A weakness has been identified in code-projects Online Complaint Site 1.0. Impacted is an unknown function of the file /cms/users/complaint-details.php. Executing manipulation of the argument cid can lead to sql injection. It is possible to launch the attack remotely. The exploit has been made available to the public and could be exploited.
A security flaw has been discovered in iPynch Social Network Website up to b6933b6d7f82c84819abe458ccf0e59d61119541. The affected element is an unknown function of the component Search. Performing manipulation results in sql injection. The attack is possible to be carried out remotely. The exploit has been released to the public and may be exploited. This product adopts a rolling release strategy to maintain continuous delivery
A vulnerability was identified in kidaze CourseSelectionSystem up to 42cd892b40a18d50bd4ed1905fa89f939173a464. Affected is an unknown function of the file /Profilers/PProfile/COUNT3s3.php. The manipulation of the argument csem leads to sql injection. Remote exploitation of the attack is possible. The exploit is publicly available and might be used. This product follows a rolling release approach for continuous delivery, so version details for affected or updated releases are not provided.
A weakness has been identified in nahiduddinahammed Hospital-Management-System-Website up to e6562429e14b2f88bd2139cae16e87b965024097. This issue affects some unknown processing of the file /delete.php. This manipulation of the argument ai causes sql injection. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be exploited. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The vendor was contacted early about this disclosure but did not respond in any way.
A flaw has been found in code-projects E-Commerce Website 1.0. Affected is an unknown function of the file /pages/supplier_add.php. Executing manipulation of the argument supp_email can lead to sql injection. The attack may be launched remotely. The exploit has been published and may be used.
A vulnerability was detected in SourceCodester Online Exam Form Submission 1.0. Affected by this vulnerability is an unknown functionality of the file /user/dashboard.php?page=update_profile. The manipulation of the argument phone results in sql injection. The attack may be launched remotely. The exploit is now public and may be used. Other parameters might be affected as well.
A vulnerability was found in ESAFENET CDG 5.6.3.154.205_20250114. It has been classified as critical. Affected is an unknown function of the file addPolicyToSafetyGroup.jsp. The manipulation of the argument safetyGroupId leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
A vulnerability was identified in code-projects E-Commerce Website 1.0. The impacted element is an unknown function of the file /pages/product_add_qty.php. The manipulation of the argument prod_id leads to sql injection. The attack is possible to be carried out remotely. The exploit is publicly available and might be used.
A vulnerability has been found in Portabilis i-Educar up to 2.10. Affected by this issue is some unknown functionality of the file /module/Cadastro/aluno. The manipulation of the argument is leads to sql injection. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used.
A vulnerability was found in code-projects Simple Food Ordering System 1.0. This vulnerability affects unknown code of the file /editproduct.php. The manipulation of the argument Category results in sql injection. The attack may be launched remotely. The exploit has been made public and could be used.
A vulnerability was determined in SourceCodester Hotel and Lodge Management System 1.0. This affects an unknown part of the file /pages/save_tax.php. Executing manipulation of the argument percentage can lead to sql injection. It is possible to launch the attack remotely. The exploit has been publicly disclosed and may be utilized.
XSS and SQLi in Huge IT Joomla Slider v1.0.9 extension
A vulnerability was determined in Campcodes Online Beauty Parlor Management System 1.0. This affects an unknown part of the file /admin/add-services.php. Executing manipulation of the argument sername can lead to sql injection. The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized.
A vulnerability was found in SourceCodester Hotel and Lodge Management System 1.0. Affected by this issue is some unknown functionality of the file /del_booking.php. Performing manipulation of the argument ID results in sql injection. It is possible to initiate the attack remotely. The exploit has been made public and could be used.
A vulnerability was found in SourceCodester PHP Task Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file edit-task.php. The manipulation of the argument task_id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-259070 is the identifier assigned to this vulnerability.
A security flaw has been discovered in SourceCodester Pet Grooming Management Software 1.0. The impacted element is an unknown function of the file /admin/inv-print.php. The manipulation of the argument ID results in sql injection. It is possible to launch the attack remotely. The exploit has been released to the public and may be exploited.
