Authorization Bypass Through User-Controlled Key vulnerability in Dylan James Zephyr Project Manager.This issue affects Zephyr Project Manager: from n/a through 3.3.100.
SQL injection vulnerability found in Judging Management System v.1.0 allows a remote attacker to execute arbitrary code via the contestant_id parameter.
Kashipara E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_class.php.
A vulnerability classified as critical has been found in Campcodes Retro Cellphone Online Store 1.0. Affected is an unknown function of the file /admin/modal_add_product.php. The manipulation of the argument category leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-230580.
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Tise Technology Parking Web Report allows SQL Injection.This issue affects Parking Web Report: before 2.1.
LuckyframeWEB v3.5 was discovered to contain a SQL injection vulnerability via the dataScope parameter at /system/RoleMapper.xml.
A vulnerability, which was classified as critical, has been found in IBOS 4.5.5. Affected by this issue is the function actionDel of the file ?r=dashboard/approval/del. The manipulation of the argument id leads to sql injection. The exploit has been disclosed to the public and may be used. VDB-230690 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CRM Perks Database for Contact Form 7, WPforms, Elementor forms contact-form-entries allows SQL Injection.This issue affects Database for Contact Form 7, WPforms, Elementor forms: from n/a through 1.3.0.
Sourcecodester Packers and Movers Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /inquiries/view_inquiry.php.
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Biltay Technology Scienta allows SQL Injection.This issue affects Scienta: before 20230630.1953.
SQL injection vulnerability in HelpDezk Community affecting version 1.1.10. This vulnerability could allow a remote attacker to send a specially crafted SQL query to the rows parameter of the jsonGrid route and extract all the information stored in the application.
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in TMT Lockcell allows SQL Injection.This issue affects Lockcell: before 15.
NS-ASG v6.3 was discovered to contain a SQL injection vulnerability via the component /admin/add_ikev2.php.
The Ubigeo de Perú para Woocommerce WordPress plugin before 3.6.4 does not properly sanitise and escape some parameters before using them in SQL statements via various AJAX actions, some of which are available to unauthenticated users, leading to SQL Injections
The KiviCare WordPress plugin before 2.3.9 does not sanitise and escape some parameters before using them in SQL statements via the ajax_post AJAX action with the get_doctor_details route, leading to SQL Injections exploitable by unauthenticated users
A vulnerability classified as critical has been found in code-projects Agro-School Management System 1.0. Affected is the function doUpdateQuestion of the file btn_functions.php. The manipulation of the argument question_id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-230670 is the identifier assigned to this vulnerability.
A vulnerability was found in Netentsec NS-ASG Application Security Gateway 6.3. It has been declared as critical. This vulnerability affects unknown code of the file /protocol/iscuser/uploadiscuser.php of the component JSON Content Handler. The manipulation of the argument messagecontent leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-266848. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
A vulnerability was found in code-projects Agro-School Management System 1.0. It has been classified as critical. Affected is an unknown function of the file index.php. The manipulation of the argument password leads to sql injection. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-230568.
A vulnerability, which was classified as critical, was found in SourceCodester Online Exam Form Submission 1.0. This affects an unknown part of the file /admin/update_s6.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-230565 was assigned to this vulnerability.
The MStore API WordPress plugin before 3.9.8 does not sanitise and escape a parameter before using it in a SQL statement, leading to a Blind SQL injection exploitable by unauthenticated users. This is only exploitable if the site owner elected to pay to get access to the plugins' pro features, and uses the woocommerce-appointments plugin.
A SQL Injection vulnerability was found in /admin/index.php in phpgurukul Online Nurse Hiring System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the username parameter.
Frappe is a full-stack web application framework. Prior to 15.86.0 and 14.99.2, a certain endpoint was vulnerable to error-based SQL injection due to lack of validation of parameters. Some information like version could be retrieved. This vulnerability is fixed in 15.86.0 and 14.99.2.
Davinci v0.3.0-rc was discovered to contain a SQL injection vulnerability via the copyDisplay function.
SQL injection vulnerability found in Maximilian Vogt companymaps (cmaps) v.8.0 allows a remote attacker to execute arbitrary code via a crafted script in the request.
