CWE-74: Injection
The product constructs all or part of a command, data structure, or record using externally-influenced input, but does not neutralize or incorrectly neutralizes special elements that could modify the intended behavior.
Yearly Trend
Top Affected Vendors
All Injection CVEs (2,184)
A critical SQL injection vulnerability in Campcodes Online Recruitment Management System 1.0 allows remote attackers to execute arbitrary SQL commands...
Jul 28, 2025A critical SQL injection vulnerability in Exam Form Submission 1.0 allows remote attackers to execute arbitrary SQL commands via the 'credits' paramet...
Jul 28, 2025This critical SQL injection vulnerability in Exam Form Submission 1.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter i...
Jul 28, 2025This critical SQL injection vulnerability in Exam Form Submission 1.0 allows attackers to execute arbitrary SQL commands via the ID parameter in /admi...
Jul 28, 2025This critical SQL injection vulnerability in Exam Form Submission 1.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter i...
Jul 28, 2025This critical SQL injection vulnerability in Exam Form Submission 1.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter i...
Jul 28, 2025This critical SQL injection vulnerability in code-projects Online Ordering System 1.0 allows remote attackers to execute arbitrary SQL commands via th...
Jul 28, 2025This critical SQL injection vulnerability in Exam Form Submission 1.0 allows attackers to manipulate database queries through the 'credits' parameter ...
Jul 28, 2025This critical SQL injection vulnerability in ABC Courier Management System 1.0 allows remote attackers to execute arbitrary SQL commands via the 'From...
Jul 27, 2025This critical SQL injection vulnerability in Exam Form Submission 1.0 allows attackers to manipulate database queries through the phone parameter in /...
Jul 27, 2025A critical SQL injection vulnerability in Exam Form Submission 1.0 allows remote attackers to execute arbitrary SQL commands via the 'credits' paramet...
Jul 27, 2025CVE-2025-8236 is a critical SQL injection vulnerability in code-projects Online Ordering System 1.0 that allows remote attackers to execute arbitrary ...
Jul 27, 2025This critical SQL injection vulnerability in code-projects Online Ordering System 1.0 allows attackers to execute arbitrary SQL commands via the ID pa...
Jul 27, 2025A critical SQL injection vulnerability exists in the Online Ordering System 1.0 by code-projects, specifically in the /admin/delete_user.php file's ID...
Jul 27, 2025This SQL injection vulnerability in Engeman Web allows attackers to execute arbitrary SQL commands via the LanguageCombobox cookie parameter on the pa...
Jul 27, 2025This critical SQL injection vulnerability in PHPGurukul Local Services Search Engine Management System 2.1 allows remote attackers to execute arbitrar...
Jul 26, 2025This critical SQL injection vulnerability in ABC Courier Management System 1.0 allows attackers to execute arbitrary SQL commands through the reciver_...
Jul 25, 2025A critical SQL injection vulnerability exists in the Church Donation System 1.0, specifically in the admin login page. Attackers can manipulate the Us...
Jul 25, 2025CVE-2025-7950 is a critical SQL injection vulnerability in code-projects Public Chat Room 1.0 that allows attackers to execute arbitrary SQL commands ...
Jul 22, 2025A critical SQL injection vulnerability in Campcodes Sales and Inventory System 1.0 allows remote attackers to execute arbitrary SQL commands via the I...
Jul 21, 2025A critical SQL injection vulnerability exists in Church Donation System 1.0 where the fname parameter in /members/edit_Members.php is not properly san...
Jul 21, 2025This critical SQL injection vulnerability in Church Donation System 1.0 allows remote attackers to execute arbitrary SQL commands via the 'firstname' ...
Jul 21, 2025This critical SQL injection vulnerability in Chanjet CRM 1.0 allows attackers to execute arbitrary SQL commands through the /mail/mailinactive.php log...
Jul 21, 2025This critical SQL injection vulnerability in pmTicket Project-Management-Software allows remote attackers to execute arbitrary SQL commands by manipul...
Jul 20, 2025A critical SQL injection vulnerability exists in the Church Donation System 1.0's admin login page. Attackers can manipulate the Username parameter to...
Jul 20, 2025This critical SQL injection vulnerability in Church Donation System 1.0 allows attackers to manipulate database queries through the Amount parameter i...
Jul 19, 2025A critical SQL injection vulnerability in Church Donation System 1.0 allows remote attackers to execute arbitrary SQL commands via the trcode paramete...
Jul 19, 2025This critical SQL injection vulnerability in Church Donation System 1.0 allows attackers to execute arbitrary SQL commands via the Username parameter ...
Jul 19, 2025A critical SQL injection vulnerability in code-projects Food Ordering Review System 1.0 allows remote attackers to execute arbitrary SQL commands via ...
Jul 18, 2025This critical SQL injection vulnerability in BossSoft CRM 6.0 allows remote attackers to execute arbitrary SQL commands via the 'cstid' parameter in t...
Jul 18, 2025A critical SQL injection vulnerability in code-projects Online Appointment Booking System 1.0 allows remote attackers to execute arbitrary SQL command...
Jul 17, 2025A critical SQL injection vulnerability exists in PHPGurukul Land Record System 1.0 through the /edit-property.php file's editid parameter. This allows...
Jul 17, 2025This critical SQL injection vulnerability in code-projects Online Appointment Booking System 1.0 allows attackers to execute arbitrary SQL commands vi...
Jul 17, 2025This critical SQL injection vulnerability in code-projects Online Appointment Booking System 1.0 allows remote attackers to execute arbitrary SQL comm...
Jul 17, 2025CVE-2025-7612 is a critical SQL injection vulnerability in Mobile Shop 1.0's login.php file that allows remote attackers to manipulate database querie...
Jul 14, 2025A critical SQL injection vulnerability in Simple Shopping Cart 1.0 allows remote attackers to execute arbitrary SQL commands via the order_price param...
Jul 14, 2025CVE-2025-7609 is a critical SQL injection vulnerability in Simple Shopping Cart 1.0 that allows remote attackers to execute arbitrary SQL commands via...
Jul 14, 2025CVE-2025-7606 is a critical SQL injection vulnerability in code-projects AVL Rooms 1.0 that allows remote attackers to execute arbitrary SQL commands ...
Jul 14, 2025CVE-2025-7604 is a critical SQL injection vulnerability in PHPGurukul Hospital Management System 4.0 that allows remote attackers to execute arbitrary...
Jul 14, 2025CVE-2025-7541 is a critical SQL injection vulnerability in code-projects Online Appointment Booking System 1.0 that allows remote attackers to execute...
Jul 13, 2025This critical SQL injection vulnerability in code-projects Online Appointment Booking System 1.0 allows remote attackers to execute arbitrary SQL comm...
Jul 13, 2025A critical SQL injection vulnerability in Campcodes Sales and Inventory System 1.0 allows remote attackers to execute arbitrary SQL commands via the I...
Jul 13, 2025This critical SQL injection vulnerability in Campcodes Sales and Inventory System 1.0 allows remote attackers to execute arbitrary SQL commands via th...
Jul 13, 2025CVE-2025-7533 is a critical SQL injection vulnerability in code-projects Job Diary 1.0 that allows remote attackers to execute arbitrary SQL commands ...
Jul 13, 2025This critical SQL injection vulnerability in PHPGurukul Vehicle Parking Management System 1.13 allows attackers to manipulate database queries through...
Jul 13, 2025A critical SQL injection vulnerability in code-projects Online Appointment Booking System 1.0 allows remote attackers to execute arbitrary SQL command...
Jul 13, 2025CVE-2025-7514 is a critical SQL injection vulnerability in Modern Bag 1.0 that allows remote attackers to execute arbitrary SQL commands via the idSta...
Jul 13, 2025CVE-2025-7512 is a critical SQL injection vulnerability in Modern Bag 1.0 that allows remote attackers to execute arbitrary SQL commands via the conta...
Jul 13, 2025This critical SQL injection vulnerability in Modern Bag 1.0 allows remote attackers to execute arbitrary SQL commands via the 'namepro' parameter in /...
Jul 13, 2025CVE-2025-7508 is a critical SQL injection vulnerability in Modern Bag 1.0's admin/product-update.php file that allows remote attackers to manipulate d...
Jul 13, 2025About Injection (CWE-74)
The product constructs all or part of a command, data structure, or record using externally-influenced input, but does not neutralize or incorrectly neutralizes special elements that could modify the intended behavior.
Our database tracks 2,184 CVEs classified as CWE-74, with 109 rated critical and 1,283 rated high severity. The average CVSS score for Injection vulnerabilities is 7.0.
External reference: View CWE-74 on MITRE CWE →
Monitor Injection Vulnerabilities
Get alerted when new Injection CVEs affect your infrastructure.
Start Monitoring Free