CWE-74

High likelihood

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Parent: CWE-707 - Improper Neutralization

The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.

4,795 vulnerabilities with CWE-74
CVE-2025-13274 MEDIUM
Campcodes School Fees Payment Management System 1.0 - SQL Injection via /ajax.php ID Parameter
CVSS 6.3
CVE-2025-13273 MEDIUM
Campcodes School Fees Payment Management System 1.0 - SQL Injection via /ajax.php ID Parameter
CVSS 6.3
CVE-2025-13272 HIGH
Campcodes School Fees Payment Management System 1.0 - SQL Injection via /manage_course.php ID Parameter
CVSS 7.3
CVE-2025-13271 HIGH
Campcodes School Fees Payment Management System 1.0 - SQL Injection via Username Parameter in Login Action
CVSS 7.3
CVE-2025-13270 MEDIUM
Campcodes School Fees Payment Management System 1.0 - SQL Injection via ID Parameter in save_course Action
CVSS 6.3
CVE-2025-13269 MEDIUM
Campcodes School Fees Payment Management System 1.0 - SQL Injection via ID Parameter in /ajax.php
CVSS 6.3
CVE-2025-13268 MEDIUM
Dromara dataCompare <1.0.1 - SQL Injection
CVSS 6.3
CVE-2025-13267 MEDIUM
Dental Clinic Appointment Reservation System 1.0 - SQL Injection via Username/Password Parameter
CVSS 6.3
CVE-2025-13264 MEDIUM
SourceCodester Online Magazine Management System 1.0 - SQL Injection via /view_magazine.php ID Parameter
CVSS 6.3
CVE-2025-13263 MEDIUM
SourceCodester Online Magazine Management System 1.0 - SQL Injection via categories.php c Parameter
CVSS 6.3
CVE-2025-13260 MEDIUM
Campcodes Supplier Management System 1.0 - SQL Injection via cmbProductUnit Parameter
CVSS 6.3
CVE-2025-13259 MEDIUM
Campcodes Supplier Management System 1.0 - SQL Injection via ID Parameter in edit_unit.php
CVSS 6.3
CVE-2025-13257 HIGH
itsourcecode Inventory Management System 1.0 - SQL Injection via ID Parameter in Edit User Page
CVSS 7.3
CVE-2025-13256 MEDIUM
projectworlds Advanced Library Management System 1.0 - SQL Injection via borrow.php roll_number Parameter
CVSS 6.3
CVE-2025-13255 MEDIUM
projectworlds Advanced Library Management System 1.0 - SQL Injection via book_search.php book_pub/book_title Parameter
CVSS 6.3
CVE-2025-13254 MEDIUM
projectworlds Advanced Library Management System 1.0 - SQL Injection via Roll Number Parameter
CVSS 6.3
CVE-2025-13253 MEDIUM
projectworlds Advanced Library Management System 1.0 - SQL Injection via Username Parameter in /add_librarian.php
CVSS 6.3
CVE-2025-13251 MEDIUM
datax-web < 2.1.2 - SQL Injection
CVSS 6.3
CVE-2025-13248 HIGH
Patients Waiting Area Queue Management System 1.0 - SQL Injection via appointmentID Parameter
CVSS 7.3
CVE-2025-13247 HIGH
PHPGurukul Tourism Management System 1.0 - SQL Injection via /admin/user-bookings.php uid Parameter
CVSS 7.3
CVE-2025-13243 MEDIUM
code-projects Student Information System 2.0 - SQL Injection via /editprofile.php
CVSS 6.3
CVE-2025-13242 HIGH
Student Information System 2.0 - SQL Injection via /register.php
CVSS 7.3
CVE-2025-13241 HIGH
code-projects Student Information System 2.0 - SQL Injection via Username Parameter
CVSS 7.3
CVE-2025-13240 HIGH
Student Information System 2.0 - SQL Injection via searchquery.php s Parameter
CVSS 7.3
CVE-2025-13237 HIGH
itsourcecode Inventory Management System 1.0 - SQL Injection via U_USERNAME Parameter
CVSS 7.3
Details
Vulnerabilities 4,795
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits