The Alfresco application before 1.8.7 for Android allows SQL injection in HistorySearchProvider.java.

A weakness has been identified in Campcodes Online Loan Management System 1.0. The impacted element is an unknown function of the file /ajax.php?action=delete_borrower. This manipulation of the argument ID causes sql injection. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be exploited.

Multiple SQL injection vulnerabilities in Mobilelib GOLD 3 allow remote attackers to execute arbitrary SQL commands via the (1) adminName parameter to cp/auth.php, (2) cid parameter to artcat.php, and (3) catid parameter to show.php.

A vulnerability was found in SourceCodester Airline Ticket Reservation System 1.0. It has been rated as critical. This issue affects some unknown processing of the file activate_jet_details_form_handler.php. The manipulation of the argument jet_id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-259451.

SQL injection vulnerability in the RokModule (com_rokmodule) component 1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the moduleid parameter in a raw action to index.php.

A vulnerability was detected in itsourcecode Apartment Management System 1.0. The affected element is an unknown function of the file /unit/addunit.php. Performing manipulation of the argument ID results in sql injection. The attack can be initiated remotely. The exploit is now public and may be used.

SQL injection vulnerability in the SermonSpeaker (com_sermonspeaker) component before 3.2.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a speakerpopup action to index.php. NOTE: some of these details are obtained from third party information.

XM^online 2 User Account and Authentication server 1.0.0 allows SQL injection via a tenant key.

Vulnerability in Fidelis Network and Deception CommandPost enables unauthenticated SQL injection through the web interface. The vulnerability could lead to exposure of authentication tokens in some versions of Fidelis software. The vulnerability is present in Fidelis Network and Deception versions prior to 9.3.7 and in version 9.4. Patches and updates are available to address this vulnerability.

SQL injection vulnerability in the Newsfeeds (com_newsfeeds) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the feedid parameter in a categories action to index.php.

SQL injection vulnerability in the Meet Travelmates (travelmate) extension 0.1.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

SQL injection vulnerability in the Cookex Agency CKForms (com_ckforms) component 1.3.3 for Joomla! allows remote attackers to execute arbitrary SQL commands via the fid parameter in a detail action to index.php.

A vulnerability, which was classified as critical, has been found in code-projects Exam Form Submission 1.0. Affected by this issue is some unknown functionality of the file /user/dashboard.php. The manipulation of the argument phone leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

SQL injection vulnerability in the Brainstorming extension 0.1.8 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

SQL injection vulnerability in index.php in Systemsoftware Community Black Forum allows remote attackers to execute arbitrary SQL commands via the s_flaeche parameter.

SQL injection vulnerability in makale.php in tekno.Portal 0.1b allows remote attackers to execute arbitrary SQL commands via the id parameter, a different vector than CVE-2006-2817.

SQL injection vulnerability in index.php in AJ Shopping Cart 1.0 allows remote attackers to execute arbitrary SQL commands via the maincatid parameter in a showmaincatlanding action.

SQL injection vulnerability in request_account.php in Billwerx RC 5.2.2 PL2 allows remote attackers to execute arbitrary SQL commands via the primary_number parameter.

SQL injection vulnerability in the Simple Gallery (sk_simplegallery) extension 0.0.9 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

SQL injection vulnerability in vedi_faq.php in PHP Trouble Ticket 2.2 allows remote attackers to execute arbitrary SQL commands via the id parameter.

SQL injection vulnerability in index.php in phpMySite allows remote attackers to execute arbitrary SQL commands via the action parameter.

SQL injection vulnerability in auktion.php in Multi Auktions Komplett System 2 allows remote attackers to execute arbitrary SQL commands via the id_auk parameter.

A vulnerability has been found in code-projects Vehicle Management 1.0 and classified as critical. This vulnerability affects unknown code of the file /edit1.php. The manipulation of the argument sno leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

A vulnerability, which was classified as critical, has been found in code-projects Simple Art Gallery 1.0. Affected by this issue is some unknown functionality of the file /Admin/registration.php. The manipulation of the argument fname leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

A SQL injection vulnerability in the method Terrasoft.Core.DB.Column.Const() in Terrasoft Bpm'online CRM-System SDK 7.13 allows attackers to execute arbitrary SQL commands via the value parameter.

SQL injection vulnerability in the CleanDB - DBAL (tmsw_cleandb) extension 2.1.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

FredReinink Wellness-app before 2019-06-19 allows SQL injection, related to dietTrack.php, exerciseGenerator.php, fitnessTrack.php, and server.php.

Observational Health Data Sciences and Informatics (OHDSI) WebAPI before 2.7.2 allows SQL injection in FeatureExtractionService.java.

FlashLingo before 2019-06-12 allows SQL injection, related to flashlingo.js and db.js.

The ninja-forms plugin before 3.3.21.2 for WordPress has SQL injection in the search filter on the submissions page.

SQL injection vulnerability in product.html in B2B Gold Script allows remote attackers to execute arbitrary SQL commands via the id parameter.

SQL injection vulnerability in the Online News Paper Manager (com_jnewspaper) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the cid parameter to index.php. NOTE: some of these details are obtained from third party information.

SQL injection vulnerability in the Keep It Simple Stupid (KISS) Software Advertiser (com_ksadvertiser) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the pid parameter in a showcats action to index.php.

A vulnerability was found in itsourcecode Online Tour and Travel Management System 1.0. This affects an unknown part of the file /admin/expense_report.php. The manipulation of the argument from_date leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

SQL injection vulnerability in modules.php in the Current_Issue module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the id parameter in a summary action.

The proxystatistics module before 3.1.0 for SimpleSAMLphp allows SQL Injection in lib/Auth/Process/DatabaseCommand.php.

SQL injection vulnerability in the powermail extension 1.5.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors related to the "SQL selection field" and "typoscript."

A vulnerability was identified in projectworlds Travel Management System 1.0. This affects an unknown part of the file /updatepackage.php. The manipulation of the argument s1 leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

SQL injection vulnerability in the Helpdesk (mg_help) extension 1.1.6 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

A vulnerability classified as critical was found in PHPGurukul Local Services Search Engine Management System 2.1. Affected by this vulnerability is an unknown functionality of the file /admin/changeimage.php. The manipulation of the argument editid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Multiple SQL injection vulnerabilities in Employee Timeclock Software 0.99 allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameter to (a) auth.php or (b) login_action.php.

A vulnerability, which was classified as critical, has been found in SourceCodester Online Library System 1.0. This issue affects some unknown processing of the file admin/login.php. The manipulation of the argument user_email leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-259463.

SQL injection vulnerability in player.php in Left 4 Dead (L4D) Stats 1.1 allows remote attackers to execute arbitrary SQL commands via the steamid parameter.

SQL injection vulnerability in index.php in OpenCart 1.3.2 allows remote attackers to execute arbitrary SQL commands via the page parameter.

A vulnerability was found in code-projects Exam Form Submission 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/update_s1.php. The manipulation of the argument credits leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

SQL injection vulnerability in the User Links (vm19_userlinks) extension 0.1.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

SQL injection vulnerability in news.php in Ero Auktion 2.0 and 2010 allows remote attackers to execute arbitrary SQL commands via the id parameter.

SQL injection vulnerability in cplphoto.php in the Copperleaf Photolog plugin 0.16, and possibly earlier, for WordPress allows remote attackers to execute arbitrary SQL commands via the postid parameter.