CWE-74: Injection
The product constructs all or part of a command, data structure, or record using externally-influenced input, but does not neutralize or incorrectly neutralizes special elements that could modify the intended behavior.
Yearly Trend
Top Affected Vendors
All Injection CVEs (2,175)
Campcodes Online Loan Management System 1.0 contains a SQL injection vulnerability in the delete_borrower function via the /ajax.php endpoint. Attacke...
Aug 29, 2025CVE-2025-9669 is a SQL injection vulnerability in Jinher OA 1.0's GetTreeDate.aspx file that allows attackers to manipulate database queries via the I...
Aug 29, 2025CVE-2025-9662 is an SQL injection vulnerability in Simple Grading System 1.0's admin panel login.php file. Attackers can execute arbitrary SQL command...
Aug 29, 2025This vulnerability allows remote attackers to execute arbitrary SQL commands via the 'mid' parameter in the /t_dashboard/r_all_info.php file in itsour...
Aug 29, 2025This vulnerability allows remote attackers to execute SQL injection attacks against the itsourcecode Apartment Management System 1.0. Attackers can ma...
Aug 29, 2025This SQL injection vulnerability in code-projects Online Event Judging System 1.0 allows attackers to manipulate database queries through the fname pa...
Aug 29, 2025This vulnerability allows remote attackers to execute arbitrary SQL commands via the ddlEmpName parameter in the Apartment Management System 1.0. Atta...
Aug 29, 2025CVE-2025-9599 is a SQL injection vulnerability in itsourcecode Apartment Management System 1.0 that allows remote attackers to execute arbitrary SQL c...
Aug 29, 2025CVE-2025-9598 is a SQL injection vulnerability in itsourcecode Apartment Management System 1.0 that allows remote attackers to execute arbitrary SQL c...
Aug 29, 2025CVE-2025-9596 is an SQL injection vulnerability in itsourcecode Sports Management System 1.0 that allows remote attackers to execute arbitrary SQL com...
Aug 29, 2025CVE-2025-9593 is a SQL injection vulnerability in itsourcecode Apartment Management System 1.0 that allows remote attackers to execute arbitrary SQL c...
Aug 28, 2025CVE-2025-9592 is an SQL injection vulnerability in itsourcecode Apartment Management System 1.0 that allows attackers to manipulate database queries v...
Aug 28, 2025CVE-2025-9508 is an SQL injection vulnerability in itsourcecode Apartment Management System 1.0 that allows remote attackers to execute arbitrary SQL ...
Aug 27, 2025CVE-2025-9510 is an SQL injection vulnerability in itsourcecode Apartment Management System 1.0 that allows remote attackers to execute arbitrary SQL ...
Aug 27, 2025This SQL injection vulnerability in Campcodes Online Loan Management System 1.0 allows attackers to execute arbitrary SQL commands via the ID paramete...
Aug 27, 2025Campcodes Online Loan Management System 1.0 contains a SQL injection vulnerability in the /ajax.php?action=save_plan endpoint via the ID parameter. Th...
Aug 27, 2025Campcodes Online Loan Management System 1.0 contains a SQL injection vulnerability in the /ajax.php?action=save_payment endpoint via the loan_id param...
Aug 27, 2025This SQL injection vulnerability in Campcodes Online Water Billing System 1.0 allows attackers to manipulate database queries through the 'lname' para...
Aug 26, 2025This SQL injection vulnerability in itsourcecode Apartment Management System 1.0 allows remote attackers to execute arbitrary SQL commands via the ID ...
Aug 26, 2025This SQL injection vulnerability in itsourcecode Apartment Management System 1.0 allows attackers to manipulate database queries through the /maintena...
Aug 26, 2025CVE-2025-9469 is a SQL injection vulnerability in itsourcecode Apartment Management System 1.0 that allows remote attackers to execute arbitrary SQL c...
Aug 26, 2025CVE-2025-9425 is a SQL injection vulnerability in itsourcecode Online Tour and Travel Management System 1.0 that allows remote attackers to execute ar...
Aug 25, 2025CVE-2025-9423 is an SQL injection vulnerability in Campcodes Online Water Billing System 1.0 that allows attackers to manipulate database queries thro...
Aug 25, 2025CVE-2025-9421 is a SQL injection vulnerability in itsourcecode Apartment Management System 1.0 that allows attackers to execute arbitrary SQL commands...
Aug 25, 2025This SQL injection vulnerability in itsourcecode Apartment Management System 1.0 allows remote attackers to execute arbitrary SQL commands via the ID ...
Aug 25, 2025CVE-2025-9311 is an SQL injection vulnerability in itsourcecode Apartment Management System 1.0 affecting the /fair/addfair.php file. Attackers can ma...
Aug 21, 2025This vulnerability allows remote attackers to execute SQL injection attacks against PHPGurukul Online Course Registration 3.1 through the /admin/sessi...
Aug 21, 2025This SQL injection vulnerability in SourceCodester Online Bank Management System 1.0 allows attackers to manipulate database queries through the /bank...
Aug 21, 2025This vulnerability allows remote attackers to execute SQL injection attacks through the emailid parameter in the /signup.php file of PHPGurukul User M...
Aug 21, 2025This CVE describes an SQL injection vulnerability in Swatadru Exam-Seating-Arrangement software through commit 97335ccebf95468d92525f4255a2241d2b0b002...
Aug 20, 2025This CVE describes an SQL injection vulnerability in the Online Tour and Travel Management System 1.0. Attackers can exploit the email parameter in th...
Aug 19, 2025CVE-2025-9154 is an SQL injection vulnerability in itsourcecode Online Tour and Travel Management System 1.0 that allows remote attackers to execute a...
Aug 19, 2025This CVE describes a SQL injection vulnerability in Surbowl dormitory-management-php software affecting the /admin/violation_add.php endpoint. Attacke...
Aug 19, 2025CVE-2025-9052 is an SQL injection vulnerability in projectworlds Travel Management System 1.0 that allows remote attackers to execute arbitrary SQL co...
Aug 15, 2025CVE-2025-9050 is an SQL injection vulnerability in projectworlds Travel Management System 1.0 that allows remote attackers to execute arbitrary SQL co...
Aug 15, 2025CVE-2025-9047 is a SQL injection vulnerability in Projectworlds Visitor Management System 1.0 that allows remote attackers to execute arbitrary SQL co...
Aug 15, 2025CVE-2025-9028 is a SQL injection vulnerability in code-projects Online Medicine Guide 1.0 affecting the /adphar.php file. Attackers can manipulate the...
Aug 15, 2025This vulnerability allows remote attackers to execute SQL injection attacks via the email parameter in the /bank/transfer.php file of SourceCodester O...
Aug 15, 2025This CVE describes a SQL injection vulnerability in PHPGurukul Online Shopping Portal Project 2.0, specifically in the password-recovery.php file. Att...
Aug 15, 2025This vulnerability allows remote attackers to execute SQL injection attacks against the Online Tour and Travel Management System 1.0. By manipulating ...
Aug 15, 2025This SQL injection vulnerability in PHPGurukul Online Shopping Portal Project 2.0 allows attackers to manipulate database queries through the emailid ...
Aug 15, 2025This SQL injection vulnerability in itsourcecode Online Tour and Travel Management System 1.0 allows attackers to execute arbitrary SQL commands via t...
Aug 15, 2025This SQL injection vulnerability in Surbowl dormitory-management-php 1.0 allows attackers to manipulate database queries through the Account parameter...
Aug 15, 2025This SQL injection vulnerability in Online Tour and Travel Management System 1.0 allows attackers to manipulate database queries through the 'from_dat...
Aug 15, 2025This SQL injection vulnerability in SourceCodester COVID 19 Testing Management System 1.0 allows attackers to manipulate database queries via the mobi...
Aug 15, 2025This vulnerability allows remote attackers to execute SQL injection attacks against the SourceCodester COVID 19 Testing Management System 1.0 by manip...
Aug 14, 2025This vulnerability allows remote attackers to execute SQL injection attacks via the 'mobilenumber' parameter in the /profile.php file of SourceCodeste...
Aug 14, 2025This SQL injection vulnerability in itsourcecode Online Tour and Travel Management System 1.0 allows remote attackers to execute arbitrary SQL command...
Aug 14, 2025This SQL injection vulnerability in Online Tour and Travel Management System 1.0 allows attackers to manipulate database queries through the payment_t...
Aug 14, 2025This SQL injection vulnerability in itsourcecode Online Tour and Travel Management System 1.0 allows attackers to manipulate database queries through ...
Aug 14, 2025About Injection (CWE-74)
The product constructs all or part of a command, data structure, or record using externally-influenced input, but does not neutralize or incorrectly neutralizes special elements that could modify the intended behavior.
Our database tracks 2,175 CVEs classified as CWE-74, with 107 rated critical and 1,278 rated high severity. The average CVSS score for Injection vulnerabilities is 7.0.
External reference: View CWE-74 on MITRE CWE →
Monitor Injection Vulnerabilities
Get alerted when new Injection CVEs affect your infrastructure.
Start Monitoring Free