SQL injection vulnerability in the Accessibility Glossary (a21glossary) extension 0.4.10 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
SQL injection vulnerability in detail.php in the Dictionary module for XOOPS 2.0.18 allows remote attackers to execute arbitrary SQL commands via the id parameter.
SQL injection vulnerability in the Tour Extension (pm_tour) extension before 0.0.13 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
SQL injection vulnerability in Basic Analysis and Security Engine (BASE) before 1.4.4 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
SQL injection vulnerability in boardrule.php in DVBBS 2.0 allows remote attackers to execute arbitrary SQL commands via the groupboardid parameter.
Multiple SQL injection vulnerabilities in Valarsoft Webmatic before 3.0.3 allow remote attackers to execute arbitrary SQL commands via unspecified vectors, a different issue than CVE-2008-2925.
A security flaw has been discovered in code-projects Human Resource Integrated System 1.0. This impacts an unknown function of the file /login_timeee.php. Performing manipulation of the argument emp_id results in sql injection. The attack may be initiated remotely. The exploit has been released to the public and may be exploited.
Multiple SQL injection vulnerabilities in Community CMS 0.5 allow remote attackers to execute arbitrary SQL commands via the (1) article_id parameter to view.php and the (2) a parameter in an event action to calendar.php, reachable through index.php.
SQL injection vulnerability in admin.link.modify.php in Million Dollar Text Links 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
Multiple SQL injection vulnerabilities in the ExecuteQueries function in private/system/classes/listfactory.class.php in glFusion 1.1.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) order and (2) direction parameters to search.php.
SQL injection vulnerability in hotel_tiempolibre_ext.php in Venalsur Booking Centre Booking System for Hotels Group, when magic_quotes_gpc is enabled, allows remote attackers to execute arbitrary SQL commands via the NoticiaID parameter and other unspecified vectors.
SQL injection vulnerability in the get_hash_graph_template function in lib/functions.php in Cacti before 0.8.8d allows remote attackers to execute arbitrary SQL commands via the graph_template_id parameter to graph_templates.php.
SQL injection vulnerability in SAP ASE Database Platform allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka SAP Security Notes: 2152278.
A vulnerability was found in SourceCodester COVID 19 Testing Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /profile.php. The manipulation of the argument mobilenumber leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.
SQL injection vulnerability in base_ag_common.php in Basic Analysis and Security Engine (BASE) before 1.4.3.1 allows remote attackers to execute arbitrary SQL commands via unspecified parameters. NOTE: some of these details are obtained from third party information.
SQL injection vulnerability in x/login in JungleScripts Ajax Short Url Script allows remote attackers to execute arbitrary SQL commands via the username parameter.
SQL Injection vulnerability exists in Wuzhi CMS 4.1.0 via the keywords iparameter under the /coreframe/app/order/admin/card.php file.
A vulnerability was found in projectworlds Travel Management System 1.0. This issue affects some unknown processing of the file /detail.php. The manipulation of the argument pid results in sql injection. The attack can be executed remotely. The exploit has been made public and could be used.
SQL injection vulnerability in the Store Locator extension before 1.2.8 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
SQL injection vulnerability in the os_news module in Open-school (OS) 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter in a show action to index.php.
SQL injection vulnerability in search.php in phpDirectorySource 1.x allows remote attackers to execute arbitrary SQL commands via the st parameter.
SQL injection vulnerability in the Event Registration (event_registr) extension 1.0.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
SQL injection vulnerability in index.php in Tukanas Classifieds (aka EasyClassifieds) Script 1.0 allows remote attackers to execute arbitrary SQL commands via the b parameter.
SQL injection vulnerability in Sourcecodester Storage Unit Rental Management System v1 by oretnom23, allows attackers to execute arbitrary SQL commands via the username parameter to /storage/classes/Login.php.
A vulnerability was determined in 1000 Projects Sales Management System 1.0. This vulnerability affects unknown code of the file /superstore/admin/sales.php. The manipulation of the argument ssalescat leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Multiple SQL injection vulnerabilities in Diskos CMS 6.x allow remote attackers to execute arbitrary SQL commands via the (1) kat parameter to side.asp, and the (2) brugerid and (3) password fields to the administration login feature.
