SQL injection vulnerability in index.php in phpArcadeScript 1.0 through 3.0 RC2 allows remote attackers to execute arbitrary SQL commands via the userid parameter in a profile action.
SQL injection vulnerability in view.asp in DevWorx BlogWorx 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
SQL injection vulnerability in puarcade.class.php 2.2 and earlier in the Pragmatic Utopia PU Arcade (com_puarcade) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the gid parameter to index.php.
SQL injection vulnerability in data.php in PHPCMS 2008 V2 allows remote attackers to execute arbitrary SQL commands via the where_time parameter in a get action.
SQL injection vulnerability in the Kutub-i Sitte (KutubiSitte) 1.1 module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the kid parameter in a hadisgoster action to modules.php.
A vulnerability was identified in Campcodes Online Apartment Visitor Management System 1.0. Impacted is an unknown function of the file /search-visitor.php. The manipulation of the argument searchdata leads to sql injection. The attack may be initiated remotely. The exploit is publicly available and might be used.
SQL injection vulnerability in content.php in MH Products Easy Online Shop allows remote attackers to execute arbitrary SQL commands via the kat parameter.
A security flaw has been discovered in SourceCodester Hotel and Lodge Management System 1.0. The affected element is an unknown function of the file /login.php. Performing manipulation of the argument email results in sql injection. The attack may be initiated remotely. The exploit has been released to the public and may be exploited.
SQL injection vulnerability in folder/list in Hulihan BXR 0.6.8 allows remote attackers to execute arbitrary SQL commands via the order_by parameter.
A vulnerability was found in Taokeyun up to 1.0.5. It has been declared as critical. Affected by this vulnerability is the function index of the file application/index/controller/m/Drs.php of the component HTTP POST Request Handler. The manipulation of the argument cid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250585 was assigned to this vulnerability.
SQL injection vulnerability in calendar.php in Virtual War (VWar) 1.5 allows remote attackers to execute arbitrary SQL commands via the month parameter.
SQL injection vulnerability in includes/articleblock.php in Agares PhpAutoVideo 2.21 allows remote attackers to execute arbitrary SQL commands via the articlecat parameter.
A SQL Injection vulnerability exists in Sourcecodester Engineers Online Portal in PHP via the id parameter in the my_classmates.php web page.. As a result, an attacker can extract sensitive data from the web server and in some cases can use this vulnerability in order to get a remote code execution on the remote web server.
Multiple SQL injection vulnerabilities in wppa.php in the WP Photo Album (WPPA) before 1.1 plugin for WordPress allow remote attackers to execute arbitrary SQL commands via (1) the photo parameter to index.php, used by the wppa_photo_name function; or (2) the album parameter to index.php, used by the wppa_album_name function. NOTE: some of these details are obtained from third party information.
SQL injection vulnerability in book/detail.php in Virtue Netz Virtue Book Store allows remote attackers to execute arbitrary SQL commands via the bid parameter.
SQL injection vulnerability in liste.php in ID-Commerce 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the idFamille parameter.
SQL injection vulnerability in login.php in Pedro Santana Codice CMS allows remote attackers to execute arbitrary SQL commands via the username field. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
SQL Injection vulnerability exists in PHPGURUKUL Employee Record Management System 1.2 via the Email POST parameter in /forgetpassword.php.
SQL injection vulnerability in index.php in eazyPortal 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the session_vars cookie.
Multiple SQL injection vulnerabilities in e-Vision CMS 2.02 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) iframe.php and (2) print.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
SQL injection vulnerability in functions/editevent.php in the WP-Cal 0.3 plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter.
SQL injection vulnerability in wp-people-popup.php in Dean Logan WP-People plugin 1.6.1 for WordPress allows remote attackers to execute arbitrary SQL commands via the person parameter.
SQL injection vulnerability in index.php in the fq (com_fq) component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the listid parameter.
SQL injection vulnerability in the com_salesrep component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the rid parameter in a showrep action to index.php.
SQL injection vulnerability in wordspew-rss.php in the Wordspew plugin before 3.72 for Wordpress allows remote attackers to execute arbitrary SQL commands via the id parameter.
SQL injection vulnerability in category.php in Flinx 1.3 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
SQL injection vulnerability in page.php in FaScript FaName 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
SQL injection vulnerability in browse.asp in Schoolwires Academic Portal allows remote attackers to execute arbitrary SQL commands via the c parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
SQL Injection vulnerability exists in Sourcecodester Simple Client Management System 1.0 via the id parameter in view-service.php.
SQL injection vulnerability in index.php in AlstraSoft Forum Pay Per Post Exchange 2.0 allows remote attackers to execute arbitrary SQL commands via the catid parameter in a forum_catview action.
SQL injection vulnerability in paypalresult.asp in VP-ASP Shopping Cart 6.50 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
WebRun 3.6.0.42 is vulnerable to SQL Injection via the P_0 parameter used to set the username during the login process.
A vulnerability has been found in itsourcecode Society Management System 1.0. Impacted is an unknown function of the file /admin/edit_expenses.php. Such manipulation of the argument expenses_id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
ISPConfig before 3.2.2 allows SQL injection.
SQL injection vulnerability in index.php in the Simpleboard (com_simpleboard) 1.0.3 Stable component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a view action.
SQL injection vulnerability in filemgmt/singlefile.php in Geeklog 1.3.8 allows remote attackers to execute arbitrary SQL commands via the lid parameter.
SQL injection vulnerability in question.asp in PORAR WEBBOARD allows remote attackers to execute arbitrary SQL commands via the QID parameter.
SQL injection vulnerability in the Elite Experts (com_elite_experts) component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a showExpertProfileDetailed action to index.php.
SQL injection vulnerability in inc_pollingboothmanager.asp in DMXReady Polling Booth Manager allows remote attackers to execute arbitrary SQL commands via the QuestionID parameter in a results action.
SQL injection vulnerability in product_info.php in ALLPC 2.5 allows remote attackers to execute arbitrary SQL commands via the products_id parameter.
A SQL Injection vulnerability exists in ZZCMS 2021 via the askbigclassid parameter in /admin/ask.php.
SQL injection vulnerability in blog.php in A-Blog 2 allows remote attackers to execute arbitrary SQL commands via the id parameter in a news action.
SQL injection vulnerability in modules.php in the Okul 1.0 module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the okulid parameter in an okullar action.
SQL injection vulnerability in articlesdetails.php in BrotherScripts (BS) Business Directory allows remote attackers to execute arbitrary SQL commands via the id parameter.
SQL injection vulnerability in GradebookStuScores.asp in Eagle Software Aeries Browser Interface (ABI) 3.8.2.8 allows remote attackers to execute arbitrary SQL commands via the GrdBk parameter.
SQL injection vulnerability in cms/index.pl in The Everything Development Engine in The Everything Development System Pre-1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the node_id parameter.
SQL injection vulnerability in profil.php in Mafya Oyun Scrpti (aka Mafia Game Script) allows remote attackers to execute arbitrary SQL commands via the id parameter.
SQL injection vulnerability in Claroline before 1.8.9 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
A security vulnerability has been detected in code-projects E-Banking System 1.0. This affects an unknown function of the file /register.php of the component POST Parameter Handler. The manipulation of the argument username/password leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be used.
Multiple SQL injection vulnerabilities in Dokeos 1.8.4 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to whoisonline.php, (2) tracking_list_coaches_column parameter to main/mySpace/index.php, (3) tutor_name parameter to main/create_course/add_course.php, the (4) Referer HTTP header to index.php, and the (5) X-Fowarded-For HTTP header to main/admin/class_list.php.