EasyCMS v1.6 allows for SQL injection via ArticlemAction.class.php. In the background, search terms provided by the user were not sanitized and were used directly to construct a SQL statement.
Multiple SQL injection vulnerabilities in Zabbix 1.8.x before 1.8.18rc1, 2.0.x before 2.0.9rc1, and 2.1.x before 2.1.7.
Cybonet - PineApp Mail Relay Unauthenticated Sql Injection. Attacker can send a request to: /manage/emailrichment/userlist.php?CUSTOMER_ID_INNER=1 /admin/emailrichment/userlist.php?CUSTOMER_ID_INNER=1 /manage/emailrichment/usersunlist.php?CUSTOMER_ID_INNER=1 /admin/emailrichment/usersunlist.php?CUSTOMER_ID_INNER=1 and by doing that, the attacker can run Remote Code Execution in one liner.
Multiple SQL injection vulnerabilities in A-shop 0.70 and earlier allow remote attackers to execute arbitrary SQL commands via unspecified vectors.
eClass platform < ip.2.5.10.2.1 allows an attacker to execute SQL command via /admin/academic/studenview_left.php StudentID parameter.
BlueCMS 1.6 allows SQL Injection via the user_id parameter in an uploads/admin/user.php?act=edit request.
Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via index.php.
Multiple SQL injection vulnerabilities in QuickTicket 1.2 build:20070621 and QuickTalk Forum 1.3 allow remote attackers to execute arbitrary SQL commands via the (1) t and (2) f parameters in (a) qti_ind_post.php and (b) qti_ind_post_prt.php; (3) dir and (4) order parameters in qti_ind_member.php; (5) id parameter in qti_usr.php; and the (6) f parameter in qti_ind_topic.php. NOTE: it was later reported that vector 5 also affects 1.4, 1.5, and 1.5.0.3.
The Limit Login Attempts (Spam Protection) WordPress plugin before 5.1 does not sanitise and escape some parameters before using them in SQL statements via AJAX actions (available to unauthenticated users), leading to SQL Injections
Jeecg-boot v3.0 was discovered to contain a SQL injection vulnerability via the code parameter in /jeecg-boot/sys/user/queryUserByDepId.
SQL injection vulnerability in Gforge before 3.1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
The BookingPress WordPress plugin before 1.0.11 fails to properly sanitize user supplied POST data before it is used in a dynamically constructed SQL query via the bookingpress_front_get_category_services AJAX action (available to unauthenticated users), leading to an unauthenticated SQL Injection
A vulnerability, which was classified as critical, has been found in PHPGurukul Small CRM 3.0. Affected by this issue is some unknown functionality of the component Registration Page. The manipulation leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-260480.
Multiple SQL injection vulnerabilities in CRM/Core/Page/AJAX/Location.php in CiviCRM before 4.2.12, 4.3.x before 4.3.7, and 4.4.x before 4.4.beta4 allow remote attackers to execute arbitrary SQL commands via the _value parameter to (1) ajax/jqState or (2) ajax/jqcounty.
USOC is an open source CMS with a focus on simplicity. In affected versions USOC allows for SQL injection via register.php. In particular usernames, email addresses, and passwords provided by the user were not sanitized and were used directly to construct a sql statement. Users are advised to upgrade as soon as possible. There are not workarounds for this issue.
SQL injection vulnerability in the Slideshare extension 0.1.0 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
An issue was discovered in TONGDA Office Anywhere 10.18.190121. There is a SQL Injection vulnerability via the general/approve_center/list/input_form/work_handle.php run_id parameter.
PHPSHE 1.7 allows module/index/cart.php pintuan_id SQL Injection to index.php.
SQL injection vulnerability in Nagios IM (component of Nagios XI) before 2.2.7 allows attackers to execute arbitrary SQL commands.
SQL injection vulnerability in status/service/acknowledge in Opsview before 4.4.1 allows remote attackers to execute arbitrary SQL commands via the service_selection parameter.
XAMPP through 5.6.8 and previous allows SQL injection via the cds-fpdf.php jahr parameter. NOTE: This product is discontinued.
College Management System Php 1.0 suffers from SQL injection vulnerabilities in the index.php page from POST parameters 'unametxt' and 'pwdtxt', which are not filtered before passing a SQL query.
Multiple SQL injection vulnerabilities in app/models/concerns/host_common.rb in Foreman before 1.2.3 allow remote attackers to execute arbitrary SQL commands via the (1) fqdn or (2) hostgroup parameter.
HotelDruid before v2.3.1 has SQL Injection via the /visualizza_tabelle.php anno parameter.
ZoneMinder before 1.32.3 has SQL Injection via the skins/classic/views/control.php groupSql parameter, as demonstrated by a newGroup[MonitorIds][] value.
