Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/classes/Master.php?f=delete_team.
SQL injection vulnerability in the Slideshare extension 0.1.0 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
Online Accreditation Management v1.0 was discovered to contain a SQL injection vulnerability via the USERNAME parameter at process.php.
Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the loginid parameter at adminlogin.php.
SQL injection vulnerability in Ginkgo CMS 5.0 allows remote attackers to execute arbitrary SQL commands via the rang parameter to index.php.
IBM InfoSphere Information Server 11.5 and 11.7 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 154494.
Rescue Dispatch Management System v1.0 is vulnerable to SQL Injection via /rdms/admin/incident_reports/view_report.php?id=.
SQL injection vulnerability in the CoolURI extension before 1.0.30 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
kkcms v1.3.7 was discovered to contain a SQL injection vulnerability via the cid parameter at /template/wapian/vlist.php.
YoudianCMS v9.5.0 was discovered to contain a SQL injection vulnerability via the IdList parameter at /App/Lib/Action/Home/ApiAction.class.php.
SQL injection vulnerability in the RSS page (DNNArticleRSS.aspx) in the ZLDNN DNNArticle module before 10.1 for DotNetNuke allows remote attackers to execute arbitrary SQL commands via the categoryid parameter.
SQL injection vulnerability in property_listings_detail.php in Real Estate PHP Script allows remote attackers to execute arbitrary SQL commands via the listingid parameter.
HuCart 5.7.4 has SQL injection in get_ip() in system/class/helper_class.php via the X-Forwarded-For HTTP header to the user/index.php?load=login&act=act_login URI.
SQL injection vulnerability in SAP NetWeaver 7.30 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, related to "ABAD0_DELETE_DERIVATION_TABLE."
Multiple SQL injection vulnerabilities in Plikli CMS 4.0.0 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to join_group.php or (2) comment_id parameter to story.php.
Rescue Dispatch Management System v1.0 is vulnerable to SQL Injection via /rdms/admin/teams/manage_team.php?id=.
SQL injection vulnerability in inc/common.php in GlobalMegaCorp dvddb 0.6 allows remote attackers to execute arbitrary SQL commands via the user parameter. NOTE: this issue has been disputed by a reliable third party, who states that inc/common.php only contains function definitions
Multiple SQL injection vulnerabilities in AlienVault Open Source Security Information Management (OSSIM) 4.1 allow remote attackers to execute arbitrary SQL commands via the (1) sensor parameter in a Query action to forensics/base_qry_main.php; the (2) tcp_flags[] or (3) tcp_port[0][4] parameter to forensics/base_stat_alerts.php; the (4) ip_addr[1][8] or (5) port_type parameter to forensics/base_stat_ports.php; or the (6) sortby or (7) rvalue parameter in a search action to vulnmeter/index.php.
Zoho ManageEngine OpManager 12.3 before 123238 allows SQL injection via the getGraphData API.
SQL injection vulnerability in install.php in mcRefer allows remote attackers to execute arbitrary SQL commands via unspecified vectors. NOTE: this issue has been disputed by a third party, stating that the file does not use a SQL database
Badminton Center Management System v1.0 is vulnerable to SQL Injection via /bcms/admin/courts/manage_court.php?id=.
Fast Food Ordering System v1.0 is vulnerable to SQL Injection via /ffos/admin/menus/view_menu.php?id=.
Centreon 3.4.x (fixed in Centreon 18.10.0 and Centreon web 2.8.27) allows SNMP trap SQL Injection.
Rescue Dispatch Management System v1.0 is vulnerable to SQL Injection via \rdms\admin?page=user\manage_user&id=.
Rescue Dispatch Management System v1.0 is vulnerable to SQL Injection via /rdms/admin/incidents/manage_incident.php?id=.
A vulnerability was found in SourceCodester Doctors Appointment System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file login.php. The manipulation of the argument useremail leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-236365 was assigned to this vulnerability.
SQL injection vulnerability in index.php in Anzeigenmarkt 2011 allows remote attackers to execute arbitrary SQL commands via the q parameter in a list action.
Multiple SQL injection vulnerabilities in (a) index.php and (b) dl.php in SmE FileMailer 1.21 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) ps, (2) us, (3) f, or (4) code parameter. NOTE: the us vector in index.php is already covered by CVE-2007-0346.
Open Faculty Evaluation System 5.6 for PHP 5.6 allows submit_feedback.php SQL Injection, a different vulnerability than CVE-2018-18758.
Online Ordering System By janobe 2.3.2 is vulneranle to SQL Injection via /ordering/index.php?q=products&id=.
WikidForum 2.20 has SQL Injection via the rpc.php parent_post_id or num_records parameter, or the index.php?action=search select_sort parameter.
IdeaTMS 2022 is vulnerable to SQL Injection via the PATH_INFO
internal/advanced_comment_system/admin.php in Advanced Comment System 1.0 is prone to an SQL injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query, allowing remote attackers to execute the sqli attack via a URL in the "page" parameter. NOTE: The product is discontinued.
mysql-binuuid-rails 1.1.0 and earlier allows SQL Injection because it removes default string escaping for affected database columns.
Directory Management System v1.0 was discovered to contain a SQL injection vulnerability via the editid parameter in view-directory.php.
Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/classes/Master.php?f=delete_vehicle.
SQL Injection exists in the Tribulant Slideshow Gallery plugin 1.6.8 for WordPress via the wp-admin/admin.php?page=slideshow-galleries&method=save Gallery[id] or Gallery[title] parameter.
SQL injection vulnerability in banner.php in Unique Ads (UDS) 1.x allows remote attackers to execute arbitrary SQL commands via the bid parameter.
Deltek Vision 7.x before 7.6 permits the execution of any attacker supplied SQL statement through a custom RPC over HTTP protocol. The Vision system relies on the client binary to enforce security rules and integrity of SQL statements and other content being sent to the server. Client HTTP calls can be manipulated by one of several means to execute arbitrary SQL statements (similar to SQLi) or possibly have unspecified other impact via this custom protocol. To perform these attacks an authenticated session is first required. In some cases client calls are obfuscated by encryption, which can be bypassed due to hard-coded keys and an insecure key rotation protocol. Impacts may include remote code execution in some deployments; however, the vendor states that this cannot occur when the installation documentation is heeded.
Grapixel New Media v2.0 allows SQL Injection via the pages.aspx pageref parameter.
School Event Management System 1.0 has SQL Injection via the student/index.php or event/index.php id parameter.
PhpTpoint Pharmacy Management System suffers from a SQL injection vulnerability in the index.php username parameter.
K-iwi Framework 1775 has SQL Injection via the admin/user/group/update user_group_id parameter or the admin/user/user/update user_id parameter.
apps\admin\controller\content\SingleController.php in PbootCMS before V1.3.0 build 2018-11-12 has SQL Injection, as demonstrated by the POST data to the admin.php/Single/mod/mcode/1/id/3 URI.
elitecms 1.01 is vulnerable to SQL Injection via /admin/edit_sidebar.php.
Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/admin/bookings/update_status.php?id=.
An issue was discovered in zzcms 8.3. SQL Injection exists in zs/zs_list.php via a pxzs cookie.
Online Ordering System 2.3.2 is vulnerable to SQL Injection via /ordering/admin/user/index.php?view=edit&id=.
Simple Bus Ticket Booking System 1.0 is vulnerable to SQL Injection via /SimpleBusTicket/index.php.
SQL injection vulnerability in status/service/acknowledge in Opsview before 4.4.1 allows remote attackers to execute arbitrary SQL commands via the service_selection parameter.