CWE-74

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

ClassIncompleteLikelihood: High

Description

The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.

Hierarchy (View 1000)

Parents

CWE-707

Children

Related attack patterns (CAPEC)

CAPEC-10 · CAPEC-101 · CAPEC-105 · CAPEC-108 · CAPEC-120 · CAPEC-13 · CAPEC-135 · CAPEC-14 · CAPEC-24 · CAPEC-250 · CAPEC-267 · CAPEC-273 · CAPEC-28 · CAPEC-3 · CAPEC-34 · CAPEC-42 · CAPEC-43 · CAPEC-45 · CAPEC-46 · CAPEC-47 · CAPEC-51 · CAPEC-52 · CAPEC-53 · CAPEC-6 · CAPEC-64 · CAPEC-67 · CAPEC-7 · CAPEC-71 · CAPEC-72 · CAPEC-76 · CAPEC-78 · CAPEC-79 · CAPEC-8 · CAPEC-80 · CAPEC-83 · CAPEC-84 · CAPEC-9

CVEs mapped to this weakness (2,531)

page 44 of 127

CVE	Vendor / Product	Sev	Risk	CVSS	Published	Description
CVE-2025-10082	Razormist Online Polling System	Hig	0.47	7.3	Sep 8, 2025	A vulnerability has been found in SourceCodester Online Polling System 1.0. Affected is an unknown function of the file /admin/manage-admins.php. Such manipulation of the argument email leads to sql injection. The attack can be executed remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-10079	Phpgurukul Small CRM	Hig	0.47	7.3	Sep 8, 2025	A flaw has been found in PHPGurukul Small CRM 4.0. Affected by this vulnerability is an unknown functionality of the file /get-quote.php. Executing manipulation of the argument Contact can lead to sql injection. The attack can be executed remotely. The exploit has been published and may be used.
CVE-2025-10078	Razormist Online Polling System	Hig	0.47	7.3	Sep 8, 2025	A vulnerability was detected in SourceCodester Online Polling System 1.0. Affected is an unknown function of the file /admin/candidates.php. Performing manipulation of the argument ID results in sql injection. Remote exploitation of the attack is possible. The exploit is now public and may be used.
CVE-2025-10077	Razormist Online Polling System	Hig	0.47	7.3	Sep 8, 2025	A security vulnerability has been detected in SourceCodester Online Polling System 1.0. This impacts an unknown function of the file /registeracc.php. Such manipulation of the argument email leads to sql injection. The attack may be launched remotely. The exploit has been disclosed publicly and may be used.
CVE-2025-10076	Razormist Online Polling System	Hig	0.47	7.3	Sep 8, 2025	A weakness has been identified in SourceCodester Online Polling System 1.0. This affects an unknown function of the file /manage-profile.php. This manipulation of the argument email causes sql injection. The attack may be initiated remotely. The exploit has been made available to the public and could be exploited.
CVE-2025-10068	Emiloi Online Discussion Forum	Hig	0.47	7.3	Sep 7, 2025	A flaw has been found in itsourcecode Online Discussion Forum 1.0. This affects an unknown function of the file /admin/admin_forum/add_views.php. Executing manipulation of the argument ID can lead to sql injection. It is possible to launch the attack remotely. The exploit has been published and may be used.
CVE-2025-10062	Itsourcecode Student Information Management System	Hig	0.47	7.3	Sep 6, 2025	A vulnerability was determined in itsourcecode Student Information Management System 1.0. This affects an unknown part of the file /admin/login.php. Executing manipulation of the argument uname can lead to sql injection. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized.
CVE-2025-10033	Emiloimagtolis Online Discussion Forum	Hig	0.47	7.3	Sep 6, 2025	A vulnerability has been found in itsourcecode Online Discussion Forum 1.0. This affects an unknown function of the file /admin. Such manipulation of the argument Username leads to sql injection. The attack may be performed from remote. The exploit has been disclosed to the public and may be used.
CVE-2025-10031	Campcodes Grocery Sales And Inventory System	Hig	0.47	7.3	Sep 6, 2025	A security vulnerability has been detected in Campcodes Grocery Sales and Inventory System 1.0. Impacted is an unknown function of the file /ajax.php?action=delete_sales. The manipulation of the argument ID leads to sql injection. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used.
CVE-2025-10030	Campcodes Grocery Sales And Inventory System	Hig	0.47	7.3	Sep 6, 2025	A weakness has been identified in Campcodes Grocery Sales and Inventory System 1.0. This issue affects some unknown processing of the file /ajax.php?action=save_receiving. Executing manipulation of the argument ID can lead to sql injection. The attack may be launched remotely. The exploit has been made available to the public and could be exploited.
CVE-2025-10025	Phpgurukul Online Course Registration	Hig	0.47	7.3	Sep 5, 2025	A vulnerability has been found in PHPGurukul Online Course Registration 3.1. Affected is an unknown function of the file /admin/semester.php. The manipulation of the argument semester leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-9933	Phpgurukul Beauty Parlour Management System	Hig	0.47	7.3	Sep 4, 2025	A vulnerability has been found in PHPGurukul Beauty Parlour Management System 1.1. Affected by this issue is some unknown functionality of the file /admin/view-appointment.php. Such manipulation of the argument viewid leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-9932	Phpgurukul Beauty Parlour Management System	Hig	0.47	7.3	Sep 4, 2025	A flaw has been found in PHPGurukul Beauty Parlour Management System 1.1. Affected by this vulnerability is an unknown functionality of the file /admin/update-image.php. This manipulation of the argument lid causes sql injection. The attack may be initiated remotely. The exploit has been published and may be used.
CVE-2025-9930	Phpgurukul Beauty Parlour Management System	Hig	0.47	7.3	Sep 4, 2025	A security vulnerability has been detected in 1000projects Beauty Parlour Management System 1.0. This impacts an unknown function of the file /admin/contact-us.php. The manipulation of the argument mobnumber leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used.
CVE-2025-9928	Projectworlds Travel Management System	Hig	0.47	7.3	Sep 3, 2025	A security flaw has been discovered in projectworlds Travel Management System 1.0. The impacted element is an unknown function of the file /viewcategory.php. Performing manipulation of the argument t1 results in sql injection. It is possible to initiate the attack remotely. The exploit has been released to the public and may be exploited.
CVE-2025-9927	Projectworlds Travel Management System	Hig	0.47	7.3	Sep 3, 2025	A vulnerability was identified in projectworlds Travel Management System 1.0. The affected element is an unknown function of the file /viewpackage.php. Such manipulation of the argument t1 leads to sql injection. The attack may be performed from remote. The exploit is publicly available and might be used.
CVE-2025-9926	Projectworlds Travel Management System	Hig	0.47	7.3	Sep 3, 2025	A vulnerability was determined in projectworlds Travel Management System 1.0. Impacted is an unknown function of the file /viewsubcategory.php. This manipulation of the argument t1 causes sql injection. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may be utilized.
CVE-2025-9925	Projectworlds Travel Management System	Hig	0.47	7.3	Sep 3, 2025	A vulnerability was found in projectworlds Travel Management System 1.0. This issue affects some unknown processing of the file /detail.php. The manipulation of the argument pid results in sql injection. The attack can be executed remotely. The exploit has been made public and could be used.
CVE-2025-9924	Projectworlds Travel Management System	Hig	0.47	7.3	Sep 3, 2025	A vulnerability has been found in projectworlds Travel Management System 1.0. This vulnerability affects unknown code of the file /enquiry.php. The manipulation of the argument t2 leads to sql injection. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used.
CVE-2025-9919	Phpgurukul Beauty Parlour Management System	Hig	0.47	7.3	Sep 3, 2025	A vulnerability was identified in 1000projects Beauty Parlour Management System 1.0. This affects an unknown function of the file /admin/bwdates-reports-details.php. The manipulation of the argument fromdate/todate leads to sql injection. It is possible to initiate the attack remotely. The exploit is publicly available and might be used.

CVE-2025-10082HigSep 8, 2025
Razormist
Online Polling System
risk 0.47cvss 7.3epss 0.00
A vulnerability has been found in SourceCodester Online Polling System 1.0. Affected is an unknown function of the file /admin/manage-admins.php. Such manipulation of the argument email leads to sql injection. The attack can be executed remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-10079HigSep 8, 2025
Phpgurukul
Small CRM
risk 0.47cvss 7.3epss 0.00
A flaw has been found in PHPGurukul Small CRM 4.0. Affected by this vulnerability is an unknown functionality of the file /get-quote.php. Executing manipulation of the argument Contact can lead to sql injection. The attack can be executed remotely. The exploit has been published and may be used.
CVE-2025-10078HigSep 8, 2025
Razormist
Online Polling System
risk 0.47cvss 7.3epss 0.00
A vulnerability was detected in SourceCodester Online Polling System 1.0. Affected is an unknown function of the file /admin/candidates.php. Performing manipulation of the argument ID results in sql injection. Remote exploitation of the attack is possible. The exploit is now public and may be used.
CVE-2025-10077HigSep 8, 2025
Razormist
Online Polling System
risk 0.47cvss 7.3epss 0.00
A security vulnerability has been detected in SourceCodester Online Polling System 1.0. This impacts an unknown function of the file /registeracc.php. Such manipulation of the argument email leads to sql injection. The attack may be launched remotely. The exploit has been disclosed publicly and may be used.
CVE-2025-10076HigSep 8, 2025
Razormist
Online Polling System
risk 0.47cvss 7.3epss 0.00
A weakness has been identified in SourceCodester Online Polling System 1.0. This affects an unknown function of the file /manage-profile.php. This manipulation of the argument email causes sql injection. The attack may be initiated remotely. The exploit has been made available to the public and could be exploited.
CVE-2025-10068HigSep 7, 2025
Emiloi
Online Discussion Forum
risk 0.47cvss 7.3epss 0.00
A flaw has been found in itsourcecode Online Discussion Forum 1.0. This affects an unknown function of the file /admin/admin_forum/add_views.php. Executing manipulation of the argument ID can lead to sql injection. It is possible to launch the attack remotely. The exploit has been published and may be used.
CVE-2025-10062HigSep 6, 2025
Itsourcecode
Student Information Management System
risk 0.47cvss 7.3epss 0.00
A vulnerability was determined in itsourcecode Student Information Management System 1.0. This affects an unknown part of the file /admin/login.php. Executing manipulation of the argument uname can lead to sql injection. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized.
CVE-2025-10033HigSep 6, 2025
Emiloimagtolis
Online Discussion Forum
risk 0.47cvss 7.3epss 0.00
A vulnerability has been found in itsourcecode Online Discussion Forum 1.0. This affects an unknown function of the file /admin. Such manipulation of the argument Username leads to sql injection. The attack may be performed from remote. The exploit has been disclosed to the public and may be used.
CVE-2025-10031HigSep 6, 2025
Campcodes
Grocery Sales And Inventory System
risk 0.47cvss 7.3epss 0.00
A security vulnerability has been detected in Campcodes Grocery Sales and Inventory System 1.0. Impacted is an unknown function of the file /ajax.php?action=delete_sales. The manipulation of the argument ID leads to sql injection. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used.
CVE-2025-10030HigSep 6, 2025
Campcodes
Grocery Sales And Inventory System
risk 0.47cvss 7.3epss 0.00
A weakness has been identified in Campcodes Grocery Sales and Inventory System 1.0. This issue affects some unknown processing of the file /ajax.php?action=save_receiving. Executing manipulation of the argument ID can lead to sql injection. The attack may be launched remotely. The exploit has been made available to the public and could be exploited.
CVE-2025-10025HigSep 5, 2025
Phpgurukul
Online Course Registration
risk 0.47cvss 7.3epss 0.00
A vulnerability has been found in PHPGurukul Online Course Registration 3.1. Affected is an unknown function of the file /admin/semester.php. The manipulation of the argument semester leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-9933HigSep 4, 2025
Phpgurukul
Beauty Parlour Management System
risk 0.47cvss 7.3epss 0.00
A vulnerability has been found in PHPGurukul Beauty Parlour Management System 1.1. Affected by this issue is some unknown functionality of the file /admin/view-appointment.php. Such manipulation of the argument viewid leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-9932HigSep 4, 2025
Phpgurukul
Beauty Parlour Management System
risk 0.47cvss 7.3epss 0.00
A flaw has been found in PHPGurukul Beauty Parlour Management System 1.1. Affected by this vulnerability is an unknown functionality of the file /admin/update-image.php. This manipulation of the argument lid causes sql injection. The attack may be initiated remotely. The exploit has been published and may be used.
CVE-2025-9930HigSep 4, 2025
Phpgurukul
Beauty Parlour Management System
risk 0.47cvss 7.3epss 0.00
A security vulnerability has been detected in 1000projects Beauty Parlour Management System 1.0. This impacts an unknown function of the file /admin/contact-us.php. The manipulation of the argument mobnumber leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used.
CVE-2025-9928HigSep 3, 2025
Projectworlds
Travel Management System
risk 0.47cvss 7.3epss 0.00
A security flaw has been discovered in projectworlds Travel Management System 1.0. The impacted element is an unknown function of the file /viewcategory.php. Performing manipulation of the argument t1 results in sql injection. It is possible to initiate the attack remotely. The exploit has been released to the public and may be exploited.
CVE-2025-9927HigSep 3, 2025
Projectworlds
Travel Management System
risk 0.47cvss 7.3epss 0.00
A vulnerability was identified in projectworlds Travel Management System 1.0. The affected element is an unknown function of the file /viewpackage.php. Such manipulation of the argument t1 leads to sql injection. The attack may be performed from remote. The exploit is publicly available and might be used.
CVE-2025-9926HigSep 3, 2025
Projectworlds
Travel Management System
risk 0.47cvss 7.3epss 0.00
A vulnerability was determined in projectworlds Travel Management System 1.0. Impacted is an unknown function of the file /viewsubcategory.php. This manipulation of the argument t1 causes sql injection. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may be utilized.
CVE-2025-9925HigSep 3, 2025
Projectworlds
Travel Management System
risk 0.47cvss 7.3epss 0.00
A vulnerability was found in projectworlds Travel Management System 1.0. This issue affects some unknown processing of the file /detail.php. The manipulation of the argument pid results in sql injection. The attack can be executed remotely. The exploit has been made public and could be used.
CVE-2025-9924HigSep 3, 2025
Projectworlds
Travel Management System
risk 0.47cvss 7.3epss 0.00
A vulnerability has been found in projectworlds Travel Management System 1.0. This vulnerability affects unknown code of the file /enquiry.php. The manipulation of the argument t2 leads to sql injection. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used.
CVE-2025-9919HigSep 3, 2025
Phpgurukul
Beauty Parlour Management System
risk 0.47cvss 7.3epss 0.00
A vulnerability was identified in 1000projects Beauty Parlour Management System 1.0. This affects an unknown function of the file /admin/bwdates-reports-details.php. The manipulation of the argument fromdate/todate leads to sql injection. It is possible to initiate the attack remotely. The exploit is publicly available and might be used.