A vulnerability was found in Campcodes Courier Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /view_parcel.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
A vulnerability was found in PHPGurukul Login and User Management System 3.3. It has been declared as critical. This vulnerability affects unknown code of the file /admin/yesterday-reg-users.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
A vulnerability classified as critical was found in PHPGurukul BP Monitoring Management System 1.0. This vulnerability affects unknown code of the file /bwdates-report-result.php. The manipulation of the argument fromdate/todate leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
itsourcecode Advanced School Management System v1.0 is vulnerable to SQL Injection via /school/model/get_teacher_profile.php?my_index=.
A vulnerability, which was classified as critical, was found in Campcodes Online Hotel Reservation System 1.0. Affected is an unknown function of the file /admin/edit_room.php. The manipulation of the argument room_id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
itsourcecode Advanced School Management System v1.0 is vulnerable to SQL Injection via /school/model/get_teacher.php?id=.
Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/classes/Master.php?f=delete_product.
An exploitable SQL injection vulnerability exists in the authenticated part of ERPNext v10.1.6. Specially crafted web requests can cause SQL injections resulting in data compromise. The order_by parameter can be used to perform an SQL injection attack. An attacker can use a browser to trigger these vulnerabilities, and no special tools are required.
A vulnerability classified as critical has been found in Wanzhou WOES Intelligent Optimization Energy Saving System 1.0. This affects an unknown part of the file /CommonSolution/GetVariableByOneIDNew of the component Historical Data Query Module. The manipulation of the argument ObjectID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Badminton Center Management System v1.0 is vulnerable to SQL Injection via /bcms/admin/?page=court_rentals/view_court_rental&id=.
Hospital's Patient Records Management System v1.0 is vulnerable to SQL Injection via /hprms/admin/room_types/view_room_type.php?id=.
The Spam protection, AntiSpam, FireWall by CleanTalk WordPress plugin before 5.185.1 does not validate ids before using them in a SQL statement, which could lead to SQL injection exploitable by high privilege users such as admin
Car Rental Management System v1.0 is vulnerable to SQL Injection via /car-rental-management-system/admin/view_car.php?id=.
Online Railway Reservation System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_schedule.
Online Railway Reservation System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /orrs/admin/schedules/manage_schedule.php.
Online Railway Reservation System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /orrs/admin/reservations/view_details.php.
A vulnerability was found in deerwms deer-wms-2 up to 3.3. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /system/role/authUser/unallocatedList. The manipulation of the argument params[dataScope] leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
A vulnerability, which was classified as critical, was found in itsourcecode Employee Management System 1.0. Affected is an unknown function of the file /admin/index.php. The manipulation of the argument Username leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Complete Online Job Search System v1.0 is vulnerable to SQL Injection via /eris/index.php?q=result&searchfor=bytitle.
Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the 'id' parameter at /pms/admin/actions/manage_action.php:4
itsourcecode Advanced School Management System v1.0 is vulnerable to SQL Injection via /school/model/get_grade.php?id=.
Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/classes/Master.php?f=delete_category.
Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the 'id' parameter at /pms/admin/inmates/manage_inmate.php:3
Hospital's Patient Records Management System v1.0 is vulnerable to SQL Injection via /hprms/admin/rooms/manage_room.php?id=.
Badminton Center Management System v1.0 is vulnerable to SQL Injection via /bcms/admin/?page=service_transactions/manage_service_transaction&id=.
A vulnerability has been found in Portabilis i-Educar up to 2.10. This affects an unknown function of the file /intranet/educar_tipo_usuario_lst.php of the component Tipos de usuàrio Page. Such manipulation of the argument nm_tipo leads to sql injection. The attack may be performed from a remote location. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Complete Online Job Search System v1.0 is vulnerable to SQL Injection via /eris/index.php?q=result&searchfor=byfunction.
itsourcecode Advanced School Management System v1.0 is vulnerable to SQL Injection via /school/model/get_subject_routing.php?id=.
Fast Food Ordering System v1.0 is vulnerable to SQL Injection via /ffos/classes/Master.php?f=delete_menu.
Online Railway Reservation System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_reservation.
Online Tours And Travels Management System v1.0 was discovered to contain a SQL injection vulnerability via the tname parameter at /admin/operations/tax.php.
Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/admin/fields/manage_field.php?id=.
A vulnerability classified as critical has been found in Campcodes Courier Management System 1.0. This affects an unknown part of the file /edit_staff.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Poultry Farm Management System v1.0 was discovered to contain a SQL injection vulnerability via the Item parameter at /farm/store.php.
Car Rental Management System v1.0 is vulnerable to SQL Injection via /ip/car-rental-management-system/admin/ajax.php?action=login.
A vulnerability has been found in code-projects Medical Store Management System 1.0. This vulnerability affects unknown code of the file MainPanel.java. The manipulation of the argument searchTxt leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Hospital's Patient Records Management System v1.0 is vulnerable to SQL Injection via /hprms/admin/?page=patients/view_patient&id=.
Badminton Center Management System v1.0 is vulnerable to SQL Injection via bcms/admin/products/manage_product.php?id=.
itsourcecode Advanced School Management System v1.0 is vulnerable to SQL Injection via /school/model/get_timetable.php?id=.
Hospital's Patient Records Management System v1.0 is vulnerable to SQL Injection via /hprms/admin/rooms/view_room.php?id=.
Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/admin/?page=teams/view_team&id=.
Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the 'id' parameter at /pms/admin/cells/manage_cell.php:4
A vulnerability classified as critical was found in Campcodes Courier Management System 1.0. This vulnerability affects unknown code of the file /manage_user.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Hospital's Patient Records Management System v1.0 is vulnerable to SQL Injection via /hprms/classes/Master.php?f=delete_room.
Car Rental Management System v1.0 is vulnerable to SQL Injection via /car-rental-management-system/admin/manage_user.php?id=.
Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the 'id' parameter at /pms/admin/crimes/view_crime.php:4
itsourcecode Advanced School Management System v1.0 is vulnerable to SQL Injection via /school/model/get_exam_timetable.php?id=.
A vulnerability, which was classified as critical, was found in Kehua Charging Pile Cloud Platform 1.0. This affects an unknown part of the file /sys/task/findAllTask. The manipulation leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Hospital's Patient Records Management System v1.0 is vulnerable to SQL Injection via /hprms/classes/Master.php?f=delete_room_type.
Badminton Center Management System v1.0 is vulnerable to SQL Injection via /bcms/admin/services/view_service.php?id=.