CWE-74 4960 個 CVE MITRE 定義 ↗

CWE-74:Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

概覽

CWE-74(Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection'))描述一種在漏洞資料庫與安全評估中使用的弱點類型;定義、背景與對應 CVE 見下方各節。

安全影響
安全影響:因產品與情境而異;請結合 CVE 紀錄、嚴重度評分與 MITRE 說明進行優先級判斷。

描述

The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.

適用平台

類型 名稱 普遍性 OS / CPE
language Not Language-Specific Undetermined

本庫相關 CVE

下列 CVE 在本庫中對應到該弱點,並保留以便追溯與檢索。

CVE 公開時間 摘要
CVE-2026-16014 2026-07-17 A vulnerability was found in code-projects Hospital Bed Management System 1.0. This affects an unknown part of the component Login Form. Performing a manipulation of the argument Username results in s…
CVE-2026-16009 2026-07-17 A vulnerability was detected in itsourcecode Hospital Management System 1.0. Affected is an unknown function of the file /prescriptionorderdetail.php. The manipulation of the argument delid results in…
CVE-2026-44182 2026-07-16 Jupyter Enterprise Gateway launches remote Jupyter Notebook kernels across distributed clusters like Apache Spark, Kubernetes, and Docker Swarm. In versions prior to 3.3.0, the server interpolates unt…
CVE-2026-54728 2026-07-16 bunkerweb is an Open-source and next-generation Web Application Firewall (WAF). Prior to BunkerWeb 1.6.12 and BunkerWeb PRO 0.57, authenticated Host header handling in the BunkerWeb UI and API imprope…
CVE-2026-15907 2026-07-15 A flaw has been found in H3C SecPath F1000-C8300 up to 20260522. This impacts an unknown function of the file /webui/?g=log_fw_nbc_mail_jsondata. Executing a manipulation of the argument subject can l…
CVE-2026-56699 2026-07-15 Wazuh Manager before 5.0.0-beta3 fails to escape the DataValue.index field when constructing OpenSearch bulk requests, allowing enrolled agents to inject arbitrary NDJSON operations. Attackers can smu…
CVE-2026-15703 2026-07-14 A vulnerability was detected in SourceCodester Simple and Nice Shopping Cart Script 1.0. This vulnerability affects unknown code of the file /admin/userproductdeletequery.php. Performing a manipulatio…
CVE-2026-15676 2026-07-14 A security flaw has been discovered in code-projects Online Job Portal up to 1.0. The impacted element is an unknown function of the file /Admin/DeleteUser.php. Performing a manipulation results in sq…
CVE-2026-15675 2026-07-14 A vulnerability was identified in code-projects Online Job Portal 1.0. The affected element is an unknown function of the file /Admin/EditUser.php. Such manipulation of the argument UserId leads to sq…
CVE-2026-15672 2026-07-14 A vulnerability was determined in itsourcecode Electronic Judging System 1.0. Impacted is an unknown function of the file /intrams/admin/add_judges.php. This manipulation of the argument fname causes …
CVE-2026-15597 2026-07-13 A security flaw has been discovered in SourceCodester Class and Exam Timetabling System 1.0/2.php. This affects an unknown function of the file /edit_exam2.php. Performing a manipulation of the argume…
CVE-2026-15559 2026-07-13 A vulnerability was detected in CodeAstro Simple Online Leave Management System 1.0. This affects an unknown part of the file /SimpleOnlineLeave/admin/accept.php of the component POST Handler. Perform…
CVE-2026-15558 2026-07-13 A security vulnerability has been detected in CodeAstro Simple Online Leave Management System 1.0. Affected by this issue is some unknown functionality of the file /SimpleOnlineLeave/admin/deletemp.ph…
CVE-2026-15537 2026-07-13 A security flaw has been discovered in SourceCodester Online Book Store System 1.0. This vulnerability affects unknown code of the file admin/login.php. The manipulation of the argument Username resul…
CVE-2026-15536 2026-07-13 A vulnerability was identified in itsourcecode Hospital Management System 1.0. This affects an unknown part of the file /patviewprescription.php. The manipulation of the argument delid leads to sql in…
CVE-2026-15533 2026-07-13 A security flaw has been discovered in DedeCMS 5.7.118. Impacted is an unknown function of the file /plus/search.php of the component Column Management. Performing a manipulation of the argument Colum…
CVE-2026-15523 2026-07-12 A weakness has been identified in CodeAstro Simple Online Leave Management System 1.0. Affected by this issue is some unknown functionality of the file /SimpleOnlineLeave/admin/dashboard.php. This man…
CVE-2026-15517 2026-07-12 A flaw has been found in Jinher OA 1.0. The affected element is an unknown function of the file /C6/JHSoft.Web.PlanSummarize/PlanGiveOut.aspx. This manipulation of the argument httpOID causes sql inje…
CVE-2026-15514 2026-07-12 A weakness has been identified in Metasoft 美特软件 MetaCRM up to 6.4.0 Beta06. This vulnerability affects the function RPCService.query of the file /customizemt/xkq/rpc.jsp of the component PHPRPC Remote…
CVE-2026-15512 2026-07-12 A vulnerability was identified in pig-mesh Pig up to 3.9.2. Affected by this issue is some unknown functionality of the file \pig-master\pig-visual\pig-codegen\src\main\java\com\pig4cloud\pig\codegen\…

