CWE-74: Injection
The product constructs all or part of a command, data structure, or record using externally-influenced input, but does not neutralize or incorrectly neutralizes special elements that could modify the intended behavior.
Yearly Trend
Top Affected Vendors
All Injection CVEs (2,216)
This critical SQL injection vulnerability in Simple Online Hotel Reservation System 1.0 allows remote attackers to execute arbitrary SQL commands via ...
Jun 22, 2025This critical SQL injection vulnerability in Simple Online Hotel Reservation System 1.0 allows attackers to manipulate database queries via the transa...
Jun 22, 2025CVE-2025-6448 is a critical SQL injection vulnerability in Simple Online Hotel Reservation System 1.0 that allows remote attackers to execute arbitrar...
Jun 22, 2025This critical SQL injection vulnerability in Client Details System 1.0 allows remote attackers to execute arbitrary SQL commands via the Username para...
Jun 21, 2025This critical SQL injection vulnerability in Simple Online Hotel Reservation System 1.0 allows remote attackers to execute arbitrary SQL commands via ...
Jun 21, 2025This critical SQL injection vulnerability in Simple Online Hotel Reservation System 1.0 allows attackers to manipulate database queries through the Na...
Jun 21, 2025This critical SQL injection vulnerability in PHPGurukul Art Gallery Management System allows remote attackers to execute arbitrary SQL commands via th...
Jun 21, 2025This critical SQL injection vulnerability in Campcodes Online Hospital Management System 1.0 allows remote attackers to execute arbitrary SQL commands...
Jun 21, 2025A critical SQL injection vulnerability in Campcodes Online Teacher Record Management System 1.0 allows attackers to manipulate database queries throug...
Jun 21, 2025A critical SQL injection vulnerability in Campcodes Online Teacher Record Management System 1.0 allows remote attackers to execute arbitrary SQL comma...
Jun 21, 2025This critical SQL injection vulnerability in Simple Online Hotel Reservation System 1.0 allows remote attackers to execute arbitrary SQL commands via ...
Jun 21, 2025CVE-2025-6363 is a critical SQL injection vulnerability in code-projects Simple Pizza Ordering System 1.0. Attackers can remotely exploit the /adding-...
Jun 20, 2025This critical SQL injection vulnerability in Simple Pizza Ordering System 1.0 allows remote attackers to execute arbitrary SQL commands via the userid...
Jun 20, 2025CVE-2025-6359 is a critical SQL injection vulnerability in Simple Pizza Ordering System 1.0 that allows remote attackers to execute arbitrary SQL comm...
Jun 20, 2025CVE-2025-6357 is a critical SQL injection vulnerability in Simple Pizza Ordering System 1.0 that allows remote attackers to execute arbitrary SQL comm...
Jun 20, 2025A critical SQL injection vulnerability exists in code-projects Online Shoe Store 1.0, specifically in the customer_signup.php file's email parameter. ...
Jun 20, 2025A critical SQL injection vulnerability exists in code-projects Online Shoe Store 1.0, specifically in the /admin/admin_product.php file's pid paramete...
Jun 20, 2025A critical SQL injection vulnerability in PHPGurukul Directory Management System 1.0 allows remote attackers to execute arbitrary SQL commands via the...
Jun 20, 2025CVE-2025-6322 is a critical SQL injection vulnerability in PHPGurukul Pre-School Enrollment System 1.0 that allows remote attackers to execute arbitra...
Jun 20, 2025A critical SQL injection vulnerability in code-projects Online Shoe Store 1.0 allows remote attackers to execute arbitrary SQL commands via the ID par...
Jun 20, 2025This critical SQL injection vulnerability in Campcodes Sales and Inventory System 1.0 allows attackers to execute arbitrary SQL commands via the Categ...
Jun 20, 2025CVE-2025-6315 is a critical SQL injection vulnerability in code-projects Online Shoe Store 1.0 that allows remote attackers to execute arbitrary SQL c...
Jun 20, 2025This critical SQL injection vulnerability in Campcodes Sales and Inventory System 1.0 allows remote attackers to execute arbitrary SQL commands via th...
Jun 20, 2025This critical SQL injection vulnerability in PHPGurukul Emergency Ambulance Hiring Portal 1.0 allows attackers to manipulate database queries through ...
Jun 20, 2025This critical SQL injection vulnerability in Online Shoe Store 1.0 allows remote attackers to execute arbitrary SQL commands via the Username paramete...
Jun 20, 2025CVE-2025-6304 is a critical SQL injection vulnerability in code-projects Online Shoe Store 1.0 that allows remote attackers to execute arbitrary SQL c...
Jun 20, 2025A critical SQL injection vulnerability exists in PHPGurukul Employee Record Management System 1.3, specifically in the /admin/editempeducation.php fil...
Jun 20, 2025CVE-2025-6295 is a critical SQL injection vulnerability in code-projects Hostel Management System 1.0 that allows remote attackers to execute arbitrar...
Jun 20, 2025This critical SQL injection vulnerability in Hostel Management System 1.0 allows remote attackers to execute arbitrary SQL commands via the student_ro...
Jun 20, 2025This critical SQL injection vulnerability in SourceCodester Client Database Management System 1.0 allows attackers to execute arbitrary SQL commands v...
Jun 17, 2025This critical SQL injection vulnerability in PHPGurukul Hostel Management System 1.0 allows attackers to manipulate database queries through the Usern...
Jun 17, 2025A critical SQL injection vulnerability exists in PHPGurukul Nipah Virus Testing Management System 1.0. Attackers can remotely exploit the /registered-...
Jun 17, 2025This critical SQL injection vulnerability in PHPGurukul Hostel Management System 1.0 allows attackers to execute arbitrary SQL commands through the se...
Jun 17, 2025This critical SQL injection vulnerability in Restaurant Order System 1.0 allows remote attackers to execute arbitrary SQL commands via the tabidNoti p...
Jun 16, 2025This critical SQL injection vulnerability in Das Parking Management System 6.2.0 allows remote attackers to execute arbitrary SQL commands via the veh...
Jun 16, 2025This critical SQL injection vulnerability in Das Parking Management System 6.2.0 allows remote attackers to execute arbitrary SQL commands via the Val...
Jun 16, 2025CVE-2025-6095 is a critical SQL injection vulnerability in Jasmin Ransomware 1.0.1 that allows remote attackers to execute arbitrary SQL commands via ...
Jun 15, 2025A critical SQL injection vulnerability in Restaurant Order System 1.0 allows remote attackers to execute arbitrary SQL commands via the tabidNoti para...
Jun 10, 2025This critical SQL injection vulnerability in code-projects School Fees Payment System 1.0 allows remote attackers to execute arbitrary SQL commands vi...
Jun 10, 2025This critical SQL injection vulnerability in PHPGurukul Maid Hiring Management System 1.0 allows attackers to execute arbitrary SQL commands via the s...
Jun 9, 2025A critical SQL injection vulnerability exists in the ABC Courier Management System 1.0 through the /admin endpoint's Username parameter. Attackers can...
Jun 6, 2025This critical SQL injection vulnerability in SourceCodester Open Source Clinic Management System 1.0 allows remote attackers to execute arbitrary SQL ...
Jun 6, 2025This critical SQL injection vulnerability in SourceCodester Open Source Clinic Management System 1.0 allows attackers to manipulate database queries v...
Jun 6, 2025This critical SQL injection vulnerability in SourceCodester Open Source Clinic Management System 1.0 allows attackers to manipulate database queries v...
Jun 6, 2025This critical SQL injection vulnerability in Real Estate Property Management System 1.0 allows remote attackers to execute arbitrary SQL commands via ...
Jun 6, 2025This critical SQL injection vulnerability in Real Estate Property Management System 1.0 allows attackers to execute arbitrary SQL commands via the txt...
Jun 6, 2025This critical SQL injection vulnerability in PHPGurukul Human Metapneumovirus Testing Management System 1.0 allows attackers to execute arbitrary SQL ...
Jun 6, 2025A critical SQL injection vulnerability in code-projects Real Estate Property Management System 1.0 allows remote attackers to execute arbitrary SQL co...
Jun 6, 2025This critical SQL injection vulnerability in Real Estate Property Management System 1.0 allows attackers to execute arbitrary SQL commands via the txt...
Jun 5, 2025This critical SQL injection vulnerability in Campcodes Online Recruitment Management System 1.0 allows attackers to execute arbitrary SQL commands via...
Jun 5, 2025About Injection (CWE-74)
The product constructs all or part of a command, data structure, or record using externally-influenced input, but does not neutralize or incorrectly neutralizes special elements that could modify the intended behavior.
Our database tracks 2,216 CVEs classified as CWE-74, with 118 rated critical and 1,296 rated high severity. The average CVSS score for Injection vulnerabilities is 7.0.
External reference: View CWE-74 on MITRE CWE →
Monitor Injection Vulnerabilities
Get alerted when new Injection CVEs affect your infrastructure.
Start Monitoring Free