A vulnerability classified as critical was found in projectworlds Online Lawyer Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /user_registation.php. The manipulation of the argument email leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Multiple SQL injection vulnerabilities in month.php in PHP Lite Calendar Express 2.2 allow remote attackers to execute arbitrary SQL commands via the (1) catid and (2) cid parameter. NOTE: this might be a duplicate of CVE-2005-4009.c.
A vulnerability, which was classified as critical, has been found in 1000 Projects Daily College Class Work Report Book 1.0. This issue affects some unknown processing of the file /admin_info.php. The manipulation of the argument batch leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
A vulnerability was found in Campcodes Online Shopping Portal 1.0. It has been rated as critical. This issue affects some unknown processing of the file /my-account.php. The manipulation of the argument Name leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
SQL injection vulnerability in full_txt.php in Werner Hilversum Clean CMS 1.5 allows remote attackers to execute arbitrary SQL commands via the id parameter.
SQL injection vulnerability in the add_hit function in include/function.inc.php in Coppermine Photo Gallery (CPG) 1.4.8, when "Keep detailed hit statistics" is enabled, allows remote attackers to execute arbitrary SQL commands via the (1) referer and (2) user-agent HTTP headers.
A vulnerability was found in projectworlds Online Time Table Generator 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/add_course.php. The manipulation of the argument c/subname leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
SQL injection vulnerability in Joomla! 3.7.x before 3.7.1 allows attackers to execute arbitrary SQL commands via unspecified vectors.
Multiple SQL injection vulnerabilities in war.php in Virtual War (VWar) 1.5.0 R14 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) s, (2) showgame, (3) sortorder, and (4) sortby parameters.
SQL injection vulnerability in big.php in Mafia Moblog 0.6M1 and earlier allows remote attackers to execute arbitrary SQL commands via the img parameter.
SQL injection vulnerability in index.php in MobeScripts Mobile Space Community 2.0 allows remote attackers to execute arbitrary SQL commands via the browse parameter.
SQL injection vulnerability in TikiWiki 1.9.3.2 and possibly earlier versions allows remote attackers to execute arbitrary SQL commands via unknown attack vectors.
SQL Injection in Rockoa v1.8.7 allows remote attackers to gain privileges due to loose filtering of parameters in wordAction.php.
SQL injection vulnerability in forum.asp in GO4I.NET ASP Forum 1.0 allows remote attackers to execute arbitrary SQL commands via the iFor parameter.
Multiple SQL injection vulnerabilities in MvBlog before 1.6 allow remote attackers to execute arbitrary SQL commands via unknown vectors.
SQL injection vulnerability in Load.php in Simple Machines Forum (SMF) 1.1.4 and earlier allows remote attackers to execute arbitrary SQL commands by setting the db_character_set parameter to a multibyte character set such as big5, which causes the addslashes PHP function to produce a "\" (backslash) sequence that does not quote the "'" (single quote) character, as demonstrated via a manlabels action to index.php.
A vulnerability was found in PHPGurukul Online Marriage Registration System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/between-dates-application-report.php. The manipulation of the argument fromdate/todate leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
SQL injection vulnerability in inc/start.php in FlexBB 0.5.5 and earlier allows remote attackers to execute arbitrary SQL commands via the flexbb_username COOKIE parameter.
A vulnerability, which was classified as critical, was found in SourceCodester Client Database Management System 1.0. This affects an unknown part of the file /user_proposal_update_order.php. The manipulation of the argument order_id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Multiple SQL injection vulnerabilities in misc.php in MySmartBB 1.1.x allow remote attackers to execute arbitrary SQL commands via the (1) id and (2) username parameters.
Multiple SQL injection vulnerabilities in Pro Publish 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) email and (2) password parameter to (a) admin/login.php, (3) find_str parameter to (b) search.php, or (4) artid parameter to (c) art.php, or (5) catid parameter to (d) cat.php.
ED01-CMS v1.0 was discovered to contain a SQL injection in the component cposts.php via the cid parameter.
SQL injection vulnerability in admin_default.asp in OzzyWork Galeri allows remote attackers to execute arbitrary SQL commands via the (1) Login or (2) password fields.
Co-work Space Search Script 1.0 has SQL Injection via the /list city parameter.
An issue was discovered on Accellion FTA devices before FTA_9_12_180. A report_error.php?year='payload SQL injection vector exists.
