Online Sports Complex Booking System 1.0 is vulnerable to SQL Injection via /scbs/admin/?page=facilities/manage_facility&id=.

SQL injection vulnerability in CyberShop allows remote attackers to execute arbitrary SQL commands and bypass authentication via the username parameter in a login action.

In Hospital-Management-System v1.0, the editid parameter in the doctor.php page is vulnerable to SQL injection attacks.

In Covid 19 Travel Pass Management 1.0, the code parameter is vulnerable to SQL injection attacks.

Multiple SQL injection vulnerabilities in sendcard.php in sendcard before 3.3.0 allow remote attackers to execute arbitrary SQL commands via unspecified parameters.

Ecommerce-project-with-php-and-mysqli-Fruits-Bazar 1.0 is vulnerable to SQL Injection in \search_product.php via the keyword parameters.

Online Sports Complex Booking System 1.0 is vulnerable to SQL Injection via /scbs/admin/categories/manage_category.php?id=.

Water-billing-management-system v1.0 is vulnerable to SQL Injection via /wbms/classes/Master.php?f=delete_client, id

GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. glpi-inventory-plugin is a plugin for GLPI to handle inventory management. In affected versions a SQL injection can be made using package deployment tasks. This issue has been resolved in version 1.0.2. Users are advised to upgrade. Users unable to upgrade should delete the `front/deploypackage.public.php` file if they are not using the `deploy tasks` feature.

Multiple SQL injection vulnerabilities in Concepts & Solutions QuickUpCMS allow remote attackers to execute arbitrary SQL commands via the (1) nr parameter to (a) frontend/news.php, the (2) id parameter to (b) events3.php and (c) videos2.php in frontend/, the (3) y parameter to (d) frontend/events2.php, and the (4) ser parameter to (e) frontend/fotos2.php.

Multiple SQL injection vulnerabilities in AlienVault Open Source Security Information Management (OSSIM) 4.3 and earlier allow remote attackers to execute arbitrary SQL commands via the date_from parameter to (1) radar-iso27001-potential.php, (2) radar-iso27001-A12IS_acquisition-pot.php, (3) radar-iso27001-A11AccessControl-pot.php, (4) radar-iso27001-A10Com_OP_Mgnt-pot.php, or (5) radar-pci-potential.php in RadarReport/.

Merchandise Online Store 1.0 is vulnerable to SQL Injection via /vloggers_merch/classes/Master.php?f=delete_product.

GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. In affected versions all assistance forms (Ticket/Change/Problem) permit sql injection on the actor fields. This issue has been resolved in version 10.0.2 and all affected users are advised to upgrade.

Mingsoft MCMS 5.2.7 was discovered to contain a SQL injection vulnerability in /mdiy/dict/list URI via orderBy parameter.

Calibre-Web before 0.6.18 allows user table SQL Injection.

In HMS 1.0 when requesting appointment.php through POST, multiple parameters can lead to a SQL injection vulnerability.

SQL injection vulnerability in annuaire.php in PHPEasyData 1.5.4 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter.

SQL injection vulnerability in rdr.php in nuevoMailer version 6.0 and earlier allows remote attackers to execute arbitrary SQL commands via the "r" parameter.

Simple Bus Ticket Booking System 1.0 is vulnerable to SQL Injection via /SimpleBusTicket/index.php.

Multiple SQL injection vulnerabilities in Carey Briggs PHP/MYSQL Timesheet 1 and 2 allow remote attackers to execute arbitrary SQL commands via the (1) yr, (2) month, (3) day, and (4) job parameters in (a) index.php and (b) changehrs.php.

SQL injection vulnerability in the SRTT_GET_COUNT_BEFORE_KEY_RFC function in SAP NetWeaver 7.30 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

Insurance Management System 1.0 is vulnerable to SQL Injection via /insurance/editPayment.php?recipt_no=.

Online Sports Complex Booking System 1.0 is vulnerable to SQL Injection via \scbs\classes\Master.php?f=delete_facility.

Covid-19 Travel Pass Management System v1.0 is vulnerable to SQL Injection via /ctpms/classes/Master.php?f=update_application_status

Simple Client Management System 1.0 is vulnerable to SQL Injection via /cms/admin/?page=client/view_client&id=.

Hospital Management System in PHP with Source Code (HMS) 1.0 was discovered to contain a SQL injection vulnerability via the editid parameter in room.php.

Multiple SQL injection vulnerabilities in Maxsi eVisit Analyst allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) idsp1.pl, (2) ip.pl, and (3) einsite_director.pl. NOTE: this issue can be leveraged for path disclosure from resulting error messages.

Food-order-and-table-reservation-system- 1.0 is vulnerable to SQL Injection in categorywise-menu.php via the catid parameters.

SQL injection vulnerability in functions/prepend_adm.php in Nagios Core Config Manager in Nagios XI before 2012R2.4 allows remote attackers to execute arbitrary SQL commands via the tfPassword parameter to nagiosql/index.php.

elitecms v1.01 is vulnerable to SQL Injection via /admin/add_sidebar.php.

School Dormitory Management System v1.0 was discovered to contain a SQL injection vulnerability via the month parameter at /dms/admin/reports/daily_collection_report.php.

SQL injection vulnerability in Hitachi Business Logic - Container 02-03 through 03-00-/B on Windows, and 03-00 through 03-00-/B on Linux, allows remote attackers to execute arbitrary SQL commands via unspecified vectors in the extended receiving box function.

In Home Clean Service System 1.0, the password parameter is vulnerable to SQL injection attacks.

elitecms 1.01 is vulnerable to SQL Injection via /admin/edit_sidebar.php.

Online Sports Complex Booking System 1.0 is vulnerable to SQL Injection via /scbs/admin/?page=user/manage_user&id=.

Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/classes/Master.php?f=delete_cart.

SQL injection vulnerability in article.asp in Battle Blog 1.25 Build 4 and earlier allows remote attackers to execute arbitrary SQL commands via the entry parameter, a different vector than CVE-2008-2626.

School Dormitory Management System 1.0 is vulnerable to SQL Injection via reports/daily_collection_report.php:59.

Insurance Management System 1.0 is vulnerable to SQL Injection via /insurance/editClient.php?client_id=.

Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/classes/Master.php?f=delete_inventory.

Simple Client Management System 1.0 is vulnerable to SQL Injection via /cms/admin/maintenance/manage_service.php?id=.

Mingsoft MCMS v5.2.7 was discovered to contain a SQL injection vulnerability in /mdiy/dict/listExcludeApp URI via orderBy parameter.

Simple Client Management System 1.0 is vulnerable to SQL Injection via \cms\admin?page=client/manage_client&id=.

SQL injection vulnerability in the WatuPRO plugin before 5.5.3.7 for WordPress allows remote attackers to execute arbitrary SQL commands via the watupro_questions parameter in a watupro_submit action to wp-admin/admin-ajax.php.

SQL injection vulnerability in login.php in OtomiGenX 2.2 allows remote attackers to execute arbitrary SQL commands via the userAccount parameter (aka the User Name field) to index.php. NOTE: some of these details are obtained from third party information.

SQL injection vulnerability in Login_Validate.asp in ASPSurvey 1.10 allows remote attackers to execute arbitrary SQL commands via the Password parameter to login.asp.

SQL injection vulnerability in the Library for Frontend Plugins (aka sg_zfelib) extension 1.1.512 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified "user input."

Simple Client Management System 1.0 is vulnerable to SQL Injection via /cms/classes/Master.php?f=delete_service.

SQL injection vulnerability in poll_frame.php in Vote! Pro 4.0 and earlier allows remote attackers to execute arbitrary SQL commands via the poll_id parameter.