CWE-74

High likelihood

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Parent: CWE-707 - Improper Neutralization

The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.

4,797 vulnerabilities with CWE-74
CVE-2025-10958 MEDIUM
Wavlink NU516U1 M16U1_V240425 - OS Command Injection via AddMac Page macAddr Parameter
CVSS 6.3
CVE-2025-10857 HIGH
Campcodes Point of Sale System 1.0 - SQL Injection via Username Parameter in login.php
CVSS 7.3
CVE-2025-10851 HIGH
Campcodes Gym Management System 1.0 - SQL Injection via Username Parameter in /ajax.php
CVSS 7.3
CVE-2025-10848 MEDIUM
Campcodes Society Membership Information System 1.0 - SQL Injection via student_id Parameter in check_student.php
CVSS 6.3
CVE-2025-10846 MEDIUM
Portabilis i-educar < 2.10.0 - SQL Injection via ComponenteCurricular Edit ID Parameter
CVSS 6.3
CVE-2025-10845 MEDIUM
Portabilis i-educar < 2.10.0 - SQL Injection via ComponenteCurricular ID Parameter
CVSS 6.3
CVE-2025-10844 MEDIUM
Portabilis i-Educar < 2.10.0 - SQL Injection via /module/Cadastro/aluno is Argument
CVSS 6.3
CVE-2025-10843 HIGH
Reservation Online Hotel Reservation System 1.0 - SQL Injection via PayPal Payout Confirm Parameter
CVSS 7.3
CVE-2025-10842 HIGH
Online Bidding System 1.0 - SQL Injection via ID Parameter in /administrator/wew.php
CVSS 7.3
CVE-2025-10841 HIGH
Online Bidding System 1.0 - SQL Injection via ID Parameter in /administrator/weweee.php
CVSS 7.3
CVE-2025-10840 MEDIUM
SourceCodester Pet Grooming Management Software 1.0 - SQL Injection via print-payment.php sql111 Parameter
CVSS 6.3
CVE-2025-10839 MEDIUM
SourceCodester Pet Grooming Management Software 1.0 - SQL Injection via inv-print.php ID Parameter
CVSS 6.3
CVE-2025-10836 HIGH
SourceCodester Pet Grooming Management Software 1.0 - SQL Injection via /admin/print1.php ID Parameter
CVSS 7.3
CVE-2025-10835 MEDIUM
SourceCodester Pet Grooming Management Software 1.0 - SQL Injection via /admin/view_payorder.php ID Parameter
CVSS 6.3
CVE-2025-10834 HIGH
Open Source Job Portal 1.0 - SQL Injection via User Email Parameter
CVSS 7.3
CVE-2025-10833 HIGH
1000projects Bookstore Management System 1.0 - SQL Injection via /login.php unm Parameter
CVSS 7.3
CVE-2025-10832 HIGH
Pet Grooming Management Software 1.0 - SQL Injection via Barcode Parameter in fetch_product_details.php
CVSS 7.3
CVE-2025-10831 HIGH
Campcodes Computer Sales and Inventory System 1.0 - SQL Injection via prodcode Parameter
CVSS 7.3
CVE-2025-10830 HIGH
Campcodes Computer Sales and Inventory System 1.0 - SQL Injection via inv_edit1.php idd Parameter
CVSS 7.3
CVE-2025-10829 HIGH
Campcodes Computer Sales and Inventory System 1.0 - SQL Injection via /pages/sup_edit1.php ID Parameter
CVSS 7.3
CVE-2025-10828 MEDIUM
SourceCodester Pet Grooming Management Software 1.0 - SQL Injection via edit.php ID Parameter
CVSS 6.3
CVE-2025-10826 MEDIUM
Campcodes Online Beauty Parlor Management System 1.0 - SQLi via sales-reports-detail.php
CVSS 6.3
CVE-2025-10825 MEDIUM
Campcodes Online Beauty Parlor Management System 1.0 - SQL Injection via viewid Parameter
CVSS 6.3
CVE-2025-10817 HIGH
Campcodes Online Learning Management System 1.0 - SQL Injection via Firstname Parameter
CVSS 7.3
CVE-2025-10814 MEDIUM
D-Link DIR-823X 240126/240802/250416 - OS Command Injection via Goahead Port Argument
CVSS 6.3
Details
Vulnerabilities 4,797
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits