Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Biltay Technology Scienta allows SQL Injection.This issue affects Scienta: before 20230630.1953.
13enforme CMS 1.0 has SQL Injection via the 'content.php' id parameter.
SQL injection vulnerability in c.php in CMS WebManager-Pro before 8.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.
SQL injection vulnerability in main.asp in Ziggurat Farsi CMS allows remote attackers to execute arbitrary SQL commands via the grp parameter.
SQL injection vulnerability in HelpDezk Community affecting version 1.1.10. This vulnerability could allow a remote attacker to send a specially crafted SQL query to the rows parameter of the jsonGrid route and extract all the information stored in the application.
SQL injection vulnerability in location.php in the eCal module in E-Xoopport Samsara 3.1 and earlier allows remote attackers to execute arbitrary SQL commands via the lid parameter.
SQL injection vulnerability found in Maximilian Vogt companymaps (cmaps) v.8.0 allows a remote attacker to execute arbitrary code via a crafted script in the request.
SQL injection vulnerability in the Joostina (com_ezautos) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the firstCode parameter in a helpers action to index.php.
SQL injection vulnerability in handlers/getpage.php in Wiki Web Help 0.28 allows remote attackers to execute arbitrary SQL commands via the id parameter.
SQL injection vulnerability in standings.php in Elite Gaming Ladders 3.5 allows remote attackers to execute arbitrary SQL commands via the ladder[id] parameter.
MCMS v5.2.5 was discovered to contain a SQL injection vulnerability via search.do in the file /web/MCmsAction.java.
SQL injection vulnerability in board/board.php in APBoard Developers APBoard 2.1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter, a different vector than CVE-2006-3078.
SQL injection vulnerability in articlesdetails.php in BrotherScripts (BS) Business Directory allows remote attackers to execute arbitrary SQL commands via the id parameter.
A vulnerability, which was classified as critical, has been found in SourceCodester Simple Chat System 1.0. Affected by this issue is some unknown functionality of the file /ajax.php?action=read_msg of the component POST Parameter Handler. The manipulation of the argument convo_id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-230348.
SQL injection vulnerability in index.php in WAnewsletter 2.1.2 allows remote attackers to execute arbitrary SQL commands via the id parameter.
SQL injection vulnerability in index.php in DBHcms 1.1.4 allows remote attackers to execute arbitrary SQL commands via the editmenu parameter.
SQL injection vulnerability in the RICOH Interactive Whiteboard D2200 V1.3 to V2.2, D5500 V1.3 to V2.2, D5510 V1.3 to V2.2, the display versions with RICOH Interactive Whiteboard Controller Type1 V1.3 to V2.2 attached (D5520, D6500, D6510, D7500, D8400), and the display versions with RICOH Interactive Whiteboard Controller Type2 V3.0 to V3.1.10137.0 attached (D5520, D6510, D7500, D8400) allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
SQL injection vulnerability in index.php in WebAsyst Shop-Script allows remote attackers to execute arbitrary SQL commands via the blog_id parameter in a news action.
SQL injection vulnerability in the XOBBIX (com_xobbix) component 1.0.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the prodid parameter in a prod_desc action to index.php.
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Marksoft allows SQL Injection.This issue affects Marksoft: through Mobile:v.7.1.7 ; Login:1.4 ; API:20230605.
SQL injection vulnerability in the Web_Links module for PHP-Nuke 8.0 allows remote attackers to execute arbitrary SQL commands via the url parameter in an Add action to modules.php.
SQL injection vulnerability in index.php in YPNinc JokeScript allows remote attackers to execute arbitrary SQL commands via the ypncat_id parameter.
SQL injection vulnerability in the Front-edit Address Book (com_addressbook) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter in a contact action to index.php.
SQL injection vulnerability in address_book/contacts.php in My Kazaam Address & Contact Organizer allows remote attackers to execute arbitrary SQL commands via the var1 parameter.
SQL injection vulnerability in the management console in Symantec IM Manager before 8.4.18 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
Multiple SQL injection vulnerabilities in index.cfm in ColdGen ColdUserGroup 1.06 allow remote attackers to execute arbitrary SQL commands via the (1) ArticleID or (2) LibraryID parameter.
Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via /admin/posts.php&action=delete.
SQL injection vulnerability in the login feature in Pre Projects Pre Podcast Portal allows remote attackers to execute arbitrary SQL commands via the password parameter.
An SQL injection vulnerability in the Payplug (payplug) module for PrestaShop, in versions 3.6.0, 3.6.1, 3.6.2, 3.6.3, 3.7.0 and 3.7.1, allows remote attackers to execute arbitrary SQL commands via the ajax.php front controller.
Stivasoft (Phpjabbers) Fundraising Script v1.0 was discovered to contain a SQL injection vulnerability via the pjActionLoadForm function.
Multiple SQL injection vulnerabilities in Domain Technologie Control (DTC) before 0.32.9 allow remote attackers to execute arbitrary SQL commands via the cid parameter to (1) admin/bw_per_month.php or (2) client/bw_per_month.php.
SQL injection vulnerability in viewhistorydetail.php in iScripts EasyBiller 1.1 allows remote attackers to execute arbitrary SQL commands via the planid parameter.
SQL injection vulnerability in the Commenting system Backend Module (commentsbe) extension 0.0.2 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
SQL injection vulnerability in index.cfm in ColdGen ColdBookmarks 1.22 allows remote attackers to execute arbitrary SQL commands via the BookmarkID parameter in an EditBookmark action.
SQL Injection vulnerability in function getTableCreationQuery in CreateAddField.php in phpMyAdmin 5.x before 5.2.0 via the tbl_storage_engine or tbl_collation parameters to tbl_create.php.
School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via the medium parameter at paidclass.php.
SQL injection vulnerability in index.php in the NP_Gallery plugin 0.94 for Nucleus allows remote attackers to execute arbitrary SQL commands via the id parameter in a plugin action.
MKCMS V6.2 has SQL injection via the /ucenter/active.php verify parameter.
SQL injection vulnerability in the Payments Plus component 2.1.5 for Joomla! allows remote attackers to execute arbitrary SQL commands via the type parameter to add.html.
SQL injection vulnerability in filemgmt/singlefile.php in Geeklog 1.3.8 allows remote attackers to execute arbitrary SQL commands via the lid parameter.
SQL injection vulnerability in the TimeTrack (com_timetrack) component 1.2.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the ct_id parameter in a timetrack action to index.php.
SQL injection vulnerability in the Tiny Market (hm_tinymarket) extension 0.5.4 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
SQL injection vulnerability in notes.php in My Kazaam Notes Management System allows remote attackers to execute arbitrary SQL commands via vectors involving the "Enter Reference Number Below" text box.
SQL injection vulnerability in stats.php in Elite Gaming Ladders 3.0 allows remote attackers to execute arbitrary SQL commands via the account parameter.
SQL injection vulnerability in detail.asp in Micronetsoft Rental Property Management Website 1.0 allows remote attackers to execute arbitrary SQL commands via the ad_ID parameter.
SQL injection vulnerability in the JE Guestbook (com_jeguestbook) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the d_itemid parameter in an item_detail action to index.php.
A vulnerability, which was classified as critical, has been found in PHPGurukul Small CRM 3.0. Affected by this issue is some unknown functionality of the component Registration Page. The manipulation leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-260480.
SQL injection vulnerability in detail.php in Simple Document Management System (SDMS) allows remote attackers to execute arbitrary SQL commands via the doc_id parameter.
SQL injection vulnerability in core/showsite.php in chillyCMS 1.1.3 allows remote attackers to execute arbitrary SQL commands via the name parameter. NOTE: some of these details are obtained from third party information.
SQL injection vulnerability in zp-core/full-image.php in Zenphoto 1.3 and 1.3.1.2 allows remote attackers to execute arbitrary SQL commands via the a parameter. NOTE: some of these details are obtained from third party information.