CWE-74: Injection
The product constructs all or part of a command, data structure, or record using externally-influenced input, but does not neutralize or incorrectly neutralizes special elements that could modify the intended behavior.
Yearly Trend
Top Affected Vendors
All Injection CVEs (2,231)
This critical SQL injection vulnerability in PHPGurukul Online Birth Certificate System 1.0 allows attackers to execute arbitrary SQL commands via the...
May 2, 2025This critical vulnerability allows remote attackers to execute SQL injection attacks through the Username parameter in the /login.php file of PHPGuruk...
May 1, 2025This critical SQL injection vulnerability in PHPGurukul Employee Record Management System 1.3 allows attackers to manipulate database queries via the ...
May 1, 2025A critical SQL injection vulnerability exists in PHPGurukul Park Ticketing Management System 2.0 through the adminname parameter in /profile.php. This...
May 1, 2025This critical SQL injection vulnerability in PHPGurukul Curfew e-Pass Management System 1.0 allows attackers to execute arbitrary SQL commands via the...
May 1, 2025This critical SQL injection vulnerability in PHPGurukul Student Record System allows remote attackers to execute arbitrary SQL commands via the 'cours...
Apr 30, 2025This critical vulnerability in PHPGurukul Student Record System allows remote attackers to execute arbitrary SQL commands via the 'sub1' parameter in ...
Apr 30, 2025This critical SQL injection vulnerability in PHPGurukul Curfew e-Pass Management System 1.0 allows remote attackers to execute arbitrary SQL commands ...
Apr 29, 2025This critical SQL injection vulnerability in PHPGurukul Student Record System 3.20 allows attackers to manipulate database queries through the change-...
Apr 29, 2025This critical SQL injection vulnerability in PHPGurukul Rail Pass Management System 1.0 allows attackers to manipulate database queries via the editid...
Apr 29, 2025This critical SQL injection vulnerability in PHPGurukul Notice Board System 1.0 allows attackers to manipulate database queries through the catname pa...
Apr 29, 2025CVE-2025-4058 is a critical SQL injection vulnerability in Projectworlds Online Examination System 1.0 that allows remote attackers to execute arbitra...
Apr 29, 2025This critical SQL injection vulnerability in PHPGurukul Rail Pass Management System 1.0 allows attackers to execute arbitrary SQL commands via the sea...
Apr 28, 2025This critical SQL injection vulnerability in PHPGurukul Nipah Virus Testing Management System 1.0 allows remote attackers to execute arbitrary SQL com...
Apr 28, 2025This critical SQL injection vulnerability in PHPGurukul COVID19 Testing Management System 1.0 allows remote attackers to execute arbitrary SQL command...
Apr 28, 2025This critical SQL injection vulnerability in PHPGurukul COVID19 Testing Management System 1.0 allows attackers to execute arbitrary SQL commands via t...
Apr 28, 2025This critical SQL injection vulnerability in PHPGurukul Nipah Virus Testing Management System 1.0 allows attackers to manipulate database queries thro...
Apr 28, 2025This critical SQL injection vulnerability in itsourcecode Placement Management System 1.0 allows attackers to execute arbitrary SQL commands via the d...
Apr 28, 2025This critical SQL injection vulnerability in itsourcecode Placement Management System 1.0 allows attackers to execute arbitrary SQL commands via the N...
Apr 28, 2025A critical SQL injection vulnerability exists in PHPGurukul Art Gallery Management System 1.0, allowing remote attackers to execute arbitrary SQL comm...
Apr 28, 2025This critical SQL injection vulnerability in PHPGurukul COVID19 Testing Management System 1.0 allows remote attackers to execute arbitrary SQL command...
Apr 28, 2025A critical SQL injection vulnerability in CodeAstro Membership Management System 1.0 allows remote attackers to execute arbitrary SQL commands via the...
Apr 28, 2025This critical SQL injection vulnerability in PHPGurukul COVID19 Testing Management System 1.0 allows attackers to manipulate database queries via the ...
Apr 27, 2025This critical SQL injection vulnerability in PHPGurukul COVID19 Testing Management System 1.0 allows remote attackers to execute arbitrary SQL command...
Apr 27, 2025This critical SQL injection vulnerability in PHPGurukul COVID19 Testing Management System 1.0 allows attackers to execute arbitrary SQL commands via t...
Apr 27, 2025This critical SQL injection vulnerability in markparticle WebServer allows attackers to execute arbitrary SQL commands via the login username/password...
Apr 21, 2025This critical SQL injection vulnerability in PHPGurukul Men Salon Management System 1.0 allows attackers to manipulate database queries through the fr...
Apr 20, 2025This critical SQL injection vulnerability in PHPGurukul Men Salon Management System 1.0 allows attackers to manipulate database queries through the em...
Apr 20, 2025This critical SQL injection vulnerability in PHPGurukul Men Salon Management System 1.0 allows attackers to execute arbitrary SQL commands through the...
Apr 19, 2025This critical SQL injection vulnerability in WCMS 11 allows remote attackers to execute arbitrary SQL commands by manipulating email/username paramete...
Apr 19, 2025This critical SQL injection vulnerability in SourceCodester Web-based Pharmacy Product Management System 1.0 allows remote attackers to execute arbitr...
Apr 16, 2025This critical SQL injection vulnerability in PHPGurukul Men Salon Management System 1.0 allows attackers to manipulate database queries through the ed...
Apr 16, 2025A critical SQL injection vulnerability in ESAFENET CDG allows remote attackers to execute arbitrary SQL commands via the noticeId parameter in /parame...
Apr 8, 2025A critical SQL injection vulnerability exists in ESAFENET CDG version 5.6.3.154.205_20250114, specifically in the /pubinfo/updateNotice.jsp file via t...
Apr 8, 2025This critical SQL injection vulnerability in 1000 Projects Human Resource Management System 1.0 allows attackers to manipulate database queries throug...
Apr 7, 2025This critical SQL injection vulnerability in PHPGurukul Men Salon Management System 1.0 allows remote attackers to execute arbitrary SQL commands via ...
Apr 7, 2025This critical SQL injection vulnerability in PHPGurukul Old Age Home Management System 1.0 allows attackers to manipulate database queries through the...
Apr 7, 2025This critical SQL injection vulnerability in PHPGurukul Old Age Home Management System allows attackers to manipulate database queries through the vie...
Apr 7, 2025CVE-2025-3345 is a critical SQL injection vulnerability in codeprojects Online Restaurant Management System 1.0 that allows remote attackers to execut...
Apr 7, 2025This critical SQL injection vulnerability in codeprojects Online Restaurant Management System 1.0 allows attackers to manipulate database queries thro...
Apr 7, 2025This critical SQL injection vulnerability in codeprojects Online Restaurant Management System 1.0 allows attackers to execute arbitrary SQL commands v...
Apr 7, 2025A critical SQL injection vulnerability exists in codeprojects Online Restaurant Management System 1.0, specifically in the /admin/user_save.php file's...
Apr 7, 2025CVE-2025-3337 is a critical SQL injection vulnerability in codeprojects Online Restaurant Management System 1.0 that allows remote attackers to execut...
Apr 7, 2025CVE-2025-3335 is a critical SQL injection vulnerability in codeprojects Online Restaurant Management System 1.0 that allows remote attackers to execut...
Apr 7, 2025This critical SQL injection vulnerability in codeprojects Online Restaurant Management System 1.0 allows attackers to execute arbitrary SQL commands v...
Apr 7, 2025A critical SQL injection vulnerability exists in codeprojects Online Restaurant Management System 1.0 via the 'mode' parameter in /payment_save.php. T...
Apr 7, 2025This critical SQL injection vulnerability in codeprojects Online Restaurant Management System 1.0 allows attackers to execute arbitrary SQL commands t...
Apr 7, 2025This critical SQL injection vulnerability in PHPGurukul Men Salon Management System 1.0 allows attackers to execute arbitrary SQL commands via the sea...
Apr 6, 2025This critical SQL injection vulnerability in SourceCodester Apartment Visitor Management System 1.0 allows remote attackers to execute arbitrary SQL c...
Apr 6, 2025This critical SQL injection vulnerability in PHPGurukul Men Salon Management System 1.0 allows attackers to execute arbitrary SQL commands via the sid...
Apr 6, 2025About Injection (CWE-74)
The product constructs all or part of a command, data structure, or record using externally-influenced input, but does not neutralize or incorrectly neutralizes special elements that could modify the intended behavior.
Our database tracks 2,231 CVEs classified as CWE-74, with 124 rated critical and 1,304 rated high severity. The average CVSS score for Injection vulnerabilities is 7.0.
External reference: View CWE-74 on MITRE CWE →
Monitor Injection Vulnerabilities
Get alerted when new Injection CVEs affect your infrastructure.
Start Monitoring Free