlour Management System 1.0 - SQL Injection via /index.php name Parameter
CVSS 7.3
CVE-2024-11099 HIGH
Job Recruitment 1.0 - SQL Injection via Email Parameter in Login
CVSS 7.3
CVE-2024-11096 MEDIUM
code-projects Task Manager 1.0 - SQL Injection via projectName Parameter
CVSS 6.3
CVE-2024-11077 HIGH
Job Recruitment 1.0 - SQL Injection via Email Parameter
CVSS 7.3
CVE-2024-11076 MEDIUM
Job Recruitment 1.0 - SQL Injection via e_hash Parameter in /activation.php
CVSS 6.3
CVE-2024-11074 MEDIUM
Tailoring Management System 1.0 - SQL Injection via inccat Parameter
CVSS 6.3
CVE-2024-11060 MEDIUM
Jinher Network Collaborative Management Platform 1.0 - SQL Injection
CVSS 6.3
CVE-2024-11059 MEDIUM
Project Worlds Free Download Online Shopping System - SQL Injection via success.php id Parameter
CVSS 6.3
CVE-2024-11058 MEDIUM
CodeAstro Real Estate Management System <= 1.0 - SQL Injection via About Us Page id Parameter
CVSS 4.7
CVE-2024-11057 HIGH
Codezips Hospital Appointment System 1.0 - SQL Injection via /removeBranchResult.php ID/Name Parameter
CVSS 7.3
Details
Vulnerabilities 4,808
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits