SQL injection vulnerability in poll_frame.php in Vote! Pro 4.0 and earlier allows remote attackers to execute arbitrary SQL commands via the poll_id parameter.

Simple Client Management System 1.0 is vulnerable to SQL Injection via /cms/classes/Master.php?f=delete_client.

Wedding Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /Wedding-Management/package_detail.php.

Simple Client Management System 1.0 is vulnerable to SQL Injection via /cms/classes/Master.php?f=delete_invoice.

Multiple SQL injection vulnerabilities via the username and password parameters in the Admin panel of Dairy Farm Shop Management System v1.0 allows attackers to bypass authentication.

SQL injection vulnerability in news.asp in Mini-Nuke CMS System 1.8.2 and earlier allows remote attackers to execute arbitrary SQL commands via the hid parameter.

Artica Pandora FMS before 743 allows unauthenticated attackers to conduct SQL injection attacks via the pandora_console/include/chart_generator.php session_id parameter.

NETGEAR ProSafe SSL VPN firmware FVS336Gv2 and FVS336Gv3 was discovered to contain a SQL injection vulnerability via USERDBDomains.Domainname at cgi-bin/platform.cgi.

SQL injection vulnerability in index.php in BlogPHP 1.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands and bypass authentication via the username parameter in a login action.

Online Food Ordering System v1.0 was discovered to contain a SQL injection vulnerability via the Search parameter at /online-food-order/food-search.php.

Money Transfer Management System 1.0 is vulnerable to SQL Injection via \mtms\classes\Master.php?f=delete_fee.

SQL injection vulnerability in view/objectDetail.php in Project'Or RIA 3.4.0 allows remote attackers to execute arbitrary SQL commands via the objectId parameter.

SQL injection vulnerability in linking.page.php in Automated Link Exchange Portal allows remote attackers to execute arbitrary SQL commands via the cat_id parameter. NOTE: linking.page.php is commonly renamed to link.php, links.php, etc.

Multiple SQL injection vulnerabilities in IMGallery 2.5, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) kategoria parameter to (a) galeria.php and the (2) id_phot parameter to (b) popup/koment.php and (c) popup/opis.php in, different vectors than CVE-2006-3163.

SQL injection vulnerability in escribir.php in Foro Domus 2.10 allows remote attackers to execute arbitrary SQL commands via the email parameter. NOTE: the provenance of this information is unknown, although it may be based on post-disclosure analysis of CVE-2006-0110; the details are obtained solely from third party information.

Simple Machine Forum (SMF) versions 1.0.4 and earlier have an SQL injection vulnerability that allows remote attackers to inject arbitrary SQL statements.

Multiple SQL injection vulnerabilities in Angelo-Emlak 1.0 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) hpz/profil.asp and (2) hpz/prodetail.asp.

The server.php test script in ADOdb for PHP before 4.70, as used in multiple products including (1) Mantis, (2) PostNuke, (3) Moodle, (4) Cacti, (5) Xaraya, (6) PHPOpenChat, (7) MAXdev MD-Pro, and (8) MediaBeez, when the MySQL root password is empty, allows remote attackers to execute arbitrary SQL commands via the sql parameter.

SQL injection vulnerability in the com_listing component in Barter Sites component 1.3 for Joomla! allows remote attackers to execute arbitrary SQL commands via the category_id parameter to index.php.

In Archibus Web Central before 26.2, multiple SQL Injection vulnerabilities occur in dwr/call/plaincall/workflow.runWorkflowRule.dwr. Through the injection of arbitrary SQL statements, a potential attacker can modify query syntax and perform unauthorized (and unexpected) operations against the remote database. This is fixed in all recent versions, such as version 26.2.

SQL injection vulnerability in MusicBox 2.3 allows remote attackers to execute arbitrary SQL commands via the (1) show and (2) type parameter. NOTE: the provenance of this information is unknown, although it was later rediscovered.

SQL injection vulnerability in index.php in DZOIC Handshakes 3.5 allows remote attackers to execute arbitrary SQL commands via the fname parameter in a members search action.

SQL Injection (SQLi) vulnerability in Mufeng's Hermit 音乐播放器 plugin <= 3.1.6 on WordPress allows attackers to execute SQLi attack via (&id).

In OpenLDAP 2.x before 2.5.12 and 2.6.x before 2.6.2, a SQL injection vulnerability exists in the experimental back-sql backend to slapd, via a SQL statement within an LDAP query. This can occur during an LDAP search operation when the search filter is processed, due to a lack of proper escaping.

SQL injection vulnerability in WebDB 1.1 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified search parameters, possibly Search0. NOTE: the vendor has disputed this issue, saying that "WebDB is a generic online database system used by many of the clients of Lois Software. The flaw that was identified was some code that was added for a client to do some testing of his system and only certain safe commands were allowed. This code has now been removed and it is not now possible to use SQL queries as part of the query string. No installation or patch is required All clients use a common code library and have their own front end and databases and connections. So as soon as a change / upgrade / enhancement is made to the code, all users of the software begin to use the latest changes immediately." Since the issue appeared in a custom web site and no action is required on the part of customers, this issue should not be included in CVE

New Relic .NET Agent before 6.3.123.0 adds SQL injection flaws to safe applications via vectors involving failure to escape quotes during use of the Slow Queries feature, as demonstrated by a mishandled quote in a VALUES clause of an INSERT statement, after bypassing a SET SHOWPLAN_ALL ON protection mechanism.

Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the delid parameter at viewtreatmentrecord.php.

SQL injection vulnerability in the search function in Plexum PLEXCART X3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, possibly involving the (1) s_itemname and (2) s_orderby parameters to plexcart.pl.

Online Sports Complex Booking System 1.0 is vulnerable to SQL Injection via /scbs/classes/Users.php?f=delete_client.

Multiple SQL injection vulnerabilities in PHP Address Book 3.1.5 and earlier allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) view.php and (2) edit.php. NOTE: it was later reported that 4.0.x is also affected.

CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the id parameter at /admin.php/pic/admin/pic/del.

SQL injection vulnerability in property_listings_detail.php in Real Estate PHP Script allows remote attackers to execute arbitrary SQL commands via the listingid parameter.

The SemanticDrilldown extension for MediaWiki through 1.37.2 (before e688bdba6434591b5dff689a45e4d53459954773) allows SQL injection with certain '-' and '_' constraints.

SQL injection vulnerability in the News module in Envolution allows remote attackers to execute arbitrary SQL commands via the (1) startrow and (2) catid parameter.

Multiple SQL injection vulnerabilities in ajaxfs.php in the Ajax forum stat (Ajaxfs) Plugin 2.0 for MyBB (aka MyBulletinBoard) allow remote attackers to execute arbitrary SQL commands via the (1) tooltip or (2) usertooltip parameter.

SQL injection vulnerability in bb_admin.php in miniBB 2.2a allows remote attackers to execute arbitrary SQL commands via the whatus parameter in a searchusers2 action. NOTE: it was later reported that other versions before 3.0.1 are also vulnerable.

SQL injection vulnerability in CitySoft Community Enterprise 4.x allows remote attackers to execute arbitrary SQL commands via the (1) nodeID, (2) pageID, (3) ID, and (4) parentid parameter to index.cfm; and (5) documentFormatId parameter to document/docWindow.cfm.

Money Transfer Management System 1.0 is vulnerable to SQL Injection via /mtms/admin/?page=transaction/send&id=, id.

A vulnerability has been found in SourceCodester Online Jewelry Store 1.0 and classified as critical. This vulnerability affects unknown code of the file login.php. The manipulation of the argument username/password leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-235606 is the identifier assigned to this vulnerability.

SQL injection vulnerability in userreg.php in CaLogic Calendars 1.2.2 allows remote attackers to execute arbitrary SQL commands via the langsel parameter.

SQL injection vulnerability in the LifeType (formerly pLog) module for Drupal allows remote attackers to execute arbitrary SQL commands via the albumId parameter in a ViewAlbum action to index.php.

Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via /admin/inbox.php&action=read&msgid=.

Sourcecodester Covid-19 Directory on Vaccination System 1.0 is vulnerable to SQL Injection via cmdcategory.

Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via /admin/uesrs.php&action=type&userrole=User&userid=.

EmpireCMS 7.5 has a SQL injection vulnerability in AdClass.php

SQL injection vulnerability in index.php in Easy Webstore 1.2 allows remote attackers to execute arbitrary SQL commands via the cat_path parameter.

Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter.

Simple Real Estate Portal System v1.0 was discovered to contain a SQL injection vulnerability via /reps/classes/Master.php?f=delete_type.

Sourcecodester Covid-19 Directory on Vaccination System1.0 is vulnerable to SQL Injection via the admin/login.php txtusername (aka Username) field.