Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-74

CWE-74

High likelihood

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Parent: CWE-707 - Improper Neutralization

The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.

4,798 vulnerabilities with CWE-74

CVE-2025-10624 HIGH

PHPGurukul User Management System 1.0 - SQL Injection via Email Parameter in Login

CVE-2025-10623 HIGH

SourceCodester Hotel Reservation System 1.0 - SQL Injection via deleteuser.php ID Parameter

CVE-2025-10621 HIGH

SourceCodester Hotel Reservation System 1.0 - SQL Injection via editroomimage.php ID Parameter

CVE-2025-10620 MEDIUM

Online Clinic Management System 1.0 - SQL Injection via editp2.php Parameter Manipulation

CVE-2025-10618 MEDIUM

Online Clinic Management System 1.0 - SQL Injection via transact.php firstname Parameter

CVE-2025-10617 MEDIUM

SourceCodester Online Polling System 1.0 - SQL Injection via /admin/positions.php ID Parameter

CVE-2025-10613 MEDIUM

itsourcecode Student Information System 1.0 - SQL Injection via leveledit1.php level_id Parameter

CVE-2025-10604 HIGH

PHPGurukul Online Discussion Forum 1.0 - SQL Injection via /admin/edit_member.php ID Parameter

CVE-2025-10603 HIGH

PHPGurukul Online Discussion Forum 1.0 - SQL Injection via Search Parameter

CVE-2025-10602 MEDIUM

Online Exam Form Submission 1.0 - SQL Injection via /admin/delete_s1.php ID Parameter

CVE-2025-10601 HIGH

Online Exam Form Submission 1.0 - SQL Injection via Email Parameter in Admin Index

CVE-2025-10599 HIGH

itsourcecode Web-Based Internet Laboratory Management System 1.0 - SQL Injection via User::AuthenticateUser Function

CVE-2025-10598 HIGH

Pet Grooming Management Software 1.0 - SQL Injection via group_id Parameter

CVE-2025-10597 HIGH

kidaze CourseSelectionSystem < 2017-06-18 - SQL Injection via COUNT2.php cname Parameter

CVE-2025-10596 HIGH

SourceCodester Online Exam Form Submission 1.0 - SQL Injection via usn Parameter

CVE-2025-10595 MEDIUM

Online Student File Management System 1.0 - SQL Injection via user_id Parameter

CVE-2025-10594 MEDIUM

Online Student File Management System 1.0 - SQL Injection via stud_id Parameter

CVE-2025-10593 MEDIUM

Online Student File Management System 1.0 - SQL Injection via stud_id Parameter

CVE-2025-10592 MEDIUM

Online Public Access Catalog 1.0 - SQL Injection via mysearch.php POST Parameter

CVE-2025-10565 HIGH

Campcodes Grocery Sales and Inventory System 1.0 - SQL Injection via /ajax.php ID Parameter

CVE-2025-10564 HIGH

Campcodes Grocery Sales and Inventory System 1.0 - SQL Injection via ID Parameter in delete_category Action

CVE-2025-10563 HIGH

Campcodes Grocery Sales and Inventory System 1.0 - SQL Injection via /ajax.php ID Parameter

CVE-2025-10562 HIGH

Campcodes Grocery Sales and Inventory System 1.0 - SQL Injection via /ajax.php ID Parameter

CVE-2025-8276 MEDIUM

Patika Global Technologies HumanSuite <53.21.0 - XSS

CVE-2025-10483 MEDIUM

Online Student File Management System 1.0 - SQL Injection via Firstname Parameter

Previous Page 67 of 192 Next

Details

Vulnerabilities 4,798

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy