SQL injection vulnerability in takefreestart.php in PreProjects Pre Online Tests Generator Pro allows remote attackers to execute arbitrary SQL commands via the tid2 parameter.
SQL injection vulnerability in page.php in Pre Printing Press allows remote attackers to execute arbitrary SQL commands via the id parameter.
SQL injection vulnerability in product_desc.php in Pre Printing Press allows remote attackers to execute arbitrary SQL commands via the pid parameter.
SQL injection vulnerability in detailad.asp in Pre Classified Listings ASP allows remote attackers to execute arbitrary SQL commands via the siteid parameter.
SQL injection vulnerability in search_result.asp in Pre Projects Pre E-Learning Portal allows remote attackers to execute arbitrary SQL commands via the course_ID parameter.
Multiple SQL injection vulnerabilities in login.php in Pre Projects Pre Real Estate Listings allow remote attackers to execute arbitrary SQL commands via (1) the us parameter (aka the Username field) or (2) the ps parameter (aka the Password field).
SQL injection vulnerability in manager/login.php in Pre Projects Pre Real Estate Listings allows remote attackers to execute arbitrary SQL commands via the username1 parameter (aka the Admin field or Username field).
SQL injection vulnerability in detailad.asp in Pre Classified Listings 1.0 allows remote attackers to execute arbitrary SQL commands via the siteid parameter.
SQL injection vulnerability in siteadmin/forgot.php in PHP JOBWEBSITE PRO allows remote attackers to execute arbitrary SQL commands via the adname parameter in a Submit action.
SQL injection vulnerability in Tour.php in Pre Projects Pre Podcast Portal allows remote attackers to execute arbitrary SQL commands via the id parameter.
SQL injection vulnerability in search.php in Pre Real Estate Listings allows remote attackers to execute arbitrary SQL commands via the c parameter.
SQL injection vulnerability in jobseekers/JobSearch3.php (aka the search module) in PHP JOBWEBSITE PRO allows remote attackers to execute arbitrary SQL commands via the (1) kw or (2) position parameter. NOTE: some of these details are obtained from third party information.
SQL injection vulnerability in productsofcat.asp in E-SMART CART allows remote attackers to execute arbitrary SQL commands via the category_id parameter.
Multiple SQL injection vulnerabilities in jobseekers/JobSearch.php (aka the search module) in Pre Job Board allow remote attackers to execute arbitrary SQL commands via the (1) position or (2) kw parameter.
SQL injection vulnerability in emall/search.php in Pre Shopping Mall 1.1 allows remote attackers to execute arbitrary SQL commands via the search parameter.
SQL injection vulnerability in page.php in Pre Studio Business Cards Designer allows remote attackers to execute arbitrary SQL commands via the id parameter.
homeadmin/adminhome.php in Pre ADS Portal 2.0 and earlier does not require administrative authentication, which allows remote attackers to have an unspecified impact via a direct request.
Pre Classified Listing PHP allows remote attackers to bypass authentication and gain administrative access by setting the (1) adminname and the (2) adminid cookies to "admin".
Pre Shopping Mall allows remote attackers to bypass authentication and gain administrative access by setting the (1) adminname and the (2) adminid cookies to "admin".
Multiple SQL injection vulnerabilities in Pre ADS Portal 2.0 and earlier, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) cid parameter to showcategory.php and the (2) id parameter to software-description.php.
A vulnerability was found in code-projects Online Quiz Site 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file signupuser.php. The manipulation of the argument lid leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Simple Bus Ticket Booking System 1.0 is vulnerable to SQL Injection via /SimpleBusTicket/index.php.
Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/admin/?page=user/manage_user&id=.
SQL injection vulnerability in the News Search (news_search) extension 0.1.0 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
Directory Management System v1.0 was discovered to contain a SQL injection vulnerability via the editid parameter in view-directory.php.
A vulnerability was found in code-projects Student Record System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /index.php. The manipulation of the argument regno leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUTransferHistory Get method requests. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of the underlying database. Was ZDI-CAN-4230.
SQL injection vulnerability in display.asp in Civica Software Civica allows remote attackers to execute arbitrary SQL commands via the Entry parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
SQL injection vulnerability in index.php in Digital Signage Xibo 1.4.2 allows remote attackers to execute arbitrary SQL commands via the displayid parameter.
SQL injection vulnerability in admin_check_user.asp in Motionborg Web Real Estate 2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the username field (txtUserName parameter) and possibly other parameters. NOTE: some details were obtained from third party information.
Newsletter Module v3.x was discovered to contain a SQL injection vulnerability via the zemez_newsletter_email parameter at /index.php.
SQL injection vulnerability in PHPFox before 3.6.0 (build4) allows remote attackers to execute arbitrary SQL commands via the search[gender] parameter to user/browse/view_/.
A vulnerability, which was classified as critical, was found in SourceCodester Sentiment Based Movie Rating System 1.0. Affected is an unknown function of the file /classes/Users.php?f=save_client of the component User Registration Handler. The manipulation of the argument email leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Dolibarr ERP/CRM before 5.0.3 is vulnerable to a SQL injection in user/index.php (search_supervisor and search_statut parameters).
WebsiteBaker v2.10.0 has a SQL injection vulnerability in /account/details.php.
Multiple SQL injection vulnerabilities in Free LAN In(tra|ter)net Portal (FLIP) before 1.0-RC3 allow remote attackers to execute arbitrary SQL commands via unspecified vectors. NOTE: some sources mention the escape_sqlData, implode_sql, and implode_sqlIn functions, but these are protection schemes, not the vulnerable functions.
Online Ordering System v2.3.2 was discovered to contain a SQL injection vulnerability via /ordering/admin/inventory/index.php?view=edit&id=.
A vulnerability was found in code-projects Responsive Hotel Site 1.0. It has been classified as critical. Affected is an unknown function of the file index.php. The manipulation of the argument name/phone/email leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Simple Inventory System v1.0 is vulnerable to SQL Injection via /inventory/table_edit_ajax.php.
SQL injection vulnerability in PHPFox before 3.6.0 (build6) allows remote attackers to execute arbitrary SQL commands via the search[sort_by] parameter to user/browse/view_/.
A vulnerability, which was classified as critical, was found in code-projects Hospital Management System 1.0. This affects an unknown part of the file check_availability.php. The manipulation of the argument email leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
SQL injection vulnerability in the Slideshare extension 0.1.0 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
An issue was discovered on Accellion FTA devices before FTA_9_12_180. Because mysql_real_escape_string is misused, seos/courier/communication_p2p.php allows SQL injection with the app_id parameter.
SQL injection vulnerability in Ginkgo CMS 5.0 allows remote attackers to execute arbitrary SQL commands via the rang parameter to index.php.
Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/admin/vehicles/manage_vehicle.php?id=.
Calibre-Web before 0.6.18 allows user table SQL Injection.
A vulnerability was found in code-projects Student Record System 1.0 and classified as critical. This issue affects some unknown processing of the file /marks.php. The manipulation of the argument coursename leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Online Ordering System 2.3.2 is vulnerable to SQL Injection via /ordering/admin/stockin/index.php?view=edit&id=.
SQL injection vulnerability in the CoolURI extension before 1.0.30 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
SQL injection vulnerability in the RSS page (DNNArticleRSS.aspx) in the ZLDNN DNNArticle module before 10.1 for DotNetNuke allows remote attackers to execute arbitrary SQL commands via the categoryid parameter.