SQL Injection exists in the JSP Tickets 1.1 component for Joomla! via the ticketcode parameter in a ticketlist edit action, or the id parameter in a statuslist (or prioritylist) edit action.
SQL injection in GridHelperService.php in GitHub repository pimcore/pimcore prior to 10.3.6. This vulnerability is capable of steal the data
SQL Injection exists in the Staff Master through 1.0 RC 1 component for Joomla! via the name parameter in a view=staff request.
The R-SeeNet webpage (1.5.1 through 2.4.10) suffers from SQL injection, which allows a remote attacker to invoke queries on the database and retrieve sensitive information.
The catID parameter in Pharmacy Medical Store and Sale Point v1.0 has been found to be vulnerable to a Time-Based blind SQL injection via the /medical/inventories.php path which allows attackers to retrieve all databases.
PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\get_doctor.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information.
SQL injection in Logon Page in MV's mConnect application, v02.001.00, allows an attacker to use a non existing user with a generic password to connect to the application and get access to unauthorized information.
PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\book-appointment.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information.
Vinoj Cardoza WordPress Poll Plugin v36 and lower executes SQL statement passed in via the pollid POST parameter due to a lack of user input escaping. This allows users who craft specific SQL statements to dump the entire targets database.
PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\check_availability.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information.
A SQL injection vulnerability in /oa.php?c=Staff&a=read of Find a Place LJCMS v 1.3 allows attackers to access sensitive database information via a crafted POST request.
The RSVPMaker plugin for WordPress is vulnerable to unauthenticated SQL Injection due to missing SQL escaping and parameterization on user supplied data passed to a SQL query in the rsvpmaker-api-endpoints.php file. This makes it possible for unauthenticated attackers to steal sensitive information from the database in versions up to and including 9.2.6.
PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\admin\betweendates-detailsreports.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information.
PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\registration.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information.
PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\edit-profile.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information.
A SQL injection vulnerability in config.inc.php of rConfig 3.9.5 allows attackers to access sensitive database information via a crafted GET request to install/lib/ajaxHandlers/ajaxDbInstall.php.
A SQL injection vulnerability has been discovered in zz cms version 2019 which allows attackers to retrieve sensitive data via the dlid parameter in the /dl/dl_sendmail.php page cookie.
SQL injection exists in the jdownloads 3.2.63 component for Joomla! com_jdownloads/models/send.php via the f_marked_files_id parameter.
White Shark System (WSS) 1.3.2 has a SQL injection vulnerability. The vulnerability stems from the control_task.php, control_project.php, default_user.php files failing to filter the sort parameter. Remote attackers can exploit the vulnerability to obtain database sensitive information.
A blind SQL injection in /admin/?n=logs&c=index&a=dode of Metinfo 7.0 beta allows attackers to access sensitive database information.
An issue was discovered in Ipswitch WhatsUp Gold before 2017 Plus SP1 (17.1.1). Multiple SQL injection vulnerabilities are present in the legacy .ASP pages, which could allow attackers to execute arbitrary SQL commands via unspecified vectors.
SQL Injection exists in Professional Local Directory Script 1.0 via the sellers_subcategories.php IndustryID parameter, or the suppliers.php IndustryID or CategoryID parameter.
The iJoomla com_adagency plugin 6.0.9 for Joomla! allows SQL injection via the `advertiser_status` and `status_select` parameters to index.php.
SQL Injection exists in the File Download Tracker 3.0 component for Joomla! via the dynfield[phone] or sess parameter.
SQL Injection exists in Facebook Style Php Ajax Chat Zechat 1.5 via the login.php User field.
SQL Injection exists in Multilanguage Real Estate MLM Script through 3.0 via the /product-list.php srch parameter.
SQL Injection exists in TSiteBuilder 1.0 via the id parameter to /site.php, /pagelist.php, or /page_new.php.
https://gitee.com/mingSoft/MCMS MCMS <=5.2.5 is affected by: SQL Injection. The impact is: obtain sensitive information (remote). The component is: net.mingsoft.mdiy.action.web.DictAction#list. The attack vector is: 0 or sleep(3). ¶¶ MCMS has a sql injection vulnerability through which attacker can get sensitive information from the database.
SQL Injection exists in the JS Jobs 1.1.9 component for Joomla! via the zipcode parameter in a newest-jobs request, or the ta parameter in a view_resume request.
An issue was discovered in Appnitro MachForm before 4.2.3. There is a download.php SQL injection via the q parameter.
A SQL injection vulnerability in an Trend Micro Email Encryption Gateway 5.5 edit policy script could allow an attacker to execute SQL commands to upload and execute arbitrary code that may harm the target system.
SQL Injection exists in the InviteX 3.0.5 component for Joomla! via the invite_type parameter in a view=invites action.
SQL Injection exists in the Solidres 2.5.1 component for Joomla! via the direction parameter in a hub.search action.
SQL Injection exists in Affiligator Affiliate Webshop Management System 2.1.0 via a search/?q=&price_type=range&price= request.
SQL Injection exists in Wchat Fully Responsive PHP AJAX Chat Script 1.5 via the login.php User field.
SQL Injection exists in the LiveCRM SaaS Cloud 1.0 component for Joomla! via an r=site/login&company_id= request.
SQL Injection exists in the JEXTN Membership 3.1.0 component for Joomla! via the usr_plan parameter in a view=myplans&task=myplans.usersubscriptions request.
SQL Injection exists in the JMS Music 1.1.1 component for Joomla! via a search with the keyword, artist, or username parameter.
SQL Injection exists in the Form Maker 3.6.12 component for Joomla! via the id, from, or to parameter in a view=stats request, a different vulnerability than CVE-2015-2798.
Beijing Wisdom Vision Technology Industry Co., Ltd One Card Integrated Management System 3.0 is vulnerable to SQL Injection.
SQL Injection exists in the Zh GoogleMap 8.4.0.0 component for Joomla! via the id parameter in a getPlacemarkDetails, getPlacemarkHoverText, getPathHoverText, or getPathDetails request.
SQL injection exists in the jdownloads 3.2.63 component for Joomla! via components/com_jdownloads/helpers/categories.php, order function via the filter_order parameter.
It was discovered that the Unitrends Backup (UB) before 10.1.0 libbpext.so authentication could be bypassed with a SQL injection, allowing a remote attacker to place a privilege escalation exploit on the target system and subsequently execute arbitrary commands.
SQL Injection exists in the JEXTN Reverse Auction 3.1.0 component for Joomla! via a view=products&uid= request.
SQL Injection exists in the Project Log 1.5.3 component for Joomla! via the search parameter.
SQL Injection exists in the SimpleCalendar 3.1.9 component for Joomla! via the catid array parameter.
SQL Injection exists in the Zh YandexMap 6.2.1.0 component for Joomla! via the id parameter in a task=getPlacemarkDetails request.
SQL Injection in GitHub repository instantsoft/icms2 prior to 2.16.1-git.
Zoho ManageEngine Applications Manager 13 before build 13530 allows SQL injection via the /showresource.do resourceid parameter in a showPlasmaView action.
An issue was discovered in Online-Movie-Ticket-Booking-System 1.0. The file about.php does not perform input validation on the 'id' paramter. An attacker can append SQL queries to the input to extract sensitive information from the database.