CWE-74
High likelihoodImproper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.
4,804 vulnerabilities with CWE-74
CVE-2025-8983
HIGH
Online Tour and Travel Management System 1.0 - SQL Injection via expense_for Parameter
CVSS 7.3
CVE-2025-8982
HIGH
Online Tour and Travel Management System 1.0 - SQL Injection via curr_code Parameter
CVSS 7.3
CVE-2025-8981
HIGH
Online Tour and Travel Management System 1.0 - SQL Injection via payment_type Parameter
CVSS 7.3
CVE-2025-8973
HIGH
SourceCodester Cashier Queuing System 1.0 - SQL Injection via Username Parameter in Actions.php
CVSS 7.3
CVE-2025-8972
HIGH
Online Tour and Travel Management System 1.0 - SQL Injection via Email Parameter in Admin Login Page
CVSS 7.3
CVE-2025-8971
HIGH
Online Tour and Travel Management System 1.0 - SQL Injection via val-username Parameter
CVSS 7.3
CVE-2025-8970
HIGH
Online Tour and Travel Management System 1.0 - SQL Injection via Booking ID Parameter
CVSS 7.3
CVE-2025-8969
HIGH
Online Tour and Travel Management System 1.0 - SQL Injection via /admin/approve_user.php ID Parameter
CVSS 7.3
CVE-2025-8968
HIGH
Online Tour and Travel Management System 1.0 - SQL Injection via /admin/disapprove_user.php ID Parameter
CVSS 7.3
CVE-2025-20265
CRITICAL
Cisco Secure Firewall Management Center - Command Injection
CVSS 10.0
CVE-2025-8967
HIGH
Online Tour and Travel Management System 1.0 - SQL Injection via pname Parameter
CVSS 7.3
CVE-2025-8966
HIGH
Online Tour and Travel Management System 1.0 - SQL Injection via tax.php tname Parameter
CVSS 7.3
CVE-2025-8960
HIGH
Campcodes Online Flight Booking Management System 1.0 - SQL Injection via /admin/save_airlines.php ID Parameter
CVSS 7.3
CVE-2025-8957
HIGH
Campcodes Online Flight Booking Management System 1.0 - SQL Injection via flights.php departure_airport_id Parameter
CVSS 7.3
CVE-2025-8956
MEDIUM
D-Link DIR-818L <= 1.05B01 - Remote Command Injection via ssdpcgi getenv
CVSS 6.3
CVE-2025-8955
HIGH
PHPGurukul Hospital Management System 4.0 - SQL Injection via docfees Parameter
CVSS 7.3
CVE-2025-8954
HIGH
PHPGurukul Hospital Management System 4.0 - SQL Injection via doctorspecilization Parameter
CVSS 7.3
CVE-2025-8953
HIGH
COVID 19 Testing Management System 1.0 - SQL Injection via Employee ID Parameter
CVSS 7.3
CVE-2025-8952
HIGH
Campcodes Online Flight Booking Management System 1.0 - SQL Injection via Login Username Parameter
CVSS 7.3
CVE-2025-8951
HIGH
PHPGurukul Teachers Record Management System 2.1 - SQL Injection via searchdata Parameter
CVSS 7.3
CVE-2025-8950
HIGH
Campcodes Online Recruitment Management System 1.0 - SQL Injection via ID Parameter
CVSS 7.3
CVE-2025-8948
HIGH
projectworlds Visitor Management System 1.0 - SQL Injection via rid Parameter in front.php
CVSS 7.3
CVE-2025-8947
HIGH
projectworlds Visitor Management System 1.0 - SQL Injection via dateF/dateP Parameter
CVSS 7.3
CVE-2025-8946
HIGH
projectworlds Online Notes Sharing Platform 1.0 - SQL Injection via User Parameter in login.php
CVSS 7.3
CVE-2025-8937
MEDIUM
TOTOLINK N350R 1.2.3-B20130826 - OS Command Injection via formSysCmd
CVSS 6.3
Details
Vulnerabilities
4,804
Exploit Likelihood
High