CWE-74

High likelihood

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Parent: CWE-707 - Improper Neutralization

The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.

4,798 vulnerabilities with CWE-74
CVE-2025-10482 HIGH
Online Student File Management System 1.0 - SQL Injection via Username Parameter
CVSS 7.3
CVE-2025-10481 MEDIUM
Online Student File Management System 1.0 - SQL Injection via /remove_file.php ID Parameter
CVSS 6.3
CVE-2025-10479 HIGH
Online Student File Management System 1.0 - SQL Injection via stud_no Parameter
CVSS 7.3
CVE-2025-10477 MEDIUM
kidaze CourseSelectionSystem - SQL Injection via Branch Argument in eligibility.php
CVSS 6.3
CVE-2025-10473 MEDIUM
RuoYi < 4.8.1 - SQL Injection via Blacklist Handler filterKeyword Function
CVSS 6.3
CVE-2025-58046 CRITICAL
Dataease <= 2.10.12 - Remote Code Execution via Impala JDBC Connection String JNDI Injection
CVSS 9.8
CVE-2025-10459 HIGH
PHPGurukul Beauty Parlour Management System 1.1 - SQL Injection via delid Parameter in all-appointment.php
CVSS 7.3
CVE-2025-10448 HIGH
Campcodes Online Job Finder System 1.0 - SQL Injection via Search Parameter
CVSS 7.3
CVE-2025-10446 HIGH
Campcodes Computer Sales and Inventory System 1.0 - SQL Injection via cust_searchfrm.php ID Parameter
CVSS 7.3
CVE-2025-10445 HIGH
Campcodes Computer Sales and Inventory System 1.0 - SQL Injection via Username Parameter in us_transac.php
CVSS 7.3
CVE-2025-10444 HIGH
Campcodes Online Job Finder System 1.0 - SQL Injection via Username Parameter in advancesearch.php
CVSS 7.3
CVE-2025-10436 HIGH
Campcodes Computer Sales and Inventory System 1.0 - SQL Injection via /pages/sup_searchfrm.php ID Parameter
CVSS 7.3
CVE-2025-10435 HIGH
Campcodes Computer Sales and Inventory System 1.0 - SQL Injection via cust_edit1.php ID Parameter
CVSS 7.3
CVE-2025-10431 MEDIUM
Pet Grooming Management Software 1.0 - SQL Injection via ID Parameter in /admin/ajax_represent.php
CVSS 6.3
CVE-2025-10430 MEDIUM
SourceCodester Pet Grooming Management Software 1.0 - SQL Injection via /admin/barcode.php ID Parameter
CVSS 6.3
CVE-2025-10429 MEDIUM
Pet Grooming Management Software 1.0 - SQL Injection via drop_services Parameter
CVSS 6.3
CVE-2025-10426 HIGH
Online Laundry Management System 1.0 - SQL Injection via Username Parameter in login.php
CVSS 7.3
CVE-2025-10421 MEDIUM
SourceCodester Student Grading System 1.0 - SQL Injection via /update_account.php ID Parameter
CVSS 6.3
CVE-2025-10420 MEDIUM
SourceCodester Student Grading System 1.0 - SQL Injection via ID Parameter in form137.php
CVSS 6.3
CVE-2025-10419 MEDIUM
SourceCodester Student Grading System 1.0 - SQL Injection via /del_promote.php sy Parameter
CVSS 6.3
CVE-2025-10418 MEDIUM
SourceCodester Student Grading System 1.0 - SQL Injection via /view_students.php ID Parameter
CVSS 6.3
CVE-2025-10417 HIGH
Campcodes Grocery Sales and Inventory System 1.0 - SQL Injection via /ajax.php ID Parameter
CVSS 7.3
CVE-2025-10416 HIGH
Campcodes Grocery Sales and Inventory System 1.0 - SQL Injection via /ajax.php ID Parameter
CVSS 7.3
CVE-2025-10415 HIGH
Campcodes Grocery Sales and Inventory System 1.0 - SQL Injection via /ajax.php ID Parameter
CVSS 7.3
CVE-2025-10414 HIGH
Campcodes Grocery Sales and Inventory System 1.0 - SQL Injection via /ajax.php ID Parameter
CVSS 7.3
Details
Vulnerabilities 4,798
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits