CWE-74

High likelihood

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Parent: CWE-707 - Improper Neutralization

The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.

4,795 vulnerabilities with CWE-74
CVE-2025-61773 HIGH
pyload-ng < 0.5.0b3.dev91 - Cross-Site Scripting via Captcha Script Endpoint and Click'N'Load Blueprint
CVSS 8.1
CVE-2025-11558 HIGH
code-projects E-Commerce Website 1.0 - SQL Injection via Search Parameter
CVSS 7.3
CVE-2025-11557 HIGH
projectworlds Gate Pass Management System 1.0 - SQL Injection via fullname Parameter in add-pass.php
CVSS 7.3
CVE-2025-11556 HIGH
Simple Leave Manager 1.0 - SQL Injection via User.php Table Parameter
CVSS 7.3
CVE-2025-11555 HIGH
Campcodes Online Learning Management System 1.0 - SQL Injection via date_start Parameter
CVSS 7.3
CVE-2025-11553 MEDIUM
Courier Management System 1.0 - SQL Injection via Shippername Parameter
CVSS 6.3
CVE-2025-11552 MEDIUM
Online Complaint Site 1.0 - SQL Injection via Category Argument in /admin/category.php
CVSS 6.3
CVE-2025-11551 MEDIUM
Student Result Manager 1.0 - SQL Injection via Roll/Name/GPA Argument
CVSS 6.3
CVE-2025-11530 MEDIUM
Online Complaint Site 1.0 - SQL Injection via state Parameter in /cms/admin/state.php
CVSS 6.3
CVE-2025-11523 MEDIUM
Tenda AC7 15.03.06.44 - OS Command Injection via lanIp Parameter
CVSS 6.3
CVE-2025-11516 MEDIUM
Online Complaint Site 1.0 - SQL Injection via cid Parameter
CVSS 6.3
CVE-2025-11515 MEDIUM
Online Complaint Site 1.0 - SQL Injection via Register Complaint CID Parameter
CVSS 6.3
CVE-2025-11514 MEDIUM
Online Complaint Site 1.0 - SQL Injection via Username Parameter in /cms/users/index.php
CVSS 6.3
CVE-2025-11513 HIGH
E-Commerce Website 1.0 - SQL Injection via supp_id Parameter in supplier_update.php
CVSS 7.3
CVE-2025-11511 MEDIUM
code-projects E-Commerce Website 1.0 - SQL Injection via supp_email Parameter
CVSS 6.3
CVE-2025-11509 MEDIUM
E-Commerce Website 1.0 - SQL Injection via prod_name Parameter
CVSS 6.3
CVE-2025-11507 HIGH
PHPGurukul Beauty Parlour Management System 1.1 - SQL Injection via /admin/search-invoices.php searchdata Parameter
CVSS 7.3
CVE-2025-11506 HIGH
PHPGurukul Beauty Parlour Management System 1.1 - SQL Injection via Search Appointment Parameter
CVSS 7.3
CVE-2025-11505 HIGH
PHPGurukul Beauty Parlour Management System 1.1 - SQL Injection via /admin/new-appointment.php delid Parameter
CVSS 7.3
CVE-2025-11503 HIGH
PHPGurukul Beauty Parlour Management System 1.1 - SQL Injection via delid Parameter in manage-services.php
CVSS 7.3
CVE-2025-11488 HIGH
D-Link DIR-852 <20251002 - Command Injection
CVSS 7.3
CVE-2025-11487 MEDIUM
SourceCodester Farm Management System 1.0 - SQL Injection via /uploadProduct.php Type Parameter
CVSS 6.3
CVE-2025-11486 MEDIUM
SourceCodester Farm Management System 1.0 - SQL Injection via /buyNow.php Name Parameter
CVSS 6.3
CVE-2025-11481 MEDIUM
varunsardana004 Blood-Bank-And-Donation-Management-System < 2021-03-18 - SQL Injection via Fullname Parameter
CVSS 6.3
CVE-2025-11480 HIGH
Simple E-Commerce Bookstore 1.0 - SQL Injection via Register Username Parameter
CVSS 7.3
Details
Vulnerabilities 4,795
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits