CWE-74

High likelihood

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Parent: CWE-707 - Improper Neutralization

The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.

4,795 vulnerabilities with CWE-74
CVE-2025-15133 MEDIUM
ZSPACE Z4Pro+ 1.0.0440024 - OS Command Injection via zfilev2_api_CloseSafe Function
CVSS 6.3
CVE-2025-15132 MEDIUM
ZSPACE Z4Pro+ < 1.0.0440024 - Remote Command Injection via zfilev2_api_open Function
CVSS 6.3
CVE-2025-15131 MEDIUM
ZSPACE Z4Pro+ < 1.0.0440024 - OS Command Injection via zfilev2_api_SafeStatus
CVSS 6.3
CVE-2025-15130 MEDIUM
shanyu SyCms <a242ef2d194e8bb249dc175e7c49f2c1673ec921 - Code Injec...
CVSS 4.7
CVE-2025-15129 MEDIUM
ChenJinchuang Lin-CMS-TP5 <0.3.3 - Code Injection
CVSS 6.3
CVE-2025-15127 HIGH
FantasticLBP Hotels_Server - SQL Injection
CVSS 7.3
CVE-2025-15088 MEDIUM
ketr JEPaaS <= 7.2.8 - SQL Injection via postilService.loadPostils keyWord Parameter
CVSS 6.3
CVE-2025-15081 MEDIUM
JD Cloud BE6500 4.4.1.r4308 - Command Injection
CVSS 6.3
CVE-2025-15078 HIGH
Student Management System 1.0 - SQL Injection via sy Parameter in list_report.php
CVSS 7.3
CVE-2025-15077 HIGH
itsourcecode Student Management System 1.0 - SQL Injection via form137.php ID Parameter
CVSS 7.3
CVE-2025-15075 HIGH
itsourcecode Student Management System 1.0 - SQL Injection via student_p.php ID Parameter
CVSS 7.3
CVE-2025-15074 HIGH
Online Frozen Foods Ordering System 1.0 - SQL Injection via /customer_details.php
CVSS 7.3
CVE-2025-15073 HIGH
Online Frozen Foods Ordering System 1.0 - SQL Injection via Contact Us Name Parameter
CVSS 7.3
CVE-2025-15053 HIGH
Student Information System 1.0 - SQL Injection via Searchbox Parameter
CVSS 7.3
CVE-2025-15049 HIGH
Online Farm System 1.0 - SQL Injection via Username Parameter in addProduct.php
CVSS 7.3
CVE-2025-15048 HIGH
Tenda WH450 1.0.0.18 - OS Command Injection via CheckTools ipaddress Parameter
CVSS 7.3
CVE-2025-15034 HIGH
itsourcecode Student Management System 1.0 - SQL Injection via /record.php ID Parameter
CVSS 7.3
CVE-2025-15014 MEDIUM
loganSite <c035fb5c3edd0b2a5e32fd4051cbbc9e61a31426 - SQL Injection
CVSS 6.3
CVE-2025-15012 HIGH
Refugee Food Management System 1.0 - SQL Injection via 'a' Parameter in /home/home.php
CVSS 7.3
CVE-2025-15011 HIGH
Simple Stock System 1.0 - SQL Injection via uname Parameter in logout.php
CVSS 7.3
CVE-2025-15004 MEDIUM
dedecms < 5.7.118 - SQL Injection via freelist_main.php orderby Parameter
CVSS 6.3
CVE-2025-15003 MEDIUM
SeaCMS < 13.3 - SQL Injection via admin_video.php e_id Parameter
CVSS 4.7
CVE-2025-15002 HIGH
SeaCMS < 13.3 - SQL Injection via Page/Limit Parameter
CVSS 7.3
CVE-2025-14990 HIGH
Complete Online Beauty Parlor Management System 1.0 - SQL Injection via viewid Parameter
CVSS 7.3
CVE-2025-14989 HIGH
Campcodes Complete Online Beauty Parlor Management System 1.0 - SQL Injection via /admin/search-invoices.php
CVSS 7.3
Details
Vulnerabilities 4,795
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits