CWE-74
High likelihoodImproper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.
4,795 vulnerabilities with CWE-74
CVE-2025-13347
MEDIUM
SourceCodester Train Station Ticketing System 1.0 - SQL Injection via Username Parameter in /ajax.php
CVSS 6.3
CVE-2025-13346
MEDIUM
SourceCodester Train Station Ticketing System 1.0 - SQL Injection via /ajax.php id/station Parameter
CVSS 6.3
CVE-2025-13345
MEDIUM
SourceCodester Train Station Ticketing System 1.0 - SQL Injection via /ajax.php?action=save_ticket
CVSS 6.3
CVE-2025-13344
HIGH
SourceCodester Train Station Ticketing System 1.0 - SQL Injection via Username Parameter in /ajax.php
CVSS 7.3
CVE-2025-13325
MEDIUM
Student Information System 1.0 - SQL Injection via en_id Parameter in enrollment_edit1.php
CVSS 6.3
CVE-2025-13323
HIGH
Simple Pizza Ordering System 1.0 - SQL Injection via ID Parameter in listorder.php
CVSS 7.3
CVE-2025-13306
MEDIUM
D-Link DWR-M920, DWR-M921, DIR-822K, and DIR-825M - OS Command Injection via host Parameter
CVSS 6.3
CVE-2025-13303
MEDIUM
Courier Management System 1.0 - SQL Injection via Consignment Parameter in /search-edit.php
CVSS 6.3
CVE-2025-13302
MEDIUM
Courier Management System 1.0 - SQL Injection via ManagerName Parameter in add-new-officer.php
CVSS 4.7
CVE-2025-13301
HIGH
Web-Based Internet Laboratory Management System 1.0 - SQL Injection via /subject/controller.php
CVSS 7.3
CVE-2025-13300
HIGH
Web-Based Internet Laboratory Management System 1.0 - SQL Injection in /settings/controller.php
CVSS 7.3
CVE-2025-13299
HIGH
Web-Based Internet Laboratory Management System 1.0 - SQL Injection in /user/controller.php
CVSS 7.3
CVE-2025-13298
HIGH
Web-Based Internet Laboratory Management System 1.0 - SQL Injection via Enrollment Controller
CVSS 7.3
CVE-2025-13297
HIGH
Web-Based Internet Laboratory Management System 1.0 - SQL Injection in /course/controller.php
CVSS 7.3
CVE-2025-13291
HIGH
Campcodes Supplier Management System 1.0 - SQL Injection via ID Parameter in confirm_order.php
CVSS 7.3
CVE-2025-13290
MEDIUM
Simple Food Ordering System 1.0 - SQL Injection via /saveorder.php ID Parameter
CVSS 6.3
CVE-2025-13289
MEDIUM
Design & Development of Student Database Management System 1.0 - SQL Injection via SubCode Parameter
CVSS 6.3
CVE-2025-13287
MEDIUM
Online Voting System 1.0 - SQL Injection via id/category Parameter
CVSS 6.3
CVE-2025-13286
MEDIUM
Online Voting System 1.0 - SQL Injection via ID Parameter in /ajax.php
CVSS 6.3
CVE-2025-13285
HIGH
Online Voting System 1.0 - SQL Injection via Username Parameter in login.php
CVSS 7.3
CVE-2025-13280
HIGH
CodeAstro Simple Inventory System 1.0 - SQL Injection via Username Parameter in Login
CVSS 7.3
CVE-2025-13279
MEDIUM
Nero Social Networking Site 1.0 - SQL Injection via Profilefriends.php ID Parameter
CVSS 6.3
CVE-2025-13278
MEDIUM
projectworlds Advanced Library Management System 1.0 - SQL Injection via Date Range Parameters
CVSS 6.3
CVE-2025-13277
HIGH
Nero Social Networking Site 1.0 - SQL Injection via /friendsphoto.php ID Parameter
CVSS 7.3
CVE-2025-13276
HIGH
g33kyrash Online-Banking-System - SQL Injection
CVSS 7.3
Details
Vulnerabilities
4,795
Exploit Likelihood
High