SQL injection vulnerability in index.php in KuwaitPHP eSmile allows remote attackers to execute arbitrary SQL commands via the cid parameter in a show action.
SQL Injection vulnerability in mobiquo/lib/classTTForum.php in the Tapatalk plugin before 4.5.8 for MyBB allows an unauthenticated remote attacker to inject arbitrary SQL commands via an XML-RPC encoded document sent as part of the user registration process.
SQL injection vulnerability in leggi.php in geccBBlite 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
SQL injection vulnerability in bannerclick.php in ZEELYRICS 2.0 allows remote attackers to execute arbitrary SQL commands via the adid parameter.
A vulnerability has been found in SourceCodester Hotel and Lodge Management System 1.0. Affected is an unknown function of the file /edit_curr.php. Such manipulation of the argument currsymbol leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Multiple SQL injection vulnerabilities in the Content Timeline plugin 4.4.2 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) timeline parameter in content_timeline_class.php; or the id parameter to (2) pages/content_timeline_edit.php or (3) pages/content_timeline_index.php.
SQL injection vulnerability in view_news.php in Vastal I-Tech Share Zone allows remote attackers to execute arbitrary SQL commands via the id parameter.
A vulnerability was identified in Campcodes Online Learning Management System 1.0. This issue affects some unknown processing of the file /admin/edit_department.php. The manipulation of the argument d leads to sql injection. It is possible to initiate the attack remotely. The exploit is publicly available and might be used.
DedeCMS v5.7.87 was discovered to contain a SQL injection vulnerability in article_coonepage_rule.php via the ids parameter.
A flaw has been found in Tiandy Easy7 CMS Windows 7.17.0. Impacted is an unknown function of the file /Easy7/apps/WebService/GetDBData.jsp. This manipulation of the argument strTBName causes sql injection. The attack may be initiated remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
In osTicket before 1.10.1, SQL injection is possible by constructing an array via use of square brackets at the end of a parameter name, as demonstrated by the key parameter to file.php.
A SQL injection vulnerability exists in all Orpak SiteOmat versions prior to 2017-09-25. The vulnerability is in the login page, where the authentication validation process contains an insecure SELECT query. The attack allows for authentication bypass.
In TypeStack class-validator 0.10.2, validate() input validation can be bypassed because certain internal attributes can be overwritten via a conflicting name. Even though there is an optional forbidUnknownValues parameter that can be used to reduce the risk of this bypass, this option is not documented and thus most developers configure input validation in the vulnerable default manner. With this vulnerability, attackers can launch SQL Injection or XSS attacks by injecting arbitrary malicious input. NOTE: a software maintainer agrees with the "is not documented" finding but suggests that much of the responsibility for the risk lies in a different product.
SQL injection vulnerability in Cash Back Comparison Script 1.0 allows remote attackers to execute arbitrary SQL commands via the PATH_INFO to search/.
E-Sic 1.0 allows SQL injection via the q parameter to esiclivre/restrito/inc/lkpcep.php (aka the search private area).
A security vulnerability has been detected in code-projects Project Management System 1.0. Affected is an unknown function of the file chk.php of the component Login. The manipulation leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be used.
Multiple SQL injection vulnerabilities in Vanilla Forums before 2.0.18.8 allow remote attackers to execute arbitrary SQL commands via the parameter name in the Form/Email array to (1) entry/signin or (2) entry/passwordrequest.
SQL Injection exists in the Saxum Astro 4.0.14 component for Joomla! via the publicid parameter.
SQL injection vulnerability in index.php in Live TV Script allows remote attackers to execute arbitrary SQL commands via the mid parameter.
SQL Injection exists in zorovavi/blog through 2017-10-17 via the id parameter to recept.php.
A vulnerability was determined in PHPGurukul Beauty Parlour Management System 1.1. This issue affects some unknown processing of the file /admin/manage-services.php. Executing a manipulation of the argument delid can lead to sql injection. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized.
The EyesOfNetwork web interface (aka eonweb) 5.1-0 has SQL injection via the term parameter to module/admin_group/search.php.
SQL injection vulnerability in listings.php in E-Php B2B Trading Marketplace Script allows remote attackers to execute arbitrary SQL commands via the cid parameter in a product action.
The FormCraft Basic plugin 1.0.5 for WordPress has SQL injection in the id parameter to form.php.
A vulnerability has been found in itsourcecode Courier Management System 1.0. Impacted is an unknown function of the file /manage_user.php. Such manipulation of the argument ID leads to sql injection. The attack may be performed from remote. The exploit has been disclosed to the public and may be used.
SQL injection vulnerability in don/list.php in Dolibarr version 6.0.0 allows remote attackers to execute arbitrary SQL commands via the statut parameter.
