YoudianCMS v9.5.0 was discovered to contain a SQL injection vulnerability via the IdList parameter at /App/Lib/Action/Home/ApiAction.class.php.
Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the loginid parameter at adminlogin.php.
Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/admin/vehicles/manage_vehicle.php?id=.
Online Car Wash Booking System v1.0 by oretnom23 has SQL injection via /ocwbs/admin/services/manage_price.php?id=.
IdeaTMS 2022 is vulnerable to SQL Injection via the PATH_INFO
Online Car Wash Booking System v1.0 by oretnom23 has SQL injection in /ocwbs/admin/services/manage_service.php?id=.
Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the editid parameter at orders.php.
Badminton Center Management System v1.0 is vulnerable to SQL Injection via bcms/classes/Master.php?f=delete_court.
IdeaLMS 2022 allows SQL injection via the IdeaLMS/ChatRoom/ClassAccessControl/6?isBigBlueButton=0&ClassID= pathname.
Ingredient Stock Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /isms/admin/stocks/view_stock.php.
Online Discussion Forum Site 1 was discovered to contain a blind SQL injection vulnerability via the component /odfs/posts/view_post.php.
Simple Admin Panel App v1.0 was discovered to contain a SQL injection vulnerability via the orderID parameter at /adminView/viewEachOrder.php.
Hospital's Patient Records Management System v1.0 is vulnerable to SQL Injection via /hprms/admin/patients/manage_patient.php?id=.
IBM InfoSphere Information Server 11.7 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database.
A vulnerability classified as critical has been found in codeprojects Online Driving School. This affects an unknown part of the file /login.php. The manipulation of the argument username leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-207873 was assigned to this vulnerability.
Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/classes/Master.php?f=get_vehicle_service.
Docebo Community Edition v4.0.5 and below was discovered to contain a SQL injection vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer
Rescue Dispatch Management System v1.0 is vulnerable to SQL Injection via /rdms/admin/incidents/view_incident.php?id=.
Simple Inventory System v1.0 is vulnerable to SQL Injection via /inventory/table_edit_ajax.php.
Online Ordering System v2.3.2 was discovered to contain a SQL injection vulnerability via /ordering/admin/inventory/index.php?view=edit&id=.
Rescue Dispatch Management System v1.0 is vulnerable to SQL injection via /rdms/classes/Master.php?f=delete_incident.
A vulnerability was found in CodeAstro Pharmacy Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /index.php of the component Login. The manipulation of the argument Username leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Rescue Dispatch Management System v1.0 is vulnerable to SQL Injection via /rdms/classes/Master.php?f=delete_report.
A vulnerability was found in itsourcecode Restaurant Management System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/team_update.php. The manipulation of the argument team leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
A SQL Injection (CWE-89) vulnerability exists in U.motion Builder software version 1.3.4 which could cause unwanted code execution when an improper set of characters is entered.
A vulnerability classified as critical has been found in SourceCodester Free Hospital Management System for Small Practices 1.0. Affected is an unknown function of the file /vm/doctor/doctors.php?action=view. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-236214 is the identifier assigned to this vulnerability.
An attacker could utilize SQL commands to create a new user MDT AutoSave versions prior to v6.02.06 and update the user’s permissions, granting the attacker the ability to login.
Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/classes/Master.php?f=delete_service.
Rescue Dispatch Management System v1.0 is vulnerable to SQL Injection via /rdms/classes/Master.php?f=delete_team.
Xiaohuanxiong v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /app/controller/Books.php.
Billing System Project v1.0 was discovered to contain a SQL injection vulnerability via the orderId parameter at fetchOrderData.php.
Directory Management System v1.0 was discovered to contain a SQL injection vulnerability via the fullname parameter in add-directory.php.
SQL Injection exists in the CheckList 1.1.1 component for Joomla! via the title_search, tag_search, name_search, description_search, or filter_order parameter.
Rescue Dispatch Management System v1.0 is vulnerable to SQL Injection via \rdms\admin?page=user\manage_user&id=.
Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/admin/?page=user/manage_user&id=.
A vulnerability was found in PHPGurukul Daily Expense Tracker System 1.1. It has been rated as critical. Affected by this issue is some unknown functionality of the file /user-profile.php. The manipulation of the argument fullname/contactnumber leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Newsletter Module v3.x was discovered to contain a SQL injection vulnerability via the zemez_newsletter_email parameter at /index.php.
A vulnerability was found in Projectworlds Life Insurance Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /deleteAgent.php. The manipulation of the argument agent_id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Badminton Center Management System v1.0 is vulnerable to SQL Injection via bcms/classes/Master.php?f=delete_product.
A vulnerability classified as critical was found in SourceCodester Clinics Patient Management System. Affected by this vulnerability is an unknown functionality of the file index.php of the component Login. The manipulation of the argument user_name leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-207847.
Rescue Dispatch Management System v1.0 is vulnerable to SQL Injection via /rdms/admin/incident_reports/manage_report.php?id=.
Online Ordering System 2.3.2 is vulnerable to SQL Injection via /ordering/admin/stockin/loaddata.php.
Online Ordering System 2.3.2 is vulnerable to SQL Injection via /ordering/admin/category/index.php?view=edit&id=.
Online Ordering System v2.3.2 was discovered to contain a SQL injection vulnerability via /ordering/index.php?q=category&search=.
An issue was discovered in EyesOfNetwork (EON) through 5.3.11. Unauthenticated SQL injection can occur.
Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/admin/services/view_service.php?id=.
SQL injection attacks can result in unauthorized access to sensitive data, such as passwords, credit card details, or personal user information. Many high-profile data breaches in recent years have been the result of SQL injection attacks, leading to reputational damage and regulatory fines. In some cases, an attacker can obtain a persistent backdoor into an organization's systems, leading to a long-term compromise that can go unnoticed for an extended period. This affect 16.0.1 and 16.0.2 only. 16.0.0 or lower, and 16.0.3 or higher are not affected
A vulnerability was found in SourceCodester Doctor's Appointment System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/delete-doctor.php of the component GET Parameter Handler. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
OcoMon v4.0 was discovered to contain a SQL injection vulnerability via the cod parameter at download.php.
SQL injection vulnerability in versions prior to 4.7.0 of Quiter Gateway by Quiter. This vulnerability allows an attacker to retrieve, create, update and delete databases through the id_concesion parameter in /<Client>FacturaE/VerFacturaPDF.