CWE-74

High likelihood

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Parent: CWE-707 - Improper Neutralization

The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.

4,804 vulnerabilities with CWE-74
CVE-2025-9052 HIGH
projectworlds Travel Management System 1.0 - SQL Injection via /updatepackage.php s1 Parameter
CVSS 7.3
CVE-2025-9051 HIGH
projectworlds Travel Management System 1.0 - SQL Injection via /updatecategory.php t1 Parameter
CVSS 7.3
CVE-2025-9050 HIGH
projectworlds Travel Management System 1.0 - SQL Injection via /addcategory.php t1 Parameter
CVSS 7.3
CVE-2025-9047 HIGH
projectworlds Visitor Management System 1.0 - SQL Injection via rid Parameter in visitor_out.php
CVSS 7.3
CVE-2025-9028 HIGH
Online Medicine Guide 1.0 - SQL Injection via phuname Parameter
CVSS 7.3
CVE-2025-9027 HIGH
Online Medicine Guide 1.0 - SQL Injection via deName Parameter in addelivery.php
CVSS 7.3
CVE-2025-9025 MEDIUM
Simple Cafe Ordering System 1.0 - SQL Injection via /portal.php ID Parameter
CVSS 6.3
CVE-2025-9024 HIGH
PHPGurukul Beauty Parlour Management System 1.1 - SQL Injection via Book Appointment Message Parameter
CVSS 7.3
CVE-2025-9022 HIGH
SourceCodester Online Bank Management System <= 1.0 - SQL Injection via Email Parameter in Statements
CVSS 7.3
CVE-2025-9021 HIGH
Online Bank Management System <= 1.0 - SQL Injection via Email Parameter in Transfer Endpoint
CVSS 7.3
CVE-2025-9013 HIGH
PHPGurukul Online Shopping Portal Project 2.0 - SQL Injection via Email Parameter in Password Recovery
CVSS 7.3
CVE-2025-9012 HIGH
PHPGurukul Online Shopping Portal Project 2.0 - SQL Injection via billingpincode Parameter
CVSS 7.3
CVE-2025-9011 HIGH
PHPGurukul Online Shopping Portal Project 2.0 - SQL Injection via signup.php emailid Parameter
CVSS 7.3
CVE-2025-9010 HIGH
Online Tour and Travel Management System 1.0 - SQL Injection via Booking Report from_date Parameter
CVSS 7.3
CVE-2025-9009 HIGH
Online Tour and Travel Management System 1.0 - SQL Injection via Name Parameter in Email Setup
CVSS 7.3
CVE-2025-9008 HIGH
Online Tour and Travel Management System 1.0 - SQL Injection via SMS Setting uname Parameter
CVSS 7.3
CVE-2025-9002 HIGH
Surbowl dormitory-management-php 1.0 - SQL Injection via login.php Account Parameter
CVSS 7.3
CVE-2025-8993 HIGH
Online Tour and Travel Management System 1.0 - SQL Injection via Expense Report from_date Parameter
CVSS 7.3
CVE-2025-8990 HIGH
Online Medicine Guide 1.0 - SQL Injection via Search Parameter
CVSS 7.3
CVE-2025-8989 HIGH
COVID 19 Testing Management System 1.0 - SQL Injection via mobilenumber Parameter
CVSS 7.3
CVE-2025-8988 HIGH
SourceCodester COVID 19 Testing Management System 1.0 - SQL Injection via fromdate Parameter
CVSS 7.3
CVE-2025-8987 HIGH
SourceCodester COVID 19 Testing Management System 1.0 - SQL Injection via /test-details.php Remark Parameter
CVSS 7.3
CVE-2025-8986 HIGH
COVID 19 Testing Management System 1.0 - SQL Injection via Search Report Result Parameter
CVSS 7.3
CVE-2025-8985 HIGH
COVID 19 Testing Management System 1.0 - SQL Injection via Profile Mobile Number Parameter
CVSS 7.3
CVE-2025-8984 HIGH
Online Tour and Travel Management System 1.0 - SQL Injection via expense_name Parameter
CVSS 7.3
Details
Vulnerabilities 4,804
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits