Pradeep Makone wordpress Support Plus Responsive Ticket System version 9.0.2 and earlier contains a SQL Injection vulnerability in the function to get tickets, the parameter email in cookie was injected that can result in filter the parameter. This attack appear to be exploitable via web site, without login. This vulnerability appears to have been fixed in 9.0.3 and later.
Improper input validation in Citrix XenMobile Server 10.12 before RP3, Citrix XenMobile Server 10.11 before RP6, Citrix XenMobile Server 10.10 RP6 and Citrix XenMobile Server before 10.9 RP5 allows SQL Injection.
A vulnerability was found in code-projects Online Ordering System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/delete_member.php. The manipulation of the argument ID leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Multiple SQL injection vulnerabilities in yBlog 0.2.2.2 allow remote attackers to execute arbitrary SQL commands via (1) the q parameter to search.php, or the n parameter to (2) user.php or (3) uss.php.
SQL injection vulnerability in index.php in Mole Group Hotel Script 1.0 allows remote attackers to execute arbitrary SQL commands via the file parameter.
Multiple SQL injection vulnerabilities in Meto Forum 1.1 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to (a) admin/duzenle.asp and (b) admin_oku.asp; the (2) kid parameter to (c) kategori.asp and (d) admin_kategori.asp; and unspecified parameters to (e) uye.asp and (f) oku.asp.
SQL injection vulnerability in the Trade module in Maxtrade AIO 1.3.23 allows remote attackers to execute arbitrary SQL commands via the categori parameter in a pocategorisell action to modules.php.
A vulnerability was identified in Campcodes Online Recruitment Management System 1.0. This issue affects some unknown processing of the file /Recruitment/index.php?page=view_vacancy. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Multiple SQL injection vulnerabilities in eLineStudio Site Composer (ESC) 2.6 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to ansFAQ.asp and the (2) template_id parameter to preview.asp.
Multiple SQL injection vulnerabilities in News Manager 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) lang parameter to (a) advsearch.php, (b) archive.php, and (c) index.php, and the (2) pid parameter to (d) list_tagitems.php.
SQL injection vulnerability in admin/journal_change_mask.inc.php in meBiblio 0.4.7 allows remote attackers to execute arbitrary SQL commands via the JID parameter.
SQL injection vulnerability in ad.php in plx Ad Trader 3.2 allows remote attackers to execute arbitrary SQL commands via the adid parameter in a redir action.
Multiple SQL injection vulnerabilities in catalog.php in SMEWeb 1.4b and 1.4f allow remote attackers to execute arbitrary SQL commands via the (1) idp and (2) category parameters.
An issue was discovered in Simplejobscript.com SJS through 1.66. There is an unauthenticated SQL injection via the job applications search function. The vulnerable parameter is job_id. The function is getJobApplicationsByJobId(). The file is _lib/class.JobApplication.php.
SQL injection vulnerability in the EasyBook (com_easybook) component 1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the gbid parameter in a deleteentry action to index.php.
SQL injection vulnerability in the Pinboard extension 0.0.6 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
SQL injection vulnerability in showQAnswer.asp in How2ASP.net Webboard 4.1 allows remote attackers to execute arbitrary SQL commands via the qNo parameter.
SQL injection vulnerability in todos.php in C. Desseno YouTube Blog (ytb) 0.1 allows remote attackers to execute arbitrary SQL commands via the id parameter, a different vector than CVE-2008-3306.
SQL injection vulnerability in info_book.asp in DigiLeave 1.2 and earlier allows remote attackers to execute arbitrary SQL commands via the book_id parameter.
A vulnerability, which was classified as critical, was found in SourceCodester Simple Customer Relationship Management System 1.0. This affects an unknown part of the file /php-scrm/login.php. The manipulation of the argument Password leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-221493 was assigned to this vulnerability.
SQL injection vulnerability in pages/index.php in BASIC-CMS allows remote attackers to execute arbitrary SQL commands via the page_id parameter.
SQL injection vulnerability in the Library for Frontend Plugins (aka sg_zfelib) extension 1.1.512 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified "user input."
SuiteCRM through 7.11.11 has Incorrect Access Control via action_saveHTMLField Bean Manipulation.
SQL injection vulnerability in faq.php in vBulletin 3.7.0 Gold allows remote attackers to execute arbitrary SQL commands via the q parameter in a search action.
SQL injection vulnerability in vlc_forum.php in Avlc Forum as of 20080715 allows remote attackers to execute arbitrary SQL commands via the id parameter in an affich_message action.
SQL injection vulnerability in the Codeon Petition (cd_petition) extension 0.0.2 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
SQL injection vulnerability in comments.php in DCFM Blog 0.9.4 allows remote attackers to execute arbitrary SQL commands via the id parameter.
SQL injection vulnerability in demo.php in Typing Pal 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the idTableProduit parameter.
SQL injection vulnerability in index.php in MAXSITE 1.10 and earlier allows remote attackers to execute arbitrary SQL commands via the category parameter in a webboard action.
An issue was discovered in EyesOfNetwork 5.3. The EyesOfNetwork API 2.4.2 is prone to SQL injection, allowing an unauthenticated attacker to perform various tasks such as authentication bypass via the username field to getApiKey in include/api_functions.php.
SQL injection vulnerability in clanek.php in OwnRS Beta 3 allows remote attackers to execute arbitrary SQL commands via the id parameter.
SQL injection vulnerability in php/leer_comentarios.php in FlashBlog allows remote attackers to execute arbitrary SQL commands via the articulo_id parameter.
A vulnerability was found in Campcodes Online Hotel Reservation System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/index.php of the component Login. The manipulation of the argument username/password leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
SQL injection vulnerability in guide.php in ResearchGuide 0.5 allows remote attackers to execute arbitrary SQL commands via the id parameter.
SQL injection vulnerability in pilot.asp in ASPilot Pilot Cart 7.3 allows remote attackers to execute arbitrary SQL commands via the article parameter in a kb action.
A vulnerability was identified in SourceCodester COVID 19 Testing Management System 1.0. This affects an unknown part of the file /test-details.php. The manipulation of the argument remark leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
SQL injection vulnerability in staticpages/easypublish/index.php in MyioSoft EasyPublish 3.0tr (trial edition) allows remote attackers to execute arbitrary SQL commands via the read parameter in a search action.
SQL injection vulnerability in register.php in GeniXCMS before 1.0.0 allows remote attackers to execute arbitrary SQL commands via the activation parameter.
SQL injection vulnerability in paidbanner.php in LM Starmail Paidmail 2.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter.
SQL injection vulnerability in index.php in MycroCMS 0.5, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the entry_id parameter.
SQL injection vulnerability in play.php in PHPmotion 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the vid parameter.
Multiple SQL injection vulnerabilities in BP Blog 6.0 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to template_permalink.asp and (2) cat parameter to template_archives_cat.asp.
Multiple SQL injection vulnerabilities in doITLive CMS 2.50 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) ID parameter in an USUB action to default.asp and the (2) Licence[SpecialLicenseNumber] (aka LicenceId) cookie to edit/default.asp.
SQL injection vulnerability in secciones/tablon/tablon.php in WebCMS Portal Edition allows remote attackers to execute arbitrary SQL commands via the id parameter to portal/index.php in a tablon action. NOTE: some of these details are obtained from third party information.
SQL injection vulnerability in jSite 1.0 OE allows remote attackers to execute arbitrary SQL commands via the page parameter to the default URI.
A vulnerability was found in Campcodes Online Flight Booking Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/ajax.php?action=login of the component Login. The manipulation of the argument Username leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
SQL injection vulnerability in index.php in AlstraSoft Affiliate Network Pro allows remote attackers to execute arbitrary SQL commands via the pgm parameter in a directory action.
SQL injection vulnerability in index.php in Carscripts Classifieds allows remote attackers to execute arbitrary SQL commands via the cat parameter.
SQL injection vulnerability in default.asp in EfesTECH Shop 2.0 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in an urunler action.
SQL injection vulnerability in picture_pic_bv.asp in SoftAcid Hotel Reservation System (HRS) Multi allows remote attackers to execute arbitrary SQL commands via the key parameter.