HotelDruid before v2.3.1 has SQL Injection via the /tab_tariffe.php numtariffa1 parameter.
SQL injection vulnerability in Nagios XI before 5.5.11 allows attackers to execute arbitrary SQL commands via the API when using fusekeys and malicious user id.
ecshop v2.7.3 is affected by a SQL injection vulnerability in shopex\ecshop\upload\api\client\api.php.
The Ubigeo de Perú para Woocommerce WordPress plugin before 3.6.4 does not properly sanitise and escape some parameters before using them in SQL statements via various AJAX actions, some of which are available to unauthenticated users, leading to SQL Injections
SQL injection in the Spider Event Calendar (aka spider-event-calendar) plugin before 1.5.52 for WordPress is exploitable with the order_by parameter to calendar_functions.php or widget_Theme_functions.php, related to front_end/frontend_functions.php.
GoRose v1.0.4 has SQL Injection when the order_by or group_by parameter can be controlled.
ZoneMinder before 1.32.3 has SQL Injection via the ajax/status.php sort parameter.
SQL injection vulnerability in Approvals/ in Request Tracker (RT) 4.0.10 and earlier allows remote attackers to execute arbitrary SQL commands via the ShowPending parameter. NOTE: the vendor disputes this issue, stating "We were unable to replicate it, and the individual that reported it retracted their report," and "we had verified that the claimed exploit did not function according to the author's claims.
The "Smart related articles" extension 1.1 for Joomla! has SQL injection in dialog.php (attacker must use search_cats variable in POST method to exploit this vulnerability).
The Multiple Shipping Address Woocommerce WordPress plugin before 2.0 does not properly sanitise and escape numerous parameters before using them in SQL statements via some AJAX actions available to unauthenticated users, leading to unauthenticated SQL injections
A remote sql injection vulnerability in HPE Network Automation version 9.1x, 9.2x, 10.0x, 10.1x and 10.2x were found.
A remote sql injection authentication bypass in HPE Network Automation version 9.1x, 9.2x, 10.0x, 10.1x and 10.2x were found.
An issue was discovered in eClinicalWorks Patient Portal 7.0 build 13. This is a blind SQL injection within the template.jsp, which can be exploited without the need of authentication and via an HTTP POST request, and which can be used to dump database data out to a malicious server, using an out-of-band technique such as select_loadfile().
SQL injection vulnerability in PhpCollab 2.5.1 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) project or id parameters to topics/deletetopics.php; the (2) id parameter to bookmarks/deletebookmarks.php; or the (3) id parameter to calendar/deletecalendar.php.
The KiviCare WordPress plugin before 2.3.9 does not sanitise and escape some parameters before using them in SQL statements via the ajax_post AJAX action with the get_doctor_details route, leading to SQL Injections exploitable by unauthenticated users
Ipswitch MOVEit Transfer (formerly DMZ) allows pre-authentication blind SQL injection. The fixed versions are MOVEit Transfer 2017 9.0.0.201, MOVEit DMZ 8.3.0.30, and MOVEit DMZ 8.2.0.20.
SQL injection vulnerability in play.php in Top Games Script 1.2 allows remote attackers to execute arbitrary SQL commands via the gid parameter.
SQL injection vulnerability in register.php in GeniXCMS before 1.0.0 allows unauthenticated users to execute arbitrary SQL commands via the activation parameter.
FUEL CMS 1.4.11 allows SQL Injection via parameter 'name' in /fuel/permissions/create/. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
SQL injection vulnerability in wp-includes/class-wp-query.php in WP_Query in WordPress before 4.7.2 allows remote attackers to execute arbitrary SQL commands by leveraging the presence of an affected plugin or theme that mishandles a crafted post type name.
An issue was discovered in Exponent CMS 2.4.1. This is a blind SQL injection that can be exploited by un-authenticated users via an HTTP GET request and which can be used to dump database data out to a malicious server, using an out-of-band technique, such as select_loadfile(). The vulnerability affects source_selector.php and the following parameter: src.
SQL injection vulnerability in Posts.class.php in GeniXCMS through 0.0.8 allows remote attackers to execute arbitrary SQL commands via the id parameter.
SQL injection vulnerability in imoveis.php in DescargarVista ACC IMoveis 1.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.
A vulnerability, which was classified as critical, was found in Campcodes Church Management System 1.0. This affects an unknown part of the file /admin/index.php. The manipulation of the argument password leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-259905 was assigned to this vulnerability.
Multiple SQL injection vulnerabilities in Kinsey Infor-Lawson (formerly ESBUS) allow remote attackers to execute arbitrary SQL commands via the (1) TABLE parameter to esbus/servlet/GetSQLData or (2) QUERY parameter to KK_LS9ReportingPortal/GetData.