SQL injection vulnerability in FlexCustomer 0.0.4 and earlier allows remote attackers to bypass authentication and execute arbitrary SQL commands via the admin and ordinary user interface, probably involving the (1) checkuser and (2) checkpass parameters to (a) admin/index.php, and (3) username and (4) password parameters to (b) index.php. NOTE: it was later reported that 0.0.6 is also affected.
SQL injection vulnerability in PCPIN Chat 5.0.4 and earlier allows remote attackers to execute arbitrary SQL commands via the username field (login parameter) to main.php.
SQL injection vulnerability in Logon.asp in MaxxSchedule 1.0 allows remote attackers to execute arbitrary SQL commands via the txtLogon parameter.
A vulnerability classified as critical has been found in itsourcecode Sales and Inventory System 1.0. Affected is an unknown function of the file /pages/product_add.php. The manipulation of the argument serial leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.
SQL injection vulnerability in Rss.php in MauryCMS 0.53.2 and earlier allows remote attackers to execute arbitrary SQL commands via the c parameter.
SQL injection vulnerability in gallery.php in Plogger Beta 2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter, when the level is set to "slideshow". NOTE: This is a different vulnerability than CVE-2005-4246.
FUEL CMS 1.4.7 allows SQL Injection via the col parameter to /pages/items, /permissions/items, or /navigation/items.
SQL injection vulnerability in index.php in OneOrZero 1.6.3.0 allows remote attackers to execute arbitrary SQL commands via the id parameter, possibly in the kans action.
SQL injection vulnerability in army.php in supersmashbrothers (SSB) Army System 2.1.0 for Invision Power Board (IPB) allows remote attackers to execute arbitrary SQL commands via the userstat parameter in an army action to index.php.
SQL Injection vulnerability in Online Book Store v1.0 via the bookisbn parameter to admin_delete.php, which could let a remote malicious user execute arbitrary code.
Multiple SQL injection vulnerabilities in the Admin functionality in Joomla! 1.0.7 and earlier allow remote authenticated administrators to execute arbitrary SQL commands via unknown attack vectors.
SQL Injextion vulnerability exists in Whatsns 4.0 via the ip parameter in index.php?admin_banned/add.htm.
SQL injection vulnerability in index.php in Miniweb 2.0 allows remote attackers to execute arbitrary SQL commands via the username parameter in a login action.
SQL injection vulnerability in index.php in Tilde CMS 3.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
A vulnerability has been found in PHPGurukul User Registration & Login and User Management System 3.3 and classified as critical. This vulnerability affects unknown code of the file /edit-profile.php. The manipulation of the argument Contact leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
SQL injection vulnerability in Hitachi Business Logic - Container 02-03 through 03-00-/B on Windows, and 03-00 through 03-00-/B on Linux, allows remote attackers to execute arbitrary SQL commands via unspecified vectors in the extended receiving box function.
An issue was discovered on Accellion FTA devices before FTA_9_12_180. Because mysql_real_escape_string is misused, seos/courier/communication_p2p.php allows SQL injection with the app_id parameter.
Water-billing-management-system v1.0 is vulnerable to SQL Injection via /wbms/classes/Master.php?f=delete_client, id
A vulnerability was found in SourceCodester Apartment Visitor Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /profile.php. The manipulation of the argument mobilenumber leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.
Multiple SQL injection vulnerabilities in phpWebsite 0.83 and earlier allow remote attackers to execute arbitrary SQL commands via the sid parameter to (1) friend.php or (2) article.php.
SQL injection vulnerability in Fussballtippspiel (toto) 0.1.1 and earlier extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors.
SQL injection vulnerability in misc.php in MyBulletinBoard (MyBB) 1.03, when register_globals is enabled, allows remote attackers to execute arbitrary SQL commands by setting the comma variable value via the comma parameter in a cookie. NOTE: 1.04 has also been reported to be affected.
SQL injection vulnerability in SourceCodester Alumni Management System v 1.0 allows remote attackers to execute arbitrary SQL statements, via the id parameter to manage_event.php.
SQL Injection in ZZZCMS zzzphp 1.7.1 allows remote attackers to execute arbitrary code due to a lack of parameter filtering in inc/zzz_template.php.
Multiple SQL injection vulnerabilities in sendcard.php in sendcard before 3.3.0 allow remote attackers to execute arbitrary SQL commands via unspecified parameters.