A security flaw has been discovered in CodeAstro Gym Management System 1.0. Affected is an unknown function of the file /admin/user-payment.php. Performing a manipulation of the argument plan results in sql injection. It is possible to initiate the attack remotely. The exploit has been released to the public and may be used for attacks.
A vulnerability, which was classified as critical, has been found in SourceCodester Bank Management System 1.0. Affected by this issue is login.php. The manipulation of the argument password with the input 1'and 1=2 union select 1,sleep(10),3,4,5 --+ leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
A security vulnerability has been detected in SourceCodester Pet Grooming Management Software 1.0. This affects an unknown part of the file /admin/edit.php. Such manipulation of the argument ID leads to sql injection. The attack may be launched remotely. The exploit has been disclosed publicly and may be used.
A security flaw has been discovered in SourceCodester Simple Inventory System 1.0. This issue affects some unknown processing of the file /brand.php. The manipulation of the argument editBrandName results in sql injection. The attack can be executed remotely. The exploit has been released to the public and may be exploited.
A security flaw has been discovered in code-projects Simple Banking System 1.0. This issue affects some unknown processing of the file /createuser.php. Performing manipulation of the argument Name results in sql injection. The attack may be initiated remotely. The exploit has been released to the public and may be exploited.
A weakness has been identified in SourceCodester Online Polling System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/positions.php. This manipulation of the argument ID causes sql injection. The attack may be initiated remotely. The exploit has been made available to the public and could be exploited.
A weakness has been identified in CodeAstro Gym Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/equipment-entry.php. Executing a manipulation of the argument ename can lead to sql injection. It is possible to launch the attack remotely. The exploit has been made available to the public and could be used for attacks.
A vulnerability was detected in CodeAstro Electricity Billing System 1.0. Affected by this issue is some unknown functionality of the file /admin/bill.php. The manipulation of the argument uid results in sql injection. The attack may be launched remotely. The exploit is now public and may be used.
A flaw has been found in Campcodes Advanced Online Voting Management System 1.0. This affects an unknown function of the file /admin/voters_add.php. Executing manipulation of the argument firstname can lead to sql injection. The attack can be executed remotely. The exploit has been published and may be used. Other parameters might be affected as well.
A weakness has been identified in itsourcecode Open Source Job Portal 1.0. Impacted is an unknown function of the file /admin/vacancy/index.php?view=edit. This manipulation of the argument ID causes sql injection. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be exploited.
USOC is an open source CMS with a focus on simplicity. In affected versions USOC allows for SQL injection via usersearch.php. In search terms provided by the user were not sanitized and were used directly to construct a sql statement. The only users permitted to search are site admins. Users are advised to upgrade as soon as possible. There are not workarounds for this issue.
A vulnerability has been found in SourceCodester Online Exam Form Submission 1.0. This affects an unknown part of the file /admin/delete_user.php. Such manipulation of the argument ID leads to sql injection. The attack can be executed remotely. The exploit has been disclosed to the public and may be used.
A weakness has been identified in SourceCodester Farm Management System 1.0. This issue affects some unknown processing of the file /myCart.php. This manipulation of the argument pid causes sql injection. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be exploited.
XSS & SQLi in HugeIT slideshow v1.0.4
A vulnerability, which was classified as critical, was found in SourceCodester Internship Portal Management System 1.0. Affected is an unknown function of the file admin/edit_admin_query.php. The manipulation of the argument username/password/name/admin_id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259104.
A vulnerability was detected in Campcodes Advanced Online Voting Management System 1.0. The impacted element is an unknown function of the file /index.php. Performing manipulation of the argument voter results in sql injection. Remote exploitation of the attack is possible. The exploit is now public and may be used.
A vulnerability was determined in code-projects Web-Based Inventory and POS System 1.0. The impacted element is an unknown function of the file /transaction.php. This manipulation of the argument shopid causes sql injection. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may be utilized.
A security flaw has been discovered in code-projects Online Complaint Site 1.0. This issue affects some unknown processing of the file /cms/users/register-complaint.php. Performing manipulation of the argument cid results in sql injection. It is possible to initiate the attack remotely. The exploit has been released to the public and may be exploited.
A vulnerability was identified in Campcodes Society Membership Information System 1.0. This issue affects some unknown processing of the file /check_student.php. Such manipulation of the argument student_id leads to sql injection. The attack may be performed from remote. The exploit is publicly available and might be used.
A security vulnerability has been detected in SourceCodester Hotel and Lodge Management System 1.0. This affects an unknown function of the file /pages/save_room.php. The manipulation of the argument floorno leads to sql injection. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used.
A vulnerability was identified in code-projects Online Complaint Site 1.0. This impacts an unknown function of the file /admin/category.php. Such manipulation of the argument Category leads to sql injection. It is possible to launch the attack remotely. The exploit is publicly available and might be used.
WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. Due to lack of proper sanitization in one of the classes, there's potential for unintended SQL queries to be executed. This has been patched in WordPress version 5.8.3. Older affected versions are also fixed via security release, that go back till 4.1.34. We strongly recommend that you keep auto-updates enabled. There are no known workarounds for this issue.
A vulnerability was detected in CodeAstro Online Leave Application 1.0. Affected is an unknown function of the file /signup.php. Performing manipulation of the argument city results in sql injection. The attack may be initiated remotely. The exploit is now public and may be used. Other parameters might be affected as well.
A weakness has been identified in SourceCodester Simple Inventory System 1.0. Impacted is an unknown function of the file /user.php. This manipulation of the argument uemail causes sql injection. The attack is possible to be carried out remotely. The exploit has been made available to the public and could be exploited.
A security vulnerability has been detected in code-projects Simple Food Ordering System 1.0. Affected is an unknown function of the file editcategory.php. Such manipulation of the argument cname leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used.
A weakness has been identified in code-projects Simple Banking System 1.0. Impacted is an unknown function of the file /removeuser.php. Executing manipulation of the argument ID can lead to sql injection. The attack may be launched remotely. The exploit has been made available to the public and could be exploited.
A security vulnerability has been detected in itsourcecode Open Source Job Portal 1.0. This impacts an unknown function of the file /jobportal/admin/category/index.php?view=edit. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used.
A security flaw has been discovered in SourceCodester Farm Management System 1.0. Affected by this issue is some unknown functionality of the file /uploadProduct.php. Performing manipulation of the argument Type results in sql injection. The attack may be initiated remotely. The exploit has been released to the public and may be exploited.
A flaw has been found in SourceCodester Hotel and Lodge Management System 1.0. Affected is an unknown function of the file /pages/save_curr.php. This manipulation of the argument currcode causes sql injection. The attack is possible to be carried out remotely. The exploit has been published and may be used.
A security flaw has been discovered in CRMEB up to 5.6. This issue affects some unknown processing of the file /adminapi/product/product of the component GET Parameter Handler. Performing a manipulation of the argument cate_id results in sql injection. Remote exploitation of the attack is possible. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
A weakness has been identified in SourceCodester Pet Grooming Management Software 1.0. This affects an unknown function of the file /admin/print-payment.php. This manipulation of the argument sql111 causes sql injection. The attack can be initiated remotely. The exploit has been made available to the public and could be exploited.
An SQL injection vulnerability exists in the AssetActions.aspx functionality of Lansweeper lansweeper 9.1.20.2. A specially-crafted HTTP request can cause SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.
A flaw has been found in CodeAstro Online Leave Application 1.0. Affected by this vulnerability is an unknown functionality of the file /leaveAplicationForm.php. Executing manipulation of the argument absence[] can lead to sql injection. The attack may be launched remotely. The exploit has been published and may be used.
A weakness has been identified in SourceCodester Hotel and Lodge Management System 1.0. The affected element is an unknown function of the file /pages/save_customer.php. Executing manipulation of the argument Contact can lead to sql injection. The attack can be executed remotely. The exploit has been made available to the public and could be exploited.