Multiple SQL injection vulnerabilities via the username and password parameters in the Admin panel of Directory Management System v1.0 allows attackers to bypass authentication.
SQL injection vulnerability in the WikiWiki module before 6.x-1.2 for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CSZ CMS 1.2.2 is vulnerable to SQL Injection via cszcms_admin_Users_editUser
Employee Performance Evaluation v1.0 was discovered to contain a SQL injection vulnerability via the email parameter.
A SQL injection vulnerability exists in Microfinance Management System 1.0 when MySQL is being used as the application database. An attacker can issue SQL commands to the MySQL database through the vulnerable course_code and/or customer_number parameter.
Simple Real Estate Portal System v1.0 was discovered to contain a SQL injection vulnerability via /reps/classes/Master.php?f=delete_type.
CSZ CMS 1.2.2 is vulnerable to SQL Injection via cszcms_admin_Members_editUser
Wuzhicms v4.1.0 was discovered to contain a SQL injection vulnerability via the groupid parameter at /coreframe/app/member/admin/group.php.
Simple Real Estate Portal System v1.0 was discovered to contain a SQL injection vulnerability via /reps/classes/Master.php?f=delete_amenity.
An Unauthenticated time-based blind SQL injection vulnerability exists in Forma LMS prior to v.1.4.3.
WUZHI CMS 4.1.0 has SQL Injection via an api/sms_check.php?param= URI.
Simple Real Estate Portal System v1.0 was discovered to contain a SQL injection vulnerability via /reps/classes/Master.php?f=delete_estate.
Apache Superset before 1.4.2 is vulnerable to SQL injection in chart data requests. Users should update to 1.4.2 or higher which addresses this issue.
Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the patient_contact parameter in patientsearch.php.
Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the adminname parameter in admin.php.
Student Grading System v1.0 was discovered to contain a SQL injection vulnerability via /student-grading-system/rms.php?page=grade.
Link-Admin v0.0.1 was discovered to contain a SQL injection vulnerability via DictRest.ResponseResult().
SQL injection vulnerability in the ElearningForce Flash Magazine Deluxe (com_flashmagazinedeluxe) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the mag_id parameter in a magazine action to index.php.
Multiple SQL injection vulnerabilities in the Hotel Booking Reservation System (aka HBS) for Joomla! allow remote attackers to execute arbitrary SQL commands via the id parameter in a showhoteldetails action to index.php in the (1) com_allhotels or (2) com_5starhotels module. NOTE: some of these details are obtained from third party information.
Online Ordering System v2.3.2 was discovered to contain a SQL injection vulnerability via /ordering/index.php?q=category&search=.
Student Grading System v1.0 was discovered to contain a SQL injection vulnerability via the user parameter.
SQL injection vulnerability in Topics Counting feature of Roothub 2.6.0 allows unauthorized attackers to execute arbitrary SQL commands via the "s" parameter remotely.
Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/admin/?page=bookings/view_details&id=.
zbzcms v1.0 was discovered to contain a SQL injection vulnerability via the art parameter at /include/make.php.
SpringBlade v3.2.0 and below was discovered to contain a SQL injection vulnerability via the component customSqlSegment.
SQL injection vulnerability in Default.asp in LinksPro Standard Edition allows remote attackers to execute arbitrary SQL commands via the OrderDirection parameter.
SQL injection vulnerability in index.php in the Recipes module 1.3, 1.4, and possibly other versions for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the recipeid parameter.
A flaw was found in Opendaylight's SDNInterfaceapp (SDNI). Attackers can SQL inject the component's database (SQLite) without authenticating to the controller or SDNInterfaceapp. SDNInterface has been deprecated in OpenDayLight since it was last used in the final Carbon series release. In addition to the component not being included in OpenDayLight in newer releases, the SDNInterface component is not packaged in the opendaylight package included in RHEL.
SQL injection vulnerability in includes/content/cart.inc.php in CubeCart PHP Shopping cart 4.3.4 through 4.3.9 allows remote attackers to execute arbitrary SQL commands via the shipKey parameter to index.php.
Purchase Order Management System v1.0 was discovered to contain a SQL injection vulnerability via /purchase_order/classes/Master.php?f=delete_supplier.
Insurance Management System 1.0 was discovered to contain a SQL injection vulnerability via the username parameter.
CuppaCMS v1.0 was discovered to contain a SQL injection vulnerability via /administrator/alerts/alertLightbox.php.
Atom.CMS 2.0 is vulnerable to SQL Injection via Atom.CMS_admin_ajax_blur-save.php
SQL injection vulnerability in vedi_faq.php in PHP Trouble Ticket 2.2 allows remote attackers to execute arbitrary SQL commands via the id parameter.
Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/admin/services/view_service.php?id=.
SQL injection vulnerability in the Sophos Cyberoam CR500iNG-XP firewall appliance with CyberoamOS 10.6.2 MR-1 and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter to login.xml.
SQL injection vulnerability in FlexCMS allows remote attackers to execute arbitrary SQL commands via the catId parameter.
A flaw has been found in code-projects Online Bidding System 1.0. Affected is an unknown function of the file /administrator/remove.php. This manipulation of the argument ID causes sql injection. It is possible to initiate the attack remotely. The exploit has been published and may be used.
SQL injection vulnerability in index.php in Community CMS 0.4 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
Purchase Order Management System v1.0 was discovered to contain a SQL injection vulnerability via /purchase_order/classes/Master.php?f=delete_item.
Movie Seat Reservation v1 was discovered to contain a SQL injection vulnerability at /index.php?page=reserve via the id parameter.
SQL injection vulnerability in Topics Searching feature of Roothub 2.6.0 allows unauthorized attackers to execute arbitrary SQL commands via the "s" parameter remotely.
Chamilo LMS v1.11.13 was discovered to contain a SQL injection vulnerability via the blog_id parameter at /blog/blog.php.
A vulnerability has been found in PHPGurukul Online Course Registration 3.1. Affected is an unknown function of the file /admin/semester.php. The manipulation of the argument semester leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
A weakness has been identified in code-projects Online Event Judging System 1.0. This impacts an unknown function of the file /home.php. Executing manipulation of the argument main_event can lead to sql injection. The attack may be performed from remote. The exploit has been made available to the public and could be exploited.
Student Grading System v1.0 was discovered to contain a SQL injection vulnerability via /student-grading-system/rms.php?page=school_year.
SQL injection vulnerability in subscribe.php in Pilot Group (PG) eLMS Pro allows remote attackers to execute arbitrary SQL commands via the course_id parameter.
Student Grading System v1.0 was discovered to contain a SQL injection vulnerability via /student-grading-system/rms.php?page=student_p&id=.
JFinalCMS v2.0 was discovered to contain a SQL injection vulnerability via the Article Management function.
Explore CMS v1.0 was discovered to contain a SQL injection vulnerability via a /page.php?id= request.