Multiple SQL injection vulnerabilities in cource.php in AlefMentor 2.0 and 2.2 allow remote attackers to execute arbitrary SQL commands via the (1) cont_id and (2) courc_id parameters in a pregled action. NOTE: some of these details are obtained from third party information.
Multiple SQL injection vulnerabilities in admin/login.php in Milw0rm Clone Script 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) usr or (2) pwd parameter.
SQL injection vulnerability in login.php in Allomani Audio & Video Library (Songs & Clips version) 2.7.0 allows remote attackers to execute arbitrary SQL commands via the username parameter in a login action.
SQL injection vulnerability in the TemplatePlaza.com TPDugg (com_tpdugg) component 1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a tags action to index.php.
A security vulnerability has been detected in itsourcecode Student Information System 1.0. This affects an unknown function of the file /course_edit1.php. Such manipulation of the argument ID leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used.
SQL injection vulnerability in the Parish of the Holy Spirit Religious Art Gallery (hs_religiousartgallery) extension 0.1.2 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
SQL injection vulnerability in the Parish Administration Database (ste_parish_admin) extension 0.1.3 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
SQL injection vulnerability in the Diocese of Portsmouth Calendar (pd_calendar) extension 0.4.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors, a different issue than CVE-2008-6691.
A vulnerability was identified in PHPGurukul User Management System 1.0. This vulnerability affects unknown code of the file /signup.php. Such manipulation of the argument emailid leads to sql injection. The attack can be executed remotely. The exploit is publicly available and might be used.
SQL injection vulnerability in the Subscription (mf_subscription) extension 0.2.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors.
SQL injection vulnerability in the Taxonomy Timer module 5.x-1.8 and earlier and 6.x-alpha1 and earlier for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
Multiple SQL injection vulnerabilities in Tourism Script Accommodation Hotel Booking Portal Script allow remote attackers to execute arbitrary SQL commands via the hotel_id parameter to (1) hotel.php, (2) details.php, (3) roomtypes.php, (4) photos.php, (5) map.php, (6) weather.php, (7) reviews.php, and (8) book.php.
SQL injection vulnerability in the AJAX Chat (vjchat) extension before 0.3.3 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
SQL injection vulnerability in the Lucy Games (com_lucygames) component 1.5.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the gameid parameter in a game action to index.php. NOTE: some of these details are obtained from third party information.
SQL injection vulnerability in index.php in PHPRecipeBook 2.24 and 2.39 allows remote attackers to execute arbitrary SQL commands via the (1) base_id or (2) course_id parameter in a search action.
A vulnerability was found in SourceCodester Bakeshop Online Ordering System 1.0. The impacted element is an unknown function of the file /passwordrecover.php. Performing manipulation of the argument phonenumber results in sql injection. The attack is possible to be carried out remotely. The exploit has been made public and could be used.
A vulnerability was found in Campcodes Online Shopping System 1.0. Affected is an unknown function of the file /product.php. Performing manipulation of the argument p results in sql injection. The attack may be initiated remotely. The exploit has been made public and could be used.
Multiple SQL injection vulnerabilities in admin/aclass/admin_func.php in Arab Portal 2.2 allow remote attackers to execute arbitrary SQL commands via the (1) X-Forwarded-For or (2) Client-IP HTTP header in a request to the default URI under admin/.
A vulnerability was determined in code-projects Human Resource Integrated System 1.0. This vulnerability affects unknown code of the file /login_query12.php. This manipulation of the argument ID causes sql injection. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized.
SQL injection vulnerability in the Mike de Boer zoom (com_zoom) component 2.0 for Mambo allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php.
A vulnerability was found in code-projects Matrimonial Site 1.0. It has been classified as critical. Affected is an unknown function of the file /auth/auth.php?user=1. The manipulation of the argument username leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-247344.
Multiple SQL injection vulnerabilities in Alwasel 1.5 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) show.php and (2) xml.php.
SQL injection vulnerability in the Itamar Elharar MusicGallery (com_musicgallery) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in an itempage action to index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
SQL injection vulnerability in classified.php in phpBazar 2.1.1fix and earlier allows remote attackers to execute arbitrary SQL commands via the catid parameter, a different vector than CVE-2008-3767.