Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the editid parameter at orders.php.
A vulnerability was found in code-projects Simple Online Hotel Reservation System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file login.php. The manipulation of the argument username/password leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-250126 is the identifier assigned to this vulnerability.
Rescue Dispatch Management System v1.0 is vulnerable to SQL Injection via /rdms/classes/Master.php?f=delete_respondent_type.
A vulnerability was found in PHPGurukul Zoo Management System 2.1. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/profile.php. The manipulation of the argument contactnumber leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
SQL injection vulnerability in the Novalnet Payment Module Ubercart module for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
A vulnerability was found in code-projects Church Donation System 1.0. It has been classified as critical. Affected is an unknown function of the file /members/edit_Members.php. The manipulation of the argument fname leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.
Ingredient Stock Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /isms/admin/stocks/view_stock.php.
An issue was discovered in Mikrotik-Router-Monitoring-System through 2018-10-22. SQL Injection exists in check_community.php via the parameter community.
Online Accreditation Management v1.0 was discovered to contain a SQL injection vulnerability via the USERNAME parameter at process.php.
Rescue Dispatch Management System v1.0 is vulnerable to SQL Injection via /rdms/admin/respondent_types/manage_respondent_type.php?id=.
Rescue Dispatch Management System v1.0 is vulnerable to SQL Injection via /rdms/admin/incident_reports/view_report.php?id=.
A vulnerability was found in SourceCodester Apartment Visitor Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /search-result.php. The manipulation of the argument searchdata leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
A vulnerability was found in Kashipara Dynamic Lab Management System up to 1.0. It has been declared as critical. This vulnerability affects unknown code of the file login_process.php. The manipulation of the argument password leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-249874 is the identifier assigned to this vulnerability.
A vulnerability, which was classified as critical, has been found in PHPGurukul Apartment Visitors Management System 1.0. This issue affects some unknown processing of the file /admin/pass-details.php. The manipulation of the argument pid leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
ChatBot App with Suggestion v1.0 is vulnerable to SQL Injection via /simple_chat_bot/admin/?page=user/manage_user&id=.
Badminton Center Management System v1.0 is vulnerable to SQL Injection via /bcms/classes/Master.php?f=delete_service.
Rescue Dispatch Management System v1.0 is vulnerable to SQL Injection via /rdms/admin/teams/manage_team.php?id=.
SQL injection vulnerability in folder.php in Siteframe CMS 3.2.3 and earlier, and Siteframe Beaumont 5.0.5 and earlier, allows remote attackers to execute arbitrary SQL commands via the id parameter.
Rescue Dispatch Management System v1.0 is vulnerable to SQL Injection via /rdms/admin/incidents/view_incident.php?id=.
A vulnerability was determined in code-projects Job Diary 1.0. This vulnerability affects unknown code of the file /edit-details.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
A vulnerability classified as critical has been found in Campcodes Online Food Ordering System 1.0. This affects an unknown part of the file /view-ticket-admin.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
SQL injection vulnerability in leggi.php in geccBBlite 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
Rescue Dispatch Management System v1.0 is vulnerable to SQL Injection via \rdms\admin?page=user\manage_user&id=.
SQL injection vulnerability in index.php in FreeCMS 0.2 allows remote attackers to execute arbitrary SQL commands via the page parameter.
Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/classes/Master.php?f=delete_request.
Rescue Dispatch Management System v1.0 is vulnerable to SQL Injection via /rdms/admin/incident_reports/manage_report.php?id=.
Badminton Center Management System v1.0 is vulnerable to SQL Injection via /bcms/admin/courts/manage_court.php?id=.
SQL injection vulnerability in article/readarticle.php in AJ Square aj-hyip (aka AJ HYIP Acme) allows remote attackers to execute arbitrary SQL commands via the artid parameter.
SQL injection vulnerability in the login form in GSI WiNPAT Portal 3.2.0.1001 through 3.6.1.0 allows remote attackers to execute arbitrary SQL commands via the username field.
YoudianCMS v9.5.0 was discovered to contain a SQL injection vulnerability via the IdList parameter at /App/Lib/Action/Home/ApiAction.class.php.
A vulnerability classified as critical was found in SourceCodester Aplaya Beach Resort Online Reservation System 1.0. Affected by this vulnerability is an unknown functionality of the file admin/login.php. The manipulation of the argument email leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-259453 was assigned to this vulnerability.
A vulnerability was found in itsourcecode Gym Management System 1.0. It has been classified as critical. This affects an unknown part of the file /ajax.php?action=save_payment. The manipulation of the argument registration_id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
vBulletin before 5.5.6pl1, 5.6.0 before 5.6.0pl1, and 5.6.1 before 5.6.1pl1 has incorrect access control.
A vulnerability was found in Campcodes Online Patient Record Management System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/login.php. The manipulation of the argument password leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-259071.
Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the loginid parameter at adminlogin.php.
SQL injection vulnerability in catalogue.php in AShop Deluxe 4.x allows remote attackers to execute arbitrary SQL commands via the cat parameter.
SQL injection vulnerability in the beamospetition (com_beamospetition) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the pet parameter to index.php.
Rescue Dispatch Management System v1.0 is vulnerable to SQL Injection via rdms/admin/respondent_types/view_respondent_type.php?id=.
SQL injection vulnerability in the eQuotes (com_equotes) component 0.9.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php.
Badminton Center Management System v1.0 is vulnerable to SQL Injection via /bcms/admin/?page=user/manage_user&id=.
A vulnerability was found in Campcodes Sales and Inventory System 1.0 and classified as critical. This issue affects some unknown processing of the file /pages/customer_update.php. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
A vulnerability, which was classified as critical, has been found in AMTT HiBOS 1.0. Affected by this issue is some unknown functionality. The manipulation of the argument Type leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-247340. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
RainbowFish PacsOne Server 6.8.4 allows SQL injection on the username parameter in the signup page.
A vulnerability has been found in itsourcecode Gym Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /ajax.php?action=delete_trainer. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
SQL injection vulnerability in dreamnews-rss.php in DreamNews Manager allows remote attackers to execute arbitrary SQL commands via the id parameter.
A vulnerability has been found in Campcodes Online College Library System 1.0 and classified as critical. This vulnerability affects unknown code of the file index.php of the component Search. The manipulation of the argument category leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-249178 is the identifier assigned to this vulnerability.
Online Course Registration 2.0 has multiple SQL injections that would can lead to a complete database compromise and authentication bypass in the login pages: admin/change-password.php, admin/check_availability.php, admin/index.php, change-password.php, check_availability.php, includes/header.php, index.php, and pincode-verification.php.
A SQL injection issue was found in SFOS 17.0, 17.1, 17.5, and 18.0 before 2020-04-25 on Sophos XG Firewall devices, as exploited in the wild in April 2020. This affected devices configured with either the administration (HTTPS) service or the User Portal exposed on the WAN zone. A successful attack may have caused remote code execution that exfiltrated usernames and hashed passwords for the local device admin(s), portal admins, and user accounts used for remote access (but not external Active Directory or LDAP passwords)
A vulnerability was found in itsourcecode Gym Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /ajax.php?action=save_schedule. The manipulation of the argument member_id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
The Modern Events Calendar Lite WordPress plugin before 6.1.5 does not sanitise and escape the time parameter before using it in a SQL statement in the mec_load_single_page AJAX action, available to unauthenticated users, leading to an unauthenticated SQL injection issue