CWE-74

High likelihood

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Parent: CWE-707 - Improper Neutralization

The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.

4,795 vulnerabilities with CWE-74
CVE-2025-13236 MEDIUM
itsourcecode Inventory Management System 1.0 - SQL Injection via ID Parameter in Edit Product
CVSS 6.3
CVE-2025-13235 HIGH
itsourcecode Inventory Management System 1.0 - SQL Injection via user_email Parameter
CVSS 7.3
CVE-2025-13234 MEDIUM
itsourcecode Inventory Management System 1.0 - SQL Injection via PROID Parameter
CVSS 6.3
CVE-2025-13233 HIGH
itsourcecode Inventory Management System 1.0 - SQL Injection via ID Parameter in /index.php?q=single-item
CVSS 7.3
CVE-2025-13210 MEDIUM
itsourcecode Inventory Management System 1.0 - SQL Injection via PROMODEL Parameter
CVSS 4.7
CVE-2025-13208 MEDIUM
FantasticLBP Hotels Server <67b44df162fab26df209bd5d5d542875fcbec1d...
CVSS 6.3
CVE-2025-13203 HIGH
Simple Cafe Ordering System 1.0 - SQL Injection via studentnum Parameter
CVSS 7.3
CVE-2025-13201 HIGH
Simple Cafe Ordering System 1.0 - SQL Injection via Username Parameter in /login.php
CVSS 7.3
CVE-2025-13180 LOW
Bdtask/CodeCanyon Wholesale Inventory Control and Inventory Management System < 20250320 - Cross-Site Scripting
CVSS 3.5
CVE-2025-13178 LOW
Bdtask SalesERP < 2025-10-24 - Cross-Site Scripting via User Profile Handler
CVSS 3.5
CVE-2025-13172 MEDIUM
CodeAstro Gym Management System 1.0 - SQL Injection via ID Parameter in /admin/view-member-report.php
CVSS 6.3
CVE-2025-13171 MEDIUM
ZZCMS 2023 - SQL Injection via /admin/wangkan_list.php keyword Parameter
CVSS 6.3
CVE-2025-13170 HIGH
Simple Online Hotel Reservation System 1.0 - SQL Injection via admin/edit_account.php admin_id Parameter
CVSS 7.3
CVE-2025-13169 HIGH
Simple Online Hotel Reservation System 1.0 - SQL Injection via room_id Parameter
CVSS 7.3
CVE-2025-13168 MEDIUM
ury < 0.2.1 - SQL Injection via overrided_past_order_list search_term Parameter
CVSS 6.3
CVE-2025-13123 MEDIUM
Amttgroup Hibos - Injection
CVSS 6.3
CVE-2025-13122 HIGH
Patients Waiting Area Queue Management System 1.0 - SQL Injection via appointmentID Parameter
CVSS 7.3
CVE-2025-13121 HIGH
cameasy Liketea 1.0.0 - SQL Injection via StoreController API Endpoint
CVSS 7.3
CVE-2025-64741 HIGH
Zoom Meeting SDK and Workplace < 6.5.10 - Unauthenticated Privilege Escalation via Network Access
CVSS 8.1
CVE-2025-13076 MEDIUM
Responsive Hotel Site 1.0 - SQL Injection via usname Parameter in usersetting.php
CVSS 4.7
CVE-2025-13075 MEDIUM
Responsive Hotel Site 1.0 - SQL Injection via eid Parameter in usersettingdel.php
CVSS 4.7
CVE-2025-13060 HIGH
SourceCodester Survey Application System 1.0 - SQL Injection via view_survey.php ID Parameter
CVSS 7.3
CVE-2025-13059 MEDIUM
SourceCodester Alumni Management System 1.0 - SQL Injection via manage_career.php ID Parameter
CVSS 6.3
CVE-2025-64099 HIGH
OpenAM < 16.0.0 - Claim Injection via OIDC Claims Parameter
CVE-2025-13057 MEDIUM
Campcodes School Fees Payment Management System 1.0 - SQL Injection via ID Parameter in save_student Action
CVSS 6.3
Details
Vulnerabilities 4,795
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits