CWE-74: Injection
The product constructs all or part of a command, data structure, or record using externally-influenced input, but does not neutralize or incorrectly neutralizes special elements that could modify the intended behavior.
Yearly Trend
Top Affected Vendors
All Injection CVEs (2,260)
A critical SQL injection vulnerability exists in code-projects Wazifa System 1.0, specifically in the /controllers/control.php file. Attackers can rem...
Feb 12, 2025This critical SQL injection vulnerability in Codezips Gym Management System 1.0 allows remote attackers to execute arbitrary SQL commands via the 'id'...
Feb 12, 2025This critical SQL injection vulnerability in SourceCodester Best Church Management Software 1.1 allows remote attackers to execute arbitrary SQL comma...
Feb 12, 2025This critical SQL injection vulnerability in Best Church Management Software allows remote attackers to execute arbitrary SQL commands by manipulating...
Feb 12, 2025This vulnerability allows remote attackers to execute SQL injection attacks via the 'breject_id' parameter in the /dashboard/approve-reject.php file o...
Feb 12, 2025A critical SQL injection vulnerability exists in Codezips Gym Management System 1.0, specifically in the /dashboard/admin/updateroutine.php file via t...
Feb 12, 2025This critical SQL injection vulnerability in CodeZips Gym Management System 1.0 allows attackers to manipulate database queries through the login_id p...
Feb 12, 2025This critical SQL injection vulnerability in 1000 Projects Bookstore Management System 1.0 allows attackers to manipulate database queries through the...
Feb 11, 2025CVE-2025-1168 is a critical SQL injection vulnerability in SourceCodester Contact Manager with Export to VCF 1.0 that allows remote attackers to execu...
Feb 11, 2025A critical SQL injection vulnerability in code-projects Job Recruitment 1.0 allows remote attackers to manipulate database queries through the userhas...
Feb 10, 2025This critical SQL injection vulnerability in Tailoring Management System 1.0 allows remote attackers to execute arbitrary SQL commands via the typeid ...
Feb 1, 2025CVE-2025-0947 is a critical SQL injection vulnerability in itsourcecode Tailoring Management System 1.0 that allows remote attackers to execute arbitr...
Feb 1, 2025CVE-2025-0945 is a critical SQL injection vulnerability in itsourcecode Tailoring Management System 1.0 that allows remote attackers to execute arbitr...
Feb 1, 2025CVE-2025-0943 is a critical SQL injection vulnerability in Tailoring Management System 1.0 that allows remote attackers to execute arbitrary SQL comma...
Feb 1, 2025This SQL injection vulnerability in Job Recruitment 1.0 allows remote attackers to execute arbitrary SQL commands via the 'n' parameter in /parse/_cal...
Jan 31, 2025A critical SQL injection vulnerability in Codezips Gym Management System 1.0 allows remote attackers to execute arbitrary SQL commands via the planid ...
Jan 30, 2025This is a critical SQL injection vulnerability in code-projects Chat System version 1.0 and earlier. Attackers can remotely exploit the /user/addnewme...
Jan 30, 2025This vulnerability allows remote attackers to execute SQL injection attacks on ESAFENET CDG V5 systems via the flowId parameter in the /todoDetail.jsp...
Jan 29, 2025CVE-2025-0791 is a critical SQL injection vulnerability in ESAFENET CDG V5's /sdDoneDetail.jsp endpoint via the flowId parameter. This allows remote a...
Jan 29, 2025This critical SQL injection vulnerability in ESAFENET CDG V5 allows remote attackers to execute arbitrary SQL commands via the 'id' parameter in the /...
Jan 28, 2025This critical SQL injection vulnerability in ESAFENET CDG V5 allows remote attackers to execute arbitrary SQL commands via the flowId parameter in the...
Jan 28, 2025This vulnerability allows remote attackers to execute SQL injection attacks via the 'aid' parameter in the /notice-edit.php file in Itechscripts Schoo...
Jan 26, 2025This CVE describes a critical SQL injection vulnerability in JoeyBling bootplus's admin interface at /admin/sys/log/list. Attackers can exploit the lo...
Jan 24, 2025This CVE describes a critical SQL injection vulnerability in JoeyBling bootplus software affecting the /admin/sys/role/list endpoint. Attackers can ex...
Jan 24, 2025CVE-2025-0563 is a critical SQL injection vulnerability in Fantasy-Cricket 1.0 that allows remote attackers to execute arbitrary SQL commands via the ...
Jan 19, 2025This critical SQL injection vulnerability in itsourcecode Farm Management System 1.0 allows remote attackers to execute arbitrary SQL commands via the...
Jan 19, 2025This critical SQL injection vulnerability in TDuckCloud tduck-platform allows remote attackers to execute arbitrary SQL commands by manipulating the '...
Jan 18, 2025CVE-2025-0541 is a critical SQL injection vulnerability in Codezips Gym Management System 1.0 that allows remote attackers to execute arbitrary SQL co...
Jan 17, 2025This vulnerability allows remote attackers to execute SQL injection attacks via the 'expcat' parameter in the /expadd.php file of Tailoring Management...
Jan 17, 2025A critical SQL injection vulnerability in 1000 Projects Attendance Tracking Management System 1.0 allows remote attackers to execute arbitrary SQL com...
Jan 17, 2025This critical SQL injection vulnerability in Codezips Gym Management System 1.0 allows remote attackers to manipulate database queries through the uid...
Jan 17, 2025CVE-2025-0532 is a critical SQL injection vulnerability in Codezips Gym Management System 1.0 that allows remote attackers to execute arbitrary SQL co...
Jan 17, 2025This critical SQL injection vulnerability in code-projects Chat System 1.0 allows remote attackers to execute arbitrary SQL commands via the 'id' para...
Jan 17, 2025This critical vulnerability in Fanli2012 native-php-cms 1.0 allows remote attackers to execute SQL injection attacks via the 'id' parameter in the /fl...
Jan 15, 2025This critical SQL injection vulnerability in Fanli2012 native-php-cms 1.0 allows remote attackers to execute arbitrary SQL commands via the 'id' param...
Jan 15, 2025This critical SQL injection vulnerability in liujianview gymxmjpa 1.0 allows remote attackers to execute arbitrary SQL commands by manipulating the ty...
Jan 13, 2025This is a critical SQL injection vulnerability in liujianview gymxmjpa 1.0 that allows remote attackers to execute arbitrary SQL commands via the hyna...
Jan 13, 2025CVE-2025-0405 is a critical SQL injection vulnerability in liujianview gymxmjpa 1.0 that allows remote attackers to execute arbitrary SQL commands via...
Jan 13, 2025This critical SQL injection vulnerability in Jeewms allows remote attackers to execute arbitrary SQL commands by manipulating the store_code parameter...
Jan 11, 2025A critical SQL injection vulnerability in Codezips Project Management System 1.0 allows remote attackers to execute arbitrary SQL commands via the 'na...
Jan 9, 2025This CVE describes a critical SQL injection vulnerability in Sucms 1.0's admin_members.php file. Attackers can manipulate the 'uid' parameter to execu...
Jan 9, 2025This vulnerability allows remote attackers to execute arbitrary SQL commands via the SEMCMS_Images.php file in SEMCMS's Image Library Management Page....
Jan 8, 2025A critical SQL injection vulnerability in code-projects Online Book Shop 1.0 allows remote attackers to execute arbitrary SQL commands via the 's' par...
Jan 7, 2025CVE-2025-0298 is a critical SQL injection vulnerability in code-projects Online Book Shop 1.0 that allows remote attackers to execute arbitrary SQL co...
Jan 7, 2025CVE-2025-0296 is a critical SQL injection vulnerability in code-projects Online Book Shop 1.0 that allows remote attackers to execute arbitrary SQL co...
Jan 7, 2025This critical SQL injection vulnerability in Codezips Gym Management System 1.0 allows attackers to manipulate database queries through the m_id param...
Jan 5, 2025This critical SQL injection vulnerability in Travel Management System 1.0 allows remote attackers to execute arbitrary SQL commands via manipulated pa...
Jan 5, 2025This critical SQL injection vulnerability in Campcodes Student Grading System 1.0 allows remote attackers to execute arbitrary SQL commands via the 'i...
Jan 4, 2025CVE-2025-0208 is a critical SQL injection vulnerability in code-projects Online Shoe Store 1.0 that allows remote attackers to execute arbitrary SQL c...
Jan 4, 2025CVE-2025-0204 is a critical SQL injection vulnerability in code-projects Online Shoe Store 1.0 that allows remote attackers to execute arbitrary SQL c...
Jan 4, 2025About Injection (CWE-74)
The product constructs all or part of a command, data structure, or record using externally-influenced input, but does not neutralize or incorrectly neutralizes special elements that could modify the intended behavior.
Our database tracks 2,260 CVEs classified as CWE-74, with 132 rated critical and 1,325 rated high severity. The average CVSS score for Injection vulnerabilities is 7.0.
External reference: View CWE-74 on MITRE CWE →
Monitor Injection Vulnerabilities
Get alerted when new Injection CVEs affect your infrastructure.
Start Monitoring Free