A SQL injection vulnerability exists in the “reporting job editor” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.
A vulnerability, which was classified as critical, has been found in PHPGurukul Dairy Farm Shop Management System 1.3. This issue affects some unknown processing of the file edit-category.php. The manipulation of the argument categorycode leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
A SQL injection vulnerability exists in the “network print report” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.
A vulnerability classified as critical was found in PHPGurukul Zoo Management System 2.1. This vulnerability affects unknown code of the file /admin/add-normal-ticket.php. The manipulation of the argument cprice leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
A vulnerability was found in code-projects Voting System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/positions_add.php. The manipulation of the argument description leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
A vulnerability, which was classified as critical, was found in krishna9772 Pharmacy Management System up to a2efc8442931ec9308f3b4cf4778e5701153f4e5. Affected is an unknown function of the file quantity_upd.php. The manipulation of the argument med_name/med_cat/ex_date leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available.
A SQL injection vulnerability exists in the “ticket event report” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.
A SQL injection vulnerability exists in the “reporter events type” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.
SQL injection vulnerability in albums.php in Ace Image Hosting Script allows remote authenticated users to execute arbitrary SQL commands via the id parameter in editalbum mode.
A vulnerability was found in SourceCodester QR Code Bookmark System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /endpoint/delete-bookmark.php?bookmark=1. The manipulation of the argument bookmark leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-260764.
A SQL injection vulnerability exists in the “notes view” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.
A vulnerability was found in PHPGurukul Online Fire Reporting System 1.2 and classified as critical. This issue affects some unknown processing of the file /admin/add-team.php. The manipulation of the argument teammember leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
A SQL injection vulnerability exists in the vendor_state parameter of the “vendor print report” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.
A vulnerability, which was classified as critical, has been found in itsourcecode Employee Management System up to 1.0. Affected by this issue is some unknown functionality of the file /admin/adminprofile.php. The manipulation of the argument AdminName leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
SQL injection vulnerability in db_create.php in phpMyAdmin before 2.11.2.1 allows remote authenticated users with CREATE DATABASE privileges to execute arbitrary SQL commands via the db parameter.
A SQL injection vulnerability exists in the “logging export” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.
A vulnerability was found in Metasoft 美特软件 MetaCRM up to 6.4.2. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file mcc_login.jsp. The manipulation of the argument workerid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
A vulnerability was found in PHPGurukul Online Fire Reporting System 1.2. It has been declared as critical. This vulnerability affects unknown code of the file /admin/workin-progress-requests.php. The manipulation of the argument teamid leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
A vulnerability has been found in PHPGurukul Vehicle Parking Management System 1.13 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /users/view--detail.php. The manipulation of the argument viewid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
A vulnerability classified as critical was found in PHPGurukul Dairy Farm Shop Management System 1.3. This vulnerability affects unknown code of the file edit-company.php. The manipulation of the argument companyname leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
A vulnerability was found in Campcodes Complaint Management System 1.0. It has been classified as critical. This affects an unknown part of the file /users/complaint-details.php. The manipulation of the argument cid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Victor CMS 1.0 is vulnerable to SQL injection via c_id parameter of admin_edit_comment.php, p_id parameter of admin_edit_post.php, u_id parameter of admin_edit_user.php, and edit parameter of admin_update_categories.php.
A vulnerability classified as critical has been found in PHPGurukul Vehicle Parking Management System 1.13. Affected is an unknown function of the file /admin/view-outgoingvehicle-detail.php. The manipulation of the argument viewid leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
A vulnerability, which was classified as critical, was found in code-projects Voting System 1.0. Affected is an unknown function of the file /admin/voters_edit.php. The manipulation of the argument ID leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
A vulnerability classified as critical was found in code-projects Voting System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/positions_row.php. The manipulation of the argument ID leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
CodeProjects Health Care hospital Management System v1.0 was discovered to contain a SQL injection vulnerability in the Staff Info module via the searvalu parameter.
A vulnerability was found in PHPGurukul Online Fire Reporting System 1.2. It has been rated as critical. This issue affects some unknown processing of the file /admin/team-ontheway-requests.php. The manipulation of the argument teamid leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
A vulnerability classified as critical has been found in Beijing Shenzhou Shihan Technology Multimedia Integrated Business Display System up to 8.2. This affects an unknown part of the file /admin/system/structure/getdirectorydata/web/baseinfo/companyManage. The manipulation of the argument Struccture_ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
A SQL injection issue in a database stored function in TrueConf Server 5.2.0.10225 (fixed in 5.2.6.10025) allows a low-privileged database user to execute arbitrary SQL commands as the database administrator, resulting in execution of arbitrary code.
A vulnerability has been found in PHPGurukul Vehicle Parking Management System 1.13 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/bwdates-reports-details.php. The manipulation of the argument fromdate/todate leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
A vulnerability, which was classified as critical, has been found in code-projects Chat System 1.0. Affected by this issue is some unknown functionality of the file /user/send_message.php. The manipulation of the argument msg leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
A vulnerability classified as critical was found in code-projects Chat System 1.0. Affected by this vulnerability is an unknown functionality of the file /user/addmember.php. The manipulation of the argument ID leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
A vulnerability was found in code-projects Chat System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /user/fetch_chat.php. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
A vulnerability, which was classified as critical, was found in PHPGurukul Zoo Management System 2.1. Affected is an unknown function of the file /admin/add-animals.php. The manipulation of the argument cnum leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
ZenTao 16.4 to 18.0.beta1 is vulnerable to SQL injection. After logging in with any user, you can complete SQL injection by constructing a special request and sending it to function importNotice.
A vulnerability was found in code-projects Responsive Blog Site 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /category.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
A vulnerability was found in PHPGurukul Vehicle Parking Management System 1.13. It has been classified as critical. Affected is an unknown function of the file /admin/reg-users.php. The manipulation of the argument del leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
A vulnerability, which was classified as critical, was found in PHPGurukul Online Fire Reporting System 1.2. This affects an unknown part of the file /admin/assigned-requests.php. The manipulation of the argument teamid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
A vulnerability was found in code-projects Responsive Blog Site 1.0. It has been classified as critical. This affects an unknown part of the file /single.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
A vulnerability was found in SourceCodester Best Salon Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /panel/admin-profile.php. The manipulation of the argument adminname leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
A time-based blind SQL Injection vulnerability exists in PHPGurukul Cyber Cafe Management System v1.0 within the adminprofile.php endpoint. The application fails to properly sanitize user-supplied input provided via the adminname parameter, allowing authenticated attackers to inject arbitrary SQL expressions.
The awesome-filterable-portfolio plugin before 1.9 for WordPress has afp_get_new_portfolio_item_page SQL injection via the item_id parameter.
The gigpress plugin before 2.3.11 for WordPress has SQL injection in the admin area, a different vulnerability than CVE-2015-4066.
A vulnerability, which was classified as critical, was found in PHPGurukul Online Library Management System 3.0. This affects an unknown part of the file /admin/student-history.php. The manipulation of the argument stdid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
A vulnerability was found in BoyunCMS up to 1.4.20. It has been declared as critical. This vulnerability affects unknown code of the file application/update/controller/Server.php. The manipulation of the argument phone leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
A vulnerability was found in PHPGurukul User Registration & Login and User Management System 3.3. It has been classified as critical. This affects an unknown part of the file /admin/manage-users.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
PrestaShop module, totadministrativemandate before v1.7.1 was discovered to contain a SQL injection vulnerability.
Mojoomla School Management System for WordPress allows SQL Injection via the id parameter.
A vulnerability was found in PHPGurukul Online Fire Reporting System 1.2. It has been classified as critical. Affected is an unknown function of the file /admin/manage-site.php. The manipulation of the argument webtitle leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
A vulnerability was found in PHPGurukul Zoo Management System 2.1. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/manage-normal-ticket.php. The manipulation of the argument ID leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.