CWE-74

High likelihood

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Parent: CWE-707 - Improper Neutralization

The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.

4,798 vulnerabilities with CWE-74
CVE-2025-9833 HIGH
Online Farm Management System 1.0 - SQL Injection via Login uname Parameter
CVSS 7.3
CVE-2025-9832 HIGH
SourceCodester Food Ordering Management System 1.0 - SQL Injection via Register Router Phone Parameter
CVSS 7.3
CVE-2025-9831 HIGH
PHPGurukul Beauty Parlour Management System 1.1 - SQL Injection via sername Parameter in edit-services.php
CVSS 7.3
CVE-2025-9830 HIGH
PHPGurukul Beauty Parlour Management System 1.1 - SQL Injection via sids[] Parameter
CVSS 7.3
CVE-2025-9829 HIGH
PHPGurukul Beauty Parlour Management System 1.1 - SQL Injection via Mobilenumber Parameter
CVSS 7.3
CVE-2025-9814 HIGH
PHPGurukul Beauty Parlour Management System 1.1 - SQL Injection via mobnumber Parameter
CVSS 7.3
CVE-2025-9811 HIGH
Campcodes Farm Management System 1.0 - SQL Injection via Rating Parameter
CVSS 7.3
CVE-2025-9802 MEDIUM
RemoteClinic 2.0 - SQL Injection via ID Parameter in /staff/profile.php
CVSS 4.7
CVE-2025-9797 LOW
mrvautin expressCart <b31302f4e99c3293bd742c6d076a721e168118b0 - Co...
CVSS 2.4
CVE-2025-9794 HIGH
Campcodes Computer Sales and Inventory System 1.0 - SQL Injection via cash/firstname Parameter
CVSS 7.3
CVE-2025-9793 HIGH
Apartment Management System 1.0 - SQL Injection via ddlBranch Parameter
CVSS 7.3
CVE-2025-9792 HIGH
itsourcecode Apartment Management System 1.0 - SQL Injection via mid Parameter in e_all_info.php
CVSS 7.3
CVE-2025-9790 HIGH
SourceCodester Hotel Reservation System 1.0 - SQL Injection via updateabout.php Address Parameter
CVSS 7.3
CVE-2025-9789 HIGH
Online Hotel Reservation System 1.0 - SQL Injection via edituser.php userid Parameter
CVSS 7.3
CVE-2025-9788 HIGH
Campcodes School Log Management System 1.0 - SQL Injection via admin_class.php id_no Parameter
CVSS 7.3
CVE-2025-9786 HIGH
Campcodes Online Learning Management System 1.0 - SQL Injection via Teacher Signup Firstname Parameter
CVSS 7.3
CVE-2025-9771 HIGH
Eye Clinic Management System 1.0 - SQL Injection via Search Parameter in search_index_Diagnosis.php
CVSS 7.3
CVE-2025-9770 HIGH
Campcodes Hospital Management System 1.0 - SQL Injection via Admin Dashboard Login Password Parameter
CVSS 7.3
CVE-2025-9769 MEDIUM
D-Link DI-7400G+ 19.12.25A1 - OS Command Injection via mng_platform.asp addr Parameter
CVSS 4.1
CVE-2025-9768 MEDIUM
Sports Management System 1.0 - SQL Injection via Admin/mode.php Code Parameter
CVSS 6.3
CVE-2025-9767 HIGH
Sports Management System 1.0 - SQL Injection via Admin/sporttype.php Code Parameter
CVSS 7.3
CVE-2025-9766 HIGH
Sports Management System 1.0 - SQL Injection via Facilitator Code Parameter
CVSS 7.3
CVE-2025-9765 HIGH
Sports Management System 1.0 - SQL Injection via /Admin/tournament_details.php ID Parameter
CVSS 7.3
CVE-2025-9764 HIGH
Sports Management System 1.0 - SQL Injection via ID Parameter in resultdetails.php
CVSS 7.3
CVE-2025-9763 HIGH
Campcodes Online Learning Management System 1.0 - SQL Injection via Username Parameter in Student Signup
CVSS 7.3
Details
Vulnerabilities 4,798
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits