CWE-74: Injection
The product constructs all or part of a command, data structure, or record using externally-influenced input, but does not neutralize or incorrectly neutralizes special elements that could modify the intended behavior.
Yearly Trend
Top Affected Vendors
All Injection CVEs (2,221)
This critical SQL injection vulnerability in Real Estate Property Management System 1.0 allows attackers to execute arbitrary SQL commands via the txt...
Jun 6, 2025This critical SQL injection vulnerability in PHPGurukul Human Metapneumovirus Testing Management System 1.0 allows attackers to execute arbitrary SQL ...
Jun 6, 2025A critical SQL injection vulnerability in code-projects Real Estate Property Management System 1.0 allows remote attackers to execute arbitrary SQL co...
Jun 6, 2025This critical SQL injection vulnerability in Real Estate Property Management System 1.0 allows attackers to execute arbitrary SQL commands via the txt...
Jun 5, 2025This critical SQL injection vulnerability in Campcodes Online Recruitment Management System 1.0 allows attackers to execute arbitrary SQL commands via...
Jun 5, 2025This critical SQL injection vulnerability in Campcodes Online Teacher Record Management System 1.0 allows attackers to execute arbitrary SQL commands ...
Jun 5, 2025This critical SQL injection vulnerability in PHPGurukul Auto Taxi Stand Management System 1.0 allows attackers to execute arbitrary SQL commands via t...
Jun 5, 2025A critical SQL injection vulnerability in 1000projects Online Notice Board 1.0 allows remote attackers to execute arbitrary SQL commands via the fname...
Jun 5, 2025This critical SQL injection vulnerability in PHPGurukul Notice Board System 1.0 allows attackers to execute arbitrary SQL commands via the email param...
Jun 5, 2025A critical SQL injection vulnerability in Campcodes Online Teacher Record Management System 1.0 allows remote attackers to execute arbitrary SQL comma...
Jun 5, 2025This critical SQL injection vulnerability in Campcodes Hospital Management System 1.0 allows attackers to execute arbitrary SQL commands through the r...
Jun 4, 2025A critical SQL injection vulnerability in PHPGurukul Student Result Management System 1.3 allows remote attackers to execute arbitrary SQL commands vi...
Jun 4, 2025CVE-2025-5580 is a critical SQL injection vulnerability in CodeAstro Real Estate Management System 1.0 that allows remote attackers to execute arbitra...
Jun 4, 2025This critical SQL injection vulnerability in PHPGurukul Dairy Farm Shop Management System allows attackers to execute arbitrary SQL commands by manipu...
Jun 4, 2025This critical SQL injection vulnerability in PHPGurukul Dairy Farm Shop Management System 1.3 allows remote attackers to execute arbitrary SQL command...
Jun 4, 2025This critical SQL injection vulnerability in PHPGurukul Dairy Farm Shop Management System 1.3 allows remote attackers to execute arbitrary SQL command...
Jun 4, 2025CVE-2025-5561 is a critical SQL injection vulnerability in PHPGurukul Curfew e-Pass Management System 1.0 that allows remote attackers to execute arbi...
Jun 4, 2025This critical vulnerability in PHPGurukul Curfew e-Pass Management System 1.0 allows remote attackers to execute SQL injection attacks via the 'search...
Jun 4, 2025This critical SQL injection vulnerability in PHPGurukul Rail Pass Management System 1.0 allows remote attackers to execute arbitrary SQL commands via ...
Jun 4, 2025CVE-2025-5435 is a critical SQL injection vulnerability in Marwal Infotech CMS 1.0 that allows remote attackers to execute arbitrary SQL commands via ...
Jun 2, 2025CVE-2025-5434 is a critical SQL injection vulnerability in Aem Solutions CMS that allows remote attackers to execute arbitrary SQL commands via the ID...
Jun 2, 2025This critical SQL injection vulnerability in Blogbook's post.php allows attackers to manipulate the p_id parameter to execute arbitrary SQL commands. ...
Jun 1, 2025This CVE describes a critical SQL injection vulnerability in chaitak-gorai Blogbook's user.php file. Attackers can manipulate the u_id GET parameter t...
Jun 1, 2025This critical SQL injection vulnerability in SourceCodester Health Center Patient Record Management System 1.0 allows attackers to manipulate database...
May 31, 2025This critical vulnerability in SourceCodester PHP Display Username After Login 1.0 allows remote attackers to execute SQL injection attacks via the Us...
May 31, 2025CVE-2025-5365 is a critical SQL injection vulnerability in Campcodes Online Hospital Management System 1.0 that allows remote attackers to execute arb...
May 31, 2025This critical SQL injection vulnerability in Campcodes Online Hospital Management System 1.0 allows remote attackers to execute arbitrary SQL commands...
May 30, 2025This critical SQL injection vulnerability in Campcodes Online Hospital Management System 1.0 allows remote attackers to execute arbitrary SQL commands...
May 30, 2025A critical SQL injection vulnerability in Campcodes Online Hospital Management System 1.0 allows remote attackers to execute arbitrary SQL commands vi...
May 30, 2025This critical SQL injection vulnerability in Campcodes Online Hospital Management System 1.0 allows remote attackers to execute arbitrary SQL commands...
May 28, 2025This critical SQL injection vulnerability in PHPGurukul News Portal Project 4.1 allows remote attackers to manipulate database queries via the emailid...
May 27, 2025This critical SQL injection vulnerability in PHPGurukul News Portal Project allows attackers to manipulate database queries through the Category param...
May 27, 2025This critical SQL injection vulnerability in PHPGurukul Company Visitor Management System 1.0 allows attackers to manipulate database queries through ...
May 27, 2025A critical SQL injection vulnerability in Campcodes Online Hospital Management System 1.0 allows remote attackers to execute arbitrary SQL commands vi...
May 27, 2025A critical SQL injection vulnerability exists in PHPGurukul Company Visitor Management System 1.0's forgot-password.php file. Attackers can remotely e...
May 27, 2025Campcodes Online Hospital Management System 1.0 contains a critical SQL injection vulnerability in the /admin/view-patient.php file. Attackers can rem...
May 27, 2025This critical SQL injection vulnerability in PHPGurukul Small CRM 3.0 allows remote attackers to execute arbitrary SQL commands via the 'aremark' para...
May 27, 2025A critical SQL injection vulnerability in Campcodes Advanced Online Voting System 1.0 allows remote attackers to manipulate database queries through t...
May 27, 2025A critical SQL injection vulnerability exists in projectworlds Responsive E-Learning System 1.0, specifically in the /admin/delete_file.php file. Atta...
May 27, 2025A critical SQL injection vulnerability exists in PHPGurukul Employee Record Management System 1.3, specifically in the /myprofile.php file via the Emp...
May 26, 2025This critical SQL injection vulnerability in SourceCodester Online Hospital Management System 1.0 allows remote attackers to execute arbitrary SQL com...
May 26, 2025A critical SQL injection vulnerability exists in Daily College Class Work Report Book 1.0 through the Date parameter in /dcwr_entry.php. This allows r...
May 26, 2025This critical SQL injection vulnerability in Realce Tecnologia Queue Ticket Kiosk allows remote attackers to execute arbitrary SQL commands through th...
May 26, 2025A critical SQL injection vulnerability exists in Econtrata software versions up to 20250516. Attackers can remotely exploit the 'usuario' parameter in...
May 26, 2025This critical SQL injection vulnerability in ScriptAndTools Real-Estate-website-in-PHP allows attackers to manipulate password parameters in the admin...
May 24, 2025This critical SQL injection vulnerability in Emlog Pro allows remote attackers to manipulate database queries through the 'tag' parameter in api_contr...
May 23, 2025This critical SQL injection vulnerability in Campcodes Cybercafe Management System 1.0 allows attackers to manipulate database queries through the mob...
May 22, 2025This CVE describes a SQL injection vulnerability in PHPGurukul/Campcodes Online Shopping Portal 1.0. Attackers can exploit the 'remark' parameter in /...
May 22, 2025This SQL injection vulnerability in PHPGurukul/Campcodes Online Shopping Portal 1.0 allows attackers to manipulate database queries through the Catego...
May 22, 2025Campcodes Online Shopping Portal 1.0 contains a critical SQL injection vulnerability in the /admin/edit-products.php file's Category parameter. This a...
May 21, 2025About Injection (CWE-74)
The product constructs all or part of a command, data structure, or record using externally-influenced input, but does not neutralize or incorrectly neutralizes special elements that could modify the intended behavior.
Our database tracks 2,221 CVEs classified as CWE-74, with 118 rated critical and 1,301 rated high severity. The average CVSS score for Injection vulnerabilities is 7.0.
External reference: View CWE-74 on MITRE CWE →
Monitor Injection Vulnerabilities
Get alerted when new Injection CVEs affect your infrastructure.
Start Monitoring Free