Judging Management System v1.0 was discovered to contain a SQL injection vulnerability via the event_id parameter at /php-jms/result_sheet.php.
A time-based SQL injection vulnerability in the login page of BoardRoom Limited Dividend Distribution Tax Election System Version v2.0 allows attackers to execute arbitrary code via a crafted input.
Kashipara E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_department.php.
A vulnerability classified as critical was found in SourceCodester Train Station Ticketing System 1.0. Affected by this vulnerability is an unknown functionality of the file manage_prices.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-230347.
Sourcecodester Student Study Center Desk Management System v1.0 admin\reports\index.php#date_from has a SQL Injection vulnerability.
SourceCodester Online Pizza Ordering System v1.0 is vulnerable to SQL Injection via the QTY parameter.
SQL injection in gosaliajainam/online-movie-booking 5.5 in movie_details.php allows attackers to gain sensitive information.
A vulnerability, which was classified as critical, was found in SourceCodester Students Online Internship Timesheet System 1.0. Affected is an unknown function of the file rendered_report.php of the component GET Parameter Handler. The manipulation of the argument sid leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-230142 is the identifier assigned to this vulnerability.
Kashipara E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_content.php.
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Lisa Software Florist Site allows SQL Injection.This issue affects Florist Site: before 3.0.
OURPHP <= 7.2.0 is vulnerable to SQL Injection.
Medical Systems Co. Medisys Weblab Products v19.4.03 was discovered to contain a SQL injection vulnerability via the tem:statement parameter in the WSDL files.
A vulnerability, which was classified as critical, has been found in SourceCodester Faculty Evaluation System 1.0. Affected by this issue is some unknown functionality of the file index.php?page=edit_user. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-230150 is the identifier assigned to this vulnerability.
An SQL injection vulnerability in the Payplug (payplug) module for PrestaShop, in versions 3.6.0, 3.6.1, 3.6.2, 3.6.3, 3.7.0 and 3.7.1, allows remote attackers to execute arbitrary SQL commands via the ajax.php front controller.
Shoppingfeed PrestaShop is an add-on to the PrestaShop ecommerce platform to synchronize data. The module Shoppingfeed for PrestaShop is vulnerable to SQL injection between version 1.4.0 and 1.8.2 due to a lack of input sanitization. This issue has been addressed in version 1.8.3. Users are advised to upgrade. There are no known workarounds for this issue.
Prestashop posstaticblocks <= 1.0.0 is vulnerable to SQL Injection via posstaticblocks::getPosCurrentHook().
SQL Injection vulnerability in oretnom23 Judging Management System v1.0, allows remote attackers to execute arbitrary code and obtain sensitive information via sub_event_id parameter in sub_event_stat_update.php.
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Marksoft allows SQL Injection.This issue affects Marksoft: through Mobile:v.7.1.7 ; Login:1.4 ; API:20230605.
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Oliva Expertise Oliva Expertise EKS allows SQL Injection.This issue affects Oliva Expertise EKS: before 1.2.
lmxcms v1.4.1 was discovered to contain a SQL injection vulnerability via the setbook parameter at index.php.
Judging Management System v1.0 by oretnom23 was discovered to vulnerable to SQL injection via /php-jms/review_result.php?mainevent_id=, mainevent_id.
Prestashop possearchproducts 1.7 is vulnerable to SQL Injection via PosSearch::find().
Prestashop posstaticfooter <= 1.0.0 is vulnerable to SQL Injection via posstaticfooter::getPosCurrentHook().
Purchase Order Management v1.0 was discovered to contain a SQL injection vulnerability via the password parameter at /purchase_order/admin/login.php.
SQL Injection vulnerability in oretnom23 Judging Management System v1.0, allows remote attackers to execute arbitrary code and obtain sensitive information via txtsearch parameter in review_search.php.
SQL injection vulnerability in the City Autocomplete (cityautocomplete) module from ebewe.net for PrestaShop, prior to version 1.8.12 (for PrestaShop version 1.5/1.6) or prior to 2.0.3 (for PrestaShop version 1.7), allows remote attackers to execute arbitrary SQL commands via the type, input_name. or q parameter in the autocompletion.php front controller.