曾用名

  • Injection (2008-04-11)
  • Failure to Sanitize Data into a Different Plane (aka 'Injection') (2009-05-27)
  • Failure to Sanitize Data into a Different Plane ('Injection') (2010-06-21)

內容提交

名稱
CLASP
日期
2006-07-19
版本
Draft 3

內容修訂

日期 名稱 版本 重要性 評論
2008-07-01 Eric Dalci 1.0 updated Time_of_Introduction
2008-08-15 1.0 Suggested OWASP Top Ten 2004 mapping
2008-09-08 CWE Content Team 1.0 updated Common_Consequences, Description, Relationships, Other_Notes, Relationship_Notes, Taxonomy_Mappings, Weakness_Ordinalities
2009-01-12 CWE Content Team 1.2 updated Relationships
2009-05-27 CWE Content Team 1.4 updated Name, Related_Attack_Patterns
2009-07-27 CWE Content Team 1.5 updated Relationships
2009-10-29 CWE Content Team 1.6 updated Description, Other_Notes
2010-02-16 CWE Content Team 1.8 updated Relationships
2010-04-05 CWE Content Team 1.8.1 updated Related_Attack_Patterns
2010-06-21 CWE Content Team 1.9 updated Description, Name
2010-12-13 CWE Content Team 1.11 updated Common_Consequences, Relationship_Notes
2011-06-01 CWE Content Team 1.13 updated Common_Consequences
2012-05-11 CWE Content Team 2.2 updated Related_Attack_Patterns, Relationships
2012-10-30 CWE Content Team 2.3 updated Potential_Mitigations
2014-02-18 CWE Content Team 2.6 updated Related_Attack_Patterns
2014-06-23 CWE Content Team 2.7 updated Relationships
2014-07-30 CWE Content Team 2.8 updated Relationships, Taxonomy_Mappings
2015-12-07 CWE Content Team 2.9 updated Relationships
2017-01-19 CWE Content Team 2.10 updated Relationships
2017-05-03 CWE Content Team 2.11 updated Potential_Mitigations, Related_Attack_Patterns
2017-11-08 CWE Content Team 3.0 updated Applicable_Platforms, Causal_Nature, Likelihood_of_Exploit, Modes_of_Introduction, Relationships
2018-03-27 CWE Content Team 3.1 updated Relationships
2019-01-03 CWE Content Team 3.2 updated Related_Attack_Patterns
2019-06-20 CWE Content Team 3.3 updated Related_Attack_Patterns, Relationships
2020-02-24 CWE Content Team 4.0 updated References, Relationship_Notes, Relationships, Theoretical_Notes
2020-06-25 CWE Content Team 4.1 updated Potential_Mitigations
2020-08-20 CWE Content Team 4.2 updated Related_Attack_Patterns, Relationships
2021-10-28 CWE Content Team 4.6 updated Relationships
2022-04-28 CWE Content Team 4.7 updated Demonstrative_Examples, Related_Attack_Patterns
2022-06-28 CWE Content Team 4.8 updated Observed_Examples
2022-10-13 CWE Content Team 4.9 updated Observed_Examples
2023-01-31 CWE Content Team 4.10 updated Description
2023-04-27 CWE Content Team 4.11 updated Detection_Factors, Relationships, Time_of_Introduction
2023-06-29 CWE Content Team 4.12 updated Mapping_Notes
2024-07-16 CWE Content Team 4.15 updated Observed_Examples
2024-11-19 CWE Content Team 4.16 updated Demonstrative_Examples, Observed_Examples
2025-09-09 CWE Content Team 4.18 updated Demonstrative_Examples
2025-12-11 CWE Content Team 4.19 updated Demonstrative_Examples, Description, Diagram, Maintenance_Notes, Other_Notes, References, Relationships
2026-04-30 CWE Content Team 4.20 updated Mapping_Notes

貢獻

類型 名稱 日期 評論
Content Nadav Noy, Roy Blit 2022-10-24 Suggested CI/CD coverage and provided demonstrative example
cvelogic Threat Intelligence