Helmet Store Showroom Site v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_category.
Helmet Store Showroom Site v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_helmet.
Helmet Store Showroom Site v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /hss/classes/Users.php?f=delete.
Helmet Store Showroom Site v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_brand.
Helmet Store Showroom Site v1.0 is vulnerable to SQL Injection via /hss/admin/?page=products/view_product&id=.
Helmet Store Showroom Site v1.0 is vulnerable to SQL Injection via /hss/admin/?page=client/manage_client&id=.
Helmet Store Showroom Site v1.0 is vulnerable to SQL Injection via /hss/classes/Master.php?f=delete_product.
Helmet Store Showroom Site v1.0 is vulnerable to SQL Injection via /hss/?page=product_per_brand&bid=.
Helmet Store Showroom Site v1.0 is vulnerable to SQL Injection via /hss/admin/?page=user/manage_user&id=.
Helmet Store Showroom Site v1.0 is vulnerable to SQL Injection via /hss/?page=view_product&id=.
Helmet Store Showroom Site v1.0 is vulnerable to SQL Injection via /hss/admin/brands/manage_brand.php?id=.
Helmet Store Showroom Site v1.0 is vulnerable to SQL Injection via /hss/?page=categories&c=.
Helmet Store Showroom Site v1.0 is vulnerable to SQL Injection via /hss/admin/categories/manage_category.php?id=.
Helmet Store Showroom Site v1.0 is vulnerable to SQL Injection via /hss/admin/categories/view_category.php?id=.
There is SQL Injection vulnerability at Helmet Store Showroom v1.0 Login Page. This vulnerability can be exploited to bypass admin access.
Re:Desk 2.3 has a blind authenticated SQL injection vulnerability in the SettingsController class, in the actionEmailTemplates() method. A malicious actor with access to an administrative account could abuse this vulnerability to recover sensitive data from the application's database, allowing for authorization bypass and taking over additional accounts by means of modifying password-reset tokens stored in the database. Remote command execution is also possible by leveraging this to abuse the Yii framework's bizRule functionality, allowing for arbitrary PHP code to be executed by the application. Remote command execution is also possible by using this together with a separate insecure file upload vulnerability (CVE-2020-15488).
Hospital's Patient Records Management System v1.0 is vulnerable to SQL Injection via /hprms/admin/?page=user/manage_user&id=.
Hospital's Patient Records Management System v1.0 is vulnerable to SQL Injection via /hprms/classes/Master.php?f=delete_message.
Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/classes/Master.php?f=delete_category.
Complete Online Job Search System v1.0 is vulnerable to SQL Injection via /eris/index.php?q=result&searchfor=bycompany.
Online Tutor Portal Site v1.0 is vulnerable to SQL Injection via /otps/classes/Master.php?f=delete_team.
Complete Online Job Search System v1.0 is vulnerable to SQL Injection via /eris/index.php?q=hiring&search=.
Fast Food Ordering System v1.0 is vulnerable to SQL Injection via /ffos/classes/Master.php?f=delete_category.
Online Ordering System v1.0 by oretnom23 is vulnerable to SQL Injection via admin/editproductetails.php.
Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/admin/?page=inventory/manage_inventory&id=.
Wedding Management System v1.0 is vulnerable to SQL Injection via \admin\package_edit.php.
Covid-19 Travel Pass Management System v1.0 is vulnerable to SQL Injection via ctpms/admin/?page=user/manage_user&id=.
Sourcecodester Simple Social Networking Site v1.0 is vulnerable to SQL Injection via /sns/admin/?page=posts/view_post&id=.
Air Cargo Management System 1.0 is vulnerable to SQL Injection via /acms/admin/cargo_types/manage_cargo_type.php?id=.
College Management System v1.0 is vulnerable to SQL Injection via /College_Management_System/admin/display-teacher.php?teacher_id=.
Wedding Management System v1.0 is vulnerable to SQL Injection via /Wedding-Management/admin/client_edit.php?booking=31&user_id=.
Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/?p=products&c=.
Wedding Management System v1.0 is vulnerable to SQL Injection via /Wedding-Management/admin/client_manage_account_details.php?booking_id=31&user_id=
Wedding Management System v1.0 is vulnerable to SQL Injection via \admin\feature_edit.php.
Tuleap is a Free & Open Source Suite to improve management of software developments and collaboration. In versions prior to 13.9.99.95 Tuleap does not sanitize properly user inputs when constructing the SQL query to retrieve data for the tracker reports. An attacker with the capability to create a new tracker can execute arbitrary SQL queries. Users are advised to upgrade. There is no known workaround for this issue.
Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/?p=view_product&id=.
Wedding Management System v1.0 is vulnerable to SQL injection via /Wedding-Management/admin/blog_events_edit.php?id=31.
Wedding Management System v1.0 is vulnerable to SQL Injection. via /Wedding-Management/admin/budget.php?booking_id=.
A SQL injection vulnerability in Centreon 24.04.2 allows a remote high-privileged attacker to execute arbitrary SQL command via user massive changes inputs.
Wedding Management System v1.0 is vulnerable to SQL Injection via \admin\blog_events_edit.php.
Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/admin/?page=product/manage_product&id=.
SQL Injection vulnerability in Enterprise Data Interface of Gallagher Command Centre allows a remote attacker with 'Edit Enterprise Data Interfaces' privilege to execute arbitrary SQL against a third party database if EDI is configured to import data from this database. This issue affects: Gallagher Command Centre 8.30 versions prior to 8.30.1236(MR1); 8.20 versions prior to 8.20.1166(MR3); 8.10 versions prior to 8.10.1211(MR5); 8.00 versions prior to 8.00.1228(MR6); version 7.90 and prior versions.
Wedding Management System v1.0 is vulnerable to SQL Injection via Wedding-Management/wedding_details.php.
Support Incident Tracker (aka SiT! or SiTracker) 3.67 p2 allows post-authentication SQL injection via the site_edit.php typeid or site parameter, the search_incidents_advanced.php search_title parameter, or the report_qbe.php criteriafield parameter.
CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/pic/admin/type/save.
CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/vod/admin/topic/del.
CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/singer/admin/singer/hy.
CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the id parameter at /admin.php/news/admin/topic/save.
CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/Label/js_del.
CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the id parameter at /admin.php/pic/admin/lists/zhuan.