Home Owners Collection Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter in /members/view_member.php.
SQL injection vulnerability in index.php in Netious CMS 0.4 allows remote attackers to execute arbitrary SQL commands via the pageid parameter, a different vector than CVE-2006-4047.
SQL injection vulnerability in register.asp in Snitz Forums 2000 before 3.4.03, and possibly 3.4.07 and earlier, allows remote attackers to execute arbitrary stored procedures via the Email variable.
A vulnerability, which was classified as critical, has been found in osCommerce 4. Affected by this issue is some unknown functionality of the file /b2b-supermarket/shopping-cart of the component POST Parameter Handler. The manipulation of the argument estimate[country_id] leads to sql injection. The attack may be launched remotely. The identifier of this vulnerability is VDB-247160. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
A blind SQL injection vulnerability is present in Chop Slider 3, a WordPress plugin. The vulnerability is introduced in the id GET parameter supplied to get_script/index.php, and allows an attacker to execute arbitrary SQL queries in the context of the WP database user.
Online Ordering System 2.3.2 is vulnerable to SQL Injection via /ordering/admin/stockin/index.php?view=edit&id=.
School Dormitory Management System 1.0 is vulnerable to SQL Injection via reports/daily_collection_report.php:59.
elitecms v1.01 is vulnerable to SQL Injection via admin/edit_post.php.
Multiple SQL injection vulnerabilities in TAGWORX.CMS 3.00.02 allow remote attackers to execute arbitrary SQL commands via the (1) cid parameter to contact.php and the (2) nid parameter to news.php.
Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/classes/Master.php?f=pay_order.
A vulnerability classified as critical has been found in Netentsec NS-ASG Application Security Gateway 6.3.1. This affects an unknown part of the file index.php?para=index of the component Login. The manipulation of the argument check_VirtualSiteId leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249183.
Rukovoditel 2.5.2 is affected by a SQL injection vulnerability because of improper handling of the reports_id (POST) parameter.
An issue was discovered in Programi 014 31.01.2020. It has multiple SQL injection vulnerabilities.
A vulnerability was found in PHPGurukul Apartment Visitors Management System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/bwdates-passreports-details.php. The manipulation of the argument fromdate/todate leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
elitecms 1.01 is vulnerable to SQL Injection via admin/edit_sidebar.php?page=2&sidebar=
A vulnerability, which was classified as critical, has been found in Hongjing e-HR 2020. Affected by this issue is some unknown functionality of the file /w_selfservice/oauthservlet/%2e./.%2e/general/inform/org/loadhistroyorgtree of the component Login Interface. The manipulation of the argument parentid leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-247358 is the identifier assigned to this vulnerability.
A vulnerability classified as critical was found in PHPGurukul e-Diary Management System 1.0. This vulnerability affects unknown code of the file /my-profile.php. The manipulation of the argument fname leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.
Online Ordering System v2.3.2 was discovered to contain a SQL injection vulnerability via /ordering/admin/inventory/index.php?view=edit&id=.
SQL injection vulnerability in view_item.php in ClipBucket 2.7 RC3 (2.7.0.4.v2929-rc3) allows remote attackers to execute arbitrary SQL commands via the item parameter.
Air Cargo Management System 1.0 is vulnerable to SQL Injection via /acms/classes/Master.php?f=delete_cargo_type.
SQL injection vulnerability in news.php in Tr Script News 2.1 allows remote attackers to execute arbitrary SQL commands via the nb parameter in voir mode.
A vulnerability classified as critical has been found in Netentsec NS-ASG Application Security Gateway 6.3.1. This affects an unknown part of the file /admin/singlelogin.php?submit=1. The manipulation of the argument loginId leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-248265 was assigned to this vulnerability.
This affects the package madge before 4.0.1. It is possible to specify a custom Graphviz path via the graphVizPath option parameter which when the .image(), .svg() or .dot() functions are called, is executed by the childprocess.exec function.
Simple Inventory System v1.0 is vulnerable to SQL Injection via /inventory/table_edit_ajax.php.
Badminton Center Management System 1.0 is vulnerable to SQL Injection via /bcms/classes/Master.php?f=delete_court_rental, id.
GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. glpi-inventory-plugin is a plugin for GLPI to handle inventory management. In affected versions a SQL injection can be made using package deployment tasks. This issue has been resolved in version 1.0.2. Users are advised to upgrade. Users unable to upgrade should delete the `front/deploypackage.public.php` file if they are not using the `deploy tasks` feature.
Online Ordering System 2.3.2 is vulnerable to SQL Injection via /ordering/admin/user/index.php?view=edit&id=.
A vulnerability classified as critical has been found in Campcodes Online Food Ordering System 1.0. This affects an unknown part of the file /routers/add-item.php. The manipulation of the argument price leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
A vulnerability, which was classified as critical, has been found in code-projects Library Management System 2.0. This issue affects some unknown processing of the file login.php. The manipulation of the argument student leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249005 was assigned to this vulnerability.
SQL injection vulnerability in shopping/index.php in MyMarket 1.72 allows remote attackers to execute arbitrary SQL commands via the id parameter.
The Active Record component in Ruby on Rails before 3.0.14, 3.1.x before 3.1.6, and 3.2.x before 3.2.6 does not properly implement the passing of request data to a where method in an ActiveRecord class, which allows remote attackers to conduct certain SQL injection attacks via nested query parameters that leverage improper handling of nested hashes, a related issue to CVE-2012-2661.
Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/classes/Master.php?f=delete_inventory.
Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/admin/bookings/update_status.php?id=.
Directory Management System v1.0 was discovered to contain a SQL injection vulnerability via the searchdata parameter in search-dirctory.php.
SQL injection in the Spider Event Calendar (aka spider-event-calendar) plugin before 1.5.52 for WordPress is exploitable with the order_by parameter to calendar_functions.php or widget_Theme_functions.php, related to front_end/frontend_functions.php.
A vulnerability, which was classified as critical, was found in PHPGurukul Nipah Virus Testing Management System 1.0. This affects an unknown part of the file password-recovery.php. The manipulation of the argument username/contactno leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
School Dormitory Management System 1.0 is vulnerable to SQL Injection via accounts/view_details.php:4.
Badminton Center Management System V1.0 is vulnerable to SQL Injection via parameter 'id' in /bcms/admin/court_rentals/update_status.php.
A vulnerability was found in Campcodes Online Food Ordering System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /routers/user-router.php. The manipulation of the argument t1_verified leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
A vulnerability classified as critical was found in Campcodes Online Food Ordering System 1.0. This vulnerability affects unknown code of the file /routers/ticket-status.php. The manipulation of the argument ticket_id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
A vulnerability was found in itsourcecode Gym Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /ajax.php?action=delete_plan. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
School Dormitory Management System v1.0 was discovered to contain a SQL injection vulnerability via the month parameter at /dms/admin/reports/daily_collection_report.php.
An issue was discovered in Exponent CMS 2.4.1. This is a blind SQL injection that can be exploited by un-authenticated users via an HTTP GET request and which can be used to dump database data out to a malicious server, using an out-of-band technique, such as select_loadfile(). The vulnerability affects source_selector.php and the following parameter: src.
A vulnerability, which was classified as critical, has been found in PHPGurukul Hospital Management System 1.0. Affected by this issue is some unknown functionality of the component Admin Dashboard. The manipulation leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249356.
Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/admin/vehicles/manage_vehicle.php?id=.
SQL injection vulnerability in index.php in MyBizz-Classifieds allows remote attackers to execute arbitrary SQL commands via the cat parameter.
elitecms v1.01 is vulnerable to SQL Injection via /admin/add_sidebar.php.
Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/classes/Master.php?f=delete_vehicle.
SQL injection vulnerability in index.asp in I-Pos Internet Pay Online Store 1.3 Beta and earlier allows remote attackers to execute arbitrary SQL commands via the item parameter.
elitecms 1.01 is vulnerable to SQL Injection via /admin/edit_sidebar.php.