SourceCodester Sanitization Management System 1.0 is vulnerable to SQL Injection.
Sanitization Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/?page=orders/view_order.
Sanitization Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /php-sms/classes/Master.php?f=delete_service.
The WP RSS By Publishers WordPress plugin through 0.1 does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin
Complete Supplier Management System v1.0 is vulnerable to SQL Injection via /Supply_Management_System/admin/edit_retailer.php?id=.
Barangay Management System v1.0 was discovered to contain a SQL injection vulnerability via the hidden_id parameter at /clearance/clearance.php.
Complete Supplier Management System v1.0 is vulnerable to SQL Injection via /Supply_Management_System/admin/edit_distributor.php?id=.
The Quote-O-Matic WordPress plugin through 1.0.5 does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin.
The WP RSS By Publishers WordPress plugin through 0.1 does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin
Automotive Shop Management System v1.0 is vulnerable to SQL Injection via /asms/classes/Master.php?f=delete_transaction.
The WP RSS By Publishers WordPress plugin through 0.1 does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin
Sanitization Management System v1.0 is vulnerable to SQL Injection via /php-sms/admin/orders/update_status.php?id=.
Automotive Shop Management System v1.0 is vulnerable to SQL Injection via /asms/classes/Master.php?f=delete_service.
Automotive Shop Management System v1.0 is vulnerable to SQL Injection via /asms/admin/mechanics/view_mechanic.php?id=.
Canteen Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /youthappam/editclient.php.
Auth. SQL Injection (SQLi) vulnerability in Adeel Ahmed's IP Blacklist Cloud plugin <= 5.00 versions.
Simple Cold Storage Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /bookings/update_status.php.
Sanitization Management System v1.0 is vulnerable to SQL Injection via /php-sms/admin/quotes/manage_remark.php?id=.
Simple Cold Storage Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/?page=bookings/view_details.
A vulnerability, which was classified as critical, was found in maku-boot up to 2.2.0. This affects the function doExecute of the file AbstractScheduleJob.java of the component Scheduled Task Handler. The manipulation leads to injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 446eb7294332efca2bfd791bc37281cedac0d0ff. It is recommended to apply a patch to fix this issue. The identifier VDB-215013 was assigned to this vulnerability.
Canteen Management System v1.0 was discovered to contain a SQL injection vulnerability via the categoriesId parameter at /php_action/fetchSelectedCategories.php.
Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /tests/view_test.php.
Canteen Management System v1.0 was discovered to contain a SQL injection vulnerability via the userid parameter at /php_action/fetchOrderData.php.
Canteen Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /print.php.
Canteen Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /editorder.php.
The LetsRecover WordPress plugin before 1.2.0 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin
Automotive Shop Management System v1.0 is vulnerable to SQL via /asms/classes/Master.php?f=delete_mechanic.
The Web Invoice WordPress plugin through 2.1.3 does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL Injection exploitable by high privilege users such as admin by default. However, depending on the plugin configuration, other users, such as subscriber could exploit this as well
Sanitization Management System v1.0 is vulnerable to SQL Injection via /php-sms/admin/?page=user/manage_user&id=.
Budget and Expense Tracker System v1.0 is vulnerable to SQL Injection via /expense_budget/admin/?page=reports/budget&date_start=2023-12-28&date_end=
Simple Cold Storage Management System v1.0 is vulnerable to SQL injection via /csms/classes/Master.php?f=delete_message.
Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/?page=user/manage_user.
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WP Overnight PDF Invoices & Packing Slips for WooCommerce.This issue affects PDF Invoices & Packing Slips for WooCommerce: from n/a through 3.7.5.
A vulnerability was found in Campcodes Complaint Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/complaint-details.php. The manipulation of the argument cid/uid leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
A vulnerability was found in SourceCodester Online Mobile Management Store 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/maintenance/manage_category.php of the component HTTP GET Request Handler. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-256283.
A vulnerability was found in SourceCodester Human Resource Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /hrm/employeeadd.php. The manipulation of the argument empid leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-214775.
Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Users.php?f=delete_client.
Sanitization Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /php-sms/classes/Master.php?f=delete_inquiry.
Open Source SACCO Management System v1.0 is vulnerable to SQL Injection via /sacco_shield/manage_payment.php.
Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/tests/manage_test.php.
Food Ordering Management System v1.0 was discovered to contain a SQL injection vulnerability via the component /foms/all-orders.php?status=Cancelled%20by%20Customer.
A vulnerability classified as critical was found in itsourcecode Employee Management System up to 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/editempeducation.php. The manipulation of the argument coursepg leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Open Source SACCO Management System v1.0 vulnerable to SQL Injection via /sacco_shield/manage_loan.php.
Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_appointment.
Simple Cold Storage Management System v1.0 is vulnerable to SQL injection via /csms/classes/Master.php?f=delete_booking.
Billing System Project v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /phpinventory/edituser.php.
Online Pet Shop We App v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /pet_shop/admin/?page=maintenance/manage_category.
Open Source SACCO Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /sacco_shield/ajax.php?action=delete_borrower.
SSCMS v7.4.0 contains a SQL injection vulnerability in the stl:sqlContent tag where the queryString attribute is passed directly to database execution without parameterization or sanitization. Attackers can craft encrypted payloads submitted to the /api/stl/actions/dynamic endpoint to execute arbitrary SQL statements, leading to unauthorized database access, data disclosure, authentication bypass, data modification, or complete database compromise.
Online Leave Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /leave_system/classes/Master.php?f=delete_department.