CWE-74

High likelihood

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Parent: CWE-707 - Improper Neutralization

The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.

4,795 vulnerabilities with CWE-74
CVE-2025-12237 HIGH
projectworlds Advanced Library Management System 1.0 - SQL Injection via /index.php keywords Parameter
CVSS 7.3
CVE-2025-12226 MEDIUM
Best House Rental Management System 1.0 - SQL Injection via house_no Parameter in save_house Function
CVSS 4.7
CVE-2025-12215 HIGH
projectworlds Online Shopping System 1.0 - SQL Injection via /login_submit.php Keywords Parameter
CVSS 7.3
CVE-2025-12208 HIGH
Best House Rental Management System 1.0 - SQL Injection via Username Parameter in admin_class.php
CVSS 7.3
CVE-2025-62697 HIGH
The Wikimedia Foundation Mediawiki - LanguageSelector Extension <1....
CVE-2025-11944 MEDIUM
vvveb < 1.0.7.3 - SQL Injection via Import Function Raw SQL Handler
CVSS 4.7
CVE-2025-11912 MEDIUM
Streamax Crocus 1.3.40 - SQL Injection via DeviceState.do orderField Parameter
CVSS 6.3
CVE-2025-11911 MEDIUM
Streamax Crocus 1.3.40 - SQL Injection via DeviceFault.do sortField Parameter
CVSS 6.3
CVE-2025-11910 MEDIUM
Streamax Crocus 1.3.40 - SQL Injection via MemoryState.do orderField Parameter
CVSS 6.3
CVE-2025-11909 MEDIUM
Streamax Crocus 1.3.40 - SQL Injection via RepairRecord.do orderField Parameter
CVSS 6.3
CVE-2025-11905 MEDIUM
chancms < 3.3.2 - Remote Code Execution via gather.js getArticle Function
CVSS 6.3
CVE-2025-11904 MEDIUM
ChanCMS < 3.3.2 - SQL Injection via hasUse Function ID Parameter
CVSS 6.3
CVE-2025-11903 MEDIUM
ChanCMS < 3.3.2 - SQL Injection via Article Update CID Parameter
CVSS 6.3
CVE-2025-11902 MEDIUM
chancms < 3.3.2 - SQL Injection via cid Parameter in findField Function
CVSS 6.3
CVE-2025-11736 HIGH
Online Examination System 1.0 - SQL Injection via Username Parameter
CVSS 7.3
CVE-2025-11668 MEDIUM
Automated Voting System 1.0 - SQL Injection via Password Parameter in /admin/update_user.php
CVSS 4.7
CVE-2025-11667 MEDIUM
Automated Voting System 1.0 - SQL Injection via firstname Parameter
CVSS 6.3
CVE-2025-11664 MEDIUM
Campcodes Online Beauty Parlor Management System 1.0 - SQL Injection via Search Appointment Parameter
CVSS 4.7
CVE-2025-11663 MEDIUM
Campcodes Online Beauty Parlor Management System 1.0 - SQL Injection via /admin/manage-services.php sername Parameter
CVSS 4.7
CVE-2025-11662 HIGH
Best Salon Management System 1.0 - SQL Injection via booking.php serv_id Parameter
CVSS 7.3
CVE-2025-11654 HIGH
yousaf530 Inferno Online Clothing Store - SQL Injection
CVSS 7.3
CVE-2025-11629 MEDIUM
DocSys < 2.02.36 - SQL Injection via getUserList Function
CVSS 6.3
CVE-2025-11628 MEDIUM
jimit105 Project-Online-Shopping-Website <7d892f442bd8a96dd242dbe2b...
CVSS 4.7
CVE-2025-11615 HIGH
Best Salon Management System 1.0 - SQL Injection via ServiceId Parameter
CVSS 7.3
CVE-2025-11614 HIGH
Best Salon Management System 1.0 - SQL Injection via editid Parameter in edit-appointment.php
CVSS 7.3
Details
Vulnerabilities 4,795
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits