CWE-74: Injection
The product constructs all or part of a command, data structure, or record using externally-influenced input, but does not neutralize or incorrectly neutralizes special elements that could modify the intended behavior.
Yearly Trend
Top Affected Vendors
All Injection CVEs (2,224)
This SQL injection vulnerability in PHPGurukul/Campcodes Online Shopping Portal 1.0 allows attackers to manipulate database queries through the Catego...
May 22, 2025Campcodes Online Shopping Portal 1.0 contains a critical SQL injection vulnerability in the /admin/edit-products.php file's Category parameter. This a...
May 21, 2025A critical SQL injection vulnerability exists in Campcodes Online Shopping Portal 1.0, specifically in the /admin/edit-category.php file's Category pa...
May 21, 2025This critical SQL injection vulnerability in Online Time Table Generator 1.0 allows remote attackers to execute arbitrary SQL commands via the 'e' par...
May 20, 2025CVE-2025-5004 is a critical SQL injection vulnerability in projectworlds Online Time Table Generator 1.0 that allows remote attackers to execute arbit...
May 20, 2025This critical SQL injection vulnerability in SourceCodester Client Database Management System 1.0 allows remote attackers to execute arbitrary SQL com...
May 20, 2025This critical SQL injection vulnerability in Daily College Class Work Report Book 1.0 allows remote attackers to execute arbitrary SQL commands via th...
May 19, 2025CVE-2025-4936 is a critical SQL injection vulnerability in projectworlds Online Food Ordering System 1.0 that allows remote attackers to execute arbit...
May 19, 2025This critical SQL injection vulnerability in PHPGurukul User Registration & Login and User Management System allows attackers to manipulate database q...
May 19, 2025A critical SQL injection vulnerability exists in the Online Lawyer Management System 1.0, specifically in the lawyer_registation.php file's email para...
May 19, 2025A critical SQL injection vulnerability in Campcodes Online Shopping Portal 1.0 allows remote attackers to execute arbitrary SQL commands via the billi...
May 19, 2025Campcodes Online Shopping Portal 1.0 contains a critical SQL injection vulnerability in the /my-account.php file's Name parameter. Attackers can remot...
May 19, 2025This critical SQL injection vulnerability in PHPGurukul Online Marriage Registration System 1.0 allows remote attackers to execute arbitrary SQL comma...
May 19, 2025A critical SQL injection vulnerability exists in SourceCodester Client Database Management System 1.0 through the /user_void_transaction.php file's or...
May 19, 2025This critical SQL injection vulnerability in PHPGurukul Auto Taxi Stand Management System 1.0 allows attackers to manipulate database queries via the ...
May 19, 2025This critical SQL injection vulnerability in PHPGurukul Auto Taxi Stand Management System 1.0 allows remote attackers to execute arbitrary SQL command...
May 19, 2025This critical SQL injection vulnerability in PHPGurukul Zoo Management System 2.1 allows remote attackers to execute arbitrary SQL commands via the 'v...
May 19, 2025This critical SQL injection vulnerability in PHPGurukul Zoo Management System 2.1 allows attackers to manipulate database queries through the 'aname' ...
May 19, 2025This critical SQL injection vulnerability in PHPGurukul Daily Expense Tracker System 1.1 allows remote attackers to execute arbitrary SQL commands via...
May 19, 2025This critical SQL injection vulnerability in PHPGurukul Notice Board System 1.0 allows attackers to manipulate database queries through the Username p...
May 19, 2025CVE-2025-4899 is a critical SQL injection vulnerability in Campcodes Sales and Inventory System 1.0 that allows remote attackers to execute arbitrary ...
May 18, 2025A critical SQL injection vulnerability in SourceCodester Doctors Appointment System 1.0 allows remote attackers to execute arbitrary SQL commands via ...
May 18, 2025A critical SQL injection vulnerability in itsourcecode Sales and Inventory System 1.0 allows attackers to execute arbitrary SQL commands via the 'seri...
May 18, 2025This critical SQL injection vulnerability in Restaurant Management System 1.0 allows attackers to execute arbitrary SQL commands through the username/...
May 18, 2025CVE-2025-4875 is a critical SQL injection vulnerability in Campcodes Online Shopping Portal 1.0 that allows remote attackers to execute arbitrary SQL ...
May 18, 2025This critical SQL injection vulnerability in PHPGurukul News Portal 4.1 allows attackers to manipulate database queries through the login page's usern...
May 18, 2025A critical SQL injection vulnerability in itsourcecode Restaurant Management System 1.0 allows remote attackers to execute arbitrary SQL commands via ...
May 18, 2025This critical SQL injection vulnerability in itsourcecode Restaurant Management System 1.0 allows attackers to execute arbitrary SQL commands via the ...
May 18, 2025This critical SQL injection vulnerability in PHPGurukul Beauty Parlour Management System allows attackers to manipulate database queries through the c...
May 18, 2025CVE-2025-4837 is a critical SQL injection vulnerability in Projectworlds Student Project Allocation System 1.0 that allows remote attackers to execute...
May 17, 2025This critical SQL injection vulnerability in SourceCodester Doctor's Appointment System 1.0 allows remote attackers to execute arbitrary SQL commands ...
May 17, 2025This critical SQL injection vulnerability in SourceCodester Doctor's Appointment System 1.0 allows remote attackers to execute arbitrary SQL commands ...
May 17, 2025Campcodes Sales and Inventory System 1.0 contains a critical SQL injection vulnerability in the supplier_update.php file that allows remote attackers ...
May 17, 2025This critical SQL injection vulnerability in PHPGurukul Human Metapneumovirus Testing Management System 1.0 allows remote attackers to execute arbitra...
May 16, 2025This critical SQL injection vulnerability in PHPGurukul Online Course Registration 3.1 allows attackers to manipulate database queries through the 'ne...
May 16, 2025CVE-2025-4785 is a critical SQL injection vulnerability in PHPGurukul Daily Expense Tracker System 1.1 that allows attackers to manipulate database qu...
May 16, 2025Campcodes Sales and Inventory System 1.0 contains a critical SQL injection vulnerability in the purchase_delete.php file that allows remote attackers ...
May 16, 2025Campcodes Sales and Inventory System 1.0 contains a critical SQL injection vulnerability in the /pages/purchase_add.php file that allows remote attack...
May 16, 2025CVE-2025-4739 is a critical SQL injection vulnerability in ProjectWorlds Hospital Database Management System 1.0 that allows remote attackers to execu...
May 16, 2025This critical SQL injection vulnerability in PHPGurukul Daily Expense Tracker 1.1 allows attackers to manipulate database queries through the email pa...
May 16, 2025This critical SQL injection vulnerability in itsourcecode Placement Management System 1.0 allows attackers to manipulate database queries through the ...
May 15, 2025This critical SQL injection vulnerability in SourceCodester Best Online News Portal 1.0 allows remote attackers to execute arbitrary SQL commands via ...
May 15, 2025A critical SQL injection vulnerability in itsourcecode Placement Management System 1.0 allows remote attackers to execute arbitrary SQL commands via t...
May 15, 2025A critical SQL injection vulnerability exists in the itsourcecode Placement Management System 1.0, specifically in the /student_profile.php file's ID ...
May 15, 2025This critical SQL injection vulnerability in Campcodes Sales and Inventory System 1.0 allows attackers to execute arbitrary SQL commands via the 'last...
May 15, 2025CVE-2025-4721 is a critical SQL injection vulnerability in itsourcecode Placement Management System 1.0 that allows remote attackers to execute arbitr...
May 15, 2025Campcodes Sales and Inventory System 1.0 contains a critical SQL injection vulnerability in the /pages/credit_transaction_add.php file via the prod_na...
May 15, 2025This critical SQL injection vulnerability in Campcodes Sales and Inventory System 1.0 allows remote attackers to execute arbitrary SQL commands via th...
May 15, 2025A critical SQL injection vulnerability exists in Campcodes Sales and Inventory System 1.0, specifically in the /pages/transaction_del.php file's ID pa...
May 15, 2025This critical SQL injection vulnerability in Campcodes Sales and Inventory System 1.0 allows remote attackers to execute arbitrary SQL commands via th...
May 15, 2025About Injection (CWE-74)
The product constructs all or part of a command, data structure, or record using externally-influenced input, but does not neutralize or incorrectly neutralizes special elements that could modify the intended behavior.
Our database tracks 2,224 CVEs classified as CWE-74, with 119 rated critical and 1,303 rated high severity. The average CVSS score for Injection vulnerabilities is 7.0.
External reference: View CWE-74 on MITRE CWE →
Monitor Injection Vulnerabilities
Get alerted when new Injection CVEs affect your infrastructure.
Start Monitoring Free