A security flaw has been discovered in itsourcecode Free Hotel Reservation System 1.0. The affected element is an unknown function of the file /hotel/admin/mod_amenities/index.php?view=edit. Performing a manipulation of the argument amen_id/rmtype_id results in sql injection. The attack is possible to be carried out remotely. The exploit has been released to the public and may be used for attacks.
SQL injection vulnerability in BigAntSoft BigAnt IM Message Server allows remote attackers to execute arbitrary SQL commands via an SHU (aka search user) request.
A vulnerability was identified in code-projects Vehicle Showroom Management System 1.0. Impacted is an unknown function of the file /util/StaffDetailsFunction.php. Such manipulation of the argument STAFF_ID leads to sql injection. The attack can be launched remotely. The exploit is publicly available and might be used.
A vulnerability was identified in itsourcecode University Management System 1.0. Affected by this issue is some unknown functionality of the file /add_result.php. Such manipulation of the argument subject leads to sql injection. The attack may be launched remotely. The exploit is publicly available and might be used.
SQL injection vulnerability in lyrics_song.php in the Lyrics (lyrics_menu) plugin 0.42 for e107 allows remote attackers to execute arbitrary SQL commands via the l_id parameter. NOTE: some of these details are obtained from third party information.
SQL Injection exists in tianchoy/blog through 2017-09-12 via the id parameter to view.php.
SQL injection vulnerability in ndetail.php in Shahrood allows remote attackers to execute arbitrary SQL commands via the id parameter.
An SQL Injection vulnerability in HP ArcSight ESM and HP ArcSight ESM Express, in any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1. This vulnerability could be exploited remotely to allow SQL injection.
A vulnerability was identified in itsourcecode Electronic Judging System 1.0. Impacted is an unknown function of the file /admin/delete_judge.php. Such manipulation of the argument judge_id leads to sql injection. The attack can be executed remotely. The exploit is publicly available and might be used.
A flaw has been found in Reservation Online Hotel Reservation System 1.0. Affected by this vulnerability is an unknown functionality of the file /reservation/paypalpayout.php. Executing manipulation of the argument confirm can lead to sql injection. The attack may be launched remotely. The exploit has been published and may be used.
SQL injection vulnerability exists in the password reset functionality of OS4Ed openSIS 7.3. The password_stf_email parameter in the password reset page /opensis/ResetUserInfo.php is vulnerable to SQL injection. An attacker can send an HTTP request to trigger this vulnerability.
NexusPHP 1.5.beta5.20120707 has SQL Injection in forummanage.php via the sort parameter in an addforum action.
A vulnerability was found in itsourcecode Baptism Information Management System 1.0. This impacts an unknown function of the file /rptbaptismal.php. The manipulation of the argument ID results in sql injection. The attack may be performed from remote. The exploit has been made public and could be used.
SQL injection vulnerability in ZAPms 1.41 and earlier allows remote attackers to execute arbitrary SQL commands via the pid parameter to product.
A flaw has been found in SourceCodester Pharmacy Sales and Inventory System 1.0. Impacted is an unknown function of the file /ajax.php?action=delete_sales. This manipulation of the argument ID causes sql injection. It is possible to initiate the attack remotely. The exploit has been published and may be used.
SQL injection vulnerability in show_series_ink.php in Vastal I-Tech Toner Cart allows remote attackers to execute arbitrary SQL commands via the id parameter.
SQL injection vulnerability in admin/menus/edit.php in Dolibarr ERP/CRM version 6.0.0 allows remote attackers to execute arbitrary SQL commands via the menuId parameter.
SQL injection vulnerability in index.php in sweetCMS 1.5.2 allows remote attackers to execute arbitrary SQL commands via the page parameter.
SQL injection vulnerability in tr.php in YourFreeWorld Autoresponder Hosting Script allows remote attackers to execute arbitrary SQL commands via the id parameter.
SQL injection vulnerability in default.asp in ATCOM Netvolution 1.0 ASP allows remote attackers to execute arbitrary SQL commands via the bpe_nid parameter.
SQL Injection exists in the EyesOfNetwork web interface (aka eonweb) 5.1-0 via the user_id cookie to header.php, a related issue to CVE-2017-1000060.
A vulnerability, which was classified as critical, was found in PHPGurukul Emergency Ambulance Hiring Portal 1.0. Affected is an unknown function of the file /admin/about-us.php. The manipulation of the argument pagedes leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
A security vulnerability has been detected in code-projects Vehicle Showroom Management System 1.0. This issue affects some unknown processing of the file /util/UpdateVehicleFunction.php. The manipulation of the argument VEHICLE_ID leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used.
SQL injection vulnerability in the Responsive Image Gallery plugin before 1.2.1 for WordPress allows remote attackers to execute arbitrary SQL commands via the "id" parameter in an add_edit_theme task in the wpdevart_gallery_themes page to wp-admin/admin.php.