CWE-74

High likelihood

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Parent: CWE-707 - Improper Neutralization

The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.

4,808 vulnerabilities with CWE-74
CVE-2024-11055 HIGH
1000 Projects Beauty Parlour Management System 1.0 - SQL Injection via adminname Parameter
CVSS 7.3
CVE-2024-11051 MEDIUM
Amttgroup Hibos < 3.0.3.151204 - Injection
CVSS 6.3
CVE-2024-52004 HIGH
MediaCMS < 4.1.0 - Remote Code Execution via Media Upload Input Validation Bypass
CVE-2024-10998 HIGH
Bookstore Management System 1.0 - SQL Injection via cat Parameter in process_category_add.php
CVSS 7.3
CVE-2024-10997 MEDIUM
Bookstore Management System 1.0 - SQL Injection via /book_list.php id Parameter
CVSS 6.3
CVE-2024-10996 HIGH
Bookstore Management System 1.0 - SQL Injection via cat Parameter in process_category_edit.php
CVSS 7.3
CVE-2024-10995 HIGH
Codezips Hospital Appointment System 1.0 - SQL Injection via /removeDoctorResult.php Name Parameter
CVSS 7.3
CVE-2024-10991 HIGH
Codezips Hospital Appointment System 1.0 - SQL Injection via /editBranchResult.php ID Parameter
CVSS 7.3
CVE-2024-10990 MEDIUM
SourceCodester Online Veterinary Appointment System 1.0 - SQL Injection via view_service.php id Parameter
CVSS 6.3
CVE-2024-10989 MEDIUM
E-Health Care System 1.0 - SQL Injection via s_id Parameter in Admin/detail.php
CVSS 6.3
CVE-2024-10988 HIGH
E-Health Care System 1.0 - SQL Injection via Doctor Login Email Parameter
CVSS 7.3
CVE-2024-10987 MEDIUM
E-Health Care System 1.0 SQL Injection via schedule/booking Parameters
CVSS 6.3
CVE-2024-10969 HIGH
1000 Projects Bookstore Management System 1.0 - SQL Injection via Login Process
CVSS 7.3
CVE-2024-10968 HIGH
1000projects Bookstore Management System 1.0 - SQL Injection via /contact_process.php fnm Parameter
CVSS 7.3
CVE-2024-10967 HIGH
E-Health Care System 1.0 - SQL Injection via Doctor Appointment Request ID Parameter
CVSS 7.3
CVE-2024-10947 MEDIUM
Guangzhou Tuchuang Interlib Library Cluster Automation Management System <= 2.0.1 SQL Injection via bookrecno
CVSS 4.7
CVE-2024-10946 MEDIUM
Guangzhou Tuchuang Interlib Library Cluster Automation Management System <= 2.0.1 - SQL Injection via sql Argument
CVSS 4.7
CVE-2024-10928 LOW
monocms < 2024-05-28 - Cross-Site Scripting via filtcategory/filtstatus Parameter in opensaved.php
CVSS 3.5
CVE-2024-10927 LOW
monocms < 2024-05-28 - Cross-Site Scripting via account.php userid Parameter
CVSS 3.5
CVE-2024-50340 HIGH
symfony/runtime 5.3.0-5.4.45, 6.0.0-6.4.13, 7.0.0-7.1.6 - Environment Manipulation via Crafted Query String
CVSS 7.3
CVE-2024-10926 LOW
IBPhoenix ibWebAdmin <= 1.0.2 - Cross-Site Scripting via toggle_fold_panel.php p Parameter
CVSS 3.5
CVE-2024-10919 MEDIUM
didi Super-Jacoco 1.0 - OS Command Injection via UUID Parameter
CVSS 6.3
CVE-2024-10915 HIGH
D-Link DNS-320, DNS-320LW, DNS-325, and DNS-340L - OS Command Injection via group Parameter
CVSS 8.1
CVE-2024-10914 HIGH
D-Link DNS-320, DNS-320LW, DNS-325, and DNS-340L - OS Command Injection via cgi_user_add name Parameter
CVSS 8.1
CVE-2024-10845 HIGH
Bookstore Management System 1.0 - SQL Injection via book_detail.php id Parameter
CVSS 7.3
Details
Vulnerabilities 4,808
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits