Cscms Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the component news_News.php_hy.
The Floating Chat Widget: Contact Chat Icons, Telegram Chat, Line, WeChat, Email, SMS, Call Button WordPress plugin before 3.0.3 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as admin.
JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/folderrollpicture/list.
JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/article/list.
Simple Task Scheduling System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /schedules/manage_schedule.php.
The HTML Forms WordPress plugin before 1.3.25 does not properly properly escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users
An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution.
Expense Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /Home/debit_credit_p.
Simple Task Scheduling System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /schedules/view_schedule.php.
A vulnerability has been found in SourceCodester Simple Online Public Access Catalog 1.0 and classified as critical. This vulnerability affects unknown code of the file /opac/Actions.php?a=login of the component Admin Login. The manipulation of the argument username/password leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-210784.
Online Tours And Travels Management System v1.0 was discovered to contain a SQL injection vulnerability via the pname parameter at /admin/operations/packages.php.
Barangay Management System v1.0 was discovered to contain a SQL injection vulnerability via the hidden_id parameter at /pages/household/household.php.
Car Rental Management System v1.0 is vulnerable to SQL Injection via /car-rental-management-system/admin/manage_movement.php?id=.
Complete Online Job Search System v1.0 is vulnerable to SQL Injection via /eris/admin/applicants/index.php?view=view&id=.
Badminton Center Management System v1.0 is vulnerable to SQL Injection via /bcms/admin/courts/view_court.php?id=.
Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/classes/Master.php?f=delete_inquiry.
Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/admin/categories/manage_field_order.php?id=.
A vulnerability was found in kiCode111 like-girl 5.2.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/ipAddPost.php. The manipulation of the argument bz/ipdz leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the 'id' parameter at /pms/admin/user/manage_user.php:4.
Complete Online Job Search System v1.0 is vulnerable to SQL Injection via /eris/admin/employee/index.php?view=edit&id=.
Jfinal CMS v5.1.0 was discovered to contain a SQL injection vulnerability via the attrVal parameter at /jfinal_cms/system/dict/list.
Badminton Center Management System v1.0 is vulnerable to SQL Injection via /bcms/admin/?page=sales/view_details&id.
Online Railway Reservation System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /orrs/admin/trains/manage_train.php.
Online Railway Reservation System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/inquiries/view_details.php.
Hospital's Patient Records Management System v1.0 is vulnerable to SQL Injection via /hprms/classes/Master.php?f=delete_message.
Complete Online Job Search System v1.0 is vulnerable to SQL Injection via eris/admin/category/index.php?view=edit&id=.
Hospital's Patient Records Management System v1.0 is vulnerable to SQL Injection via /hprms/classes/Master.php?f=delete_patient_history.
itsourcecode Advanced School Management System v1.0 is vulnerable to SQL Injection via /school/model/get_teacher_profile.php?my_index=.
Hospital's Patient Records Management System v1.0 is vulnerable to SQL Injection via /hprms/classes/Master.php?f=delete_doctor.
itsourcecode Advanced School Management System v1.0 is vulnerable to SQL Injection via /school/model/get_teacher.php?id=.
Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/classes/Master.php?f=delete_product.
ChatBot App with Suggestion v1.0 is vulnerable to SQL Injection via /simple_chat_bot/admin/?page=responses/view_response&id=.
Badminton Center Management System v1.0 is vulnerable to SQL Injection via /bcms/admin/?page=court_rentals/view_court_rental&id=.
Hospital's Patient Records Management System v1.0 is vulnerable to SQL Injection via /hprms/admin/room_types/view_room_type.php?id=.
A vulnerability classified as critical was found in kiCode111 like-girl 5.2.0. This vulnerability affects unknown code of the file /admin/aboutPost.php. The manipulation of the argument title/aboutimg/info1/info2/info3/btn1/btn2/infox1/infox2/infox3/infox4/infox5/infox6/btnx2/infof1/infof2/infof3/infof4/btnf3/infod1/infod2/infod3/infod4/infod5 leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
The Spam protection, AntiSpam, FireWall by CleanTalk WordPress plugin before 5.185.1 does not validate ids before using them in a SQL statement, which could lead to SQL injection exploitable by high privilege users such as admin
Car Rental Management System v1.0 is vulnerable to SQL Injection via /car-rental-management-system/admin/view_car.php?id=.
Online Railway Reservation System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_schedule.
Online Railway Reservation System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /orrs/admin/schedules/manage_schedule.php.
Online Railway Reservation System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /orrs/admin/reservations/view_details.php.
Complete Online Job Search System v1.0 is vulnerable to SQL Injection via /eris/index.php?q=result&searchfor=bytitle.
itsourcecode Advanced School Management System v1.0 is vulnerable to SQL Injection via /school/model/get_grade.php?id=.
Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/classes/Master.php?f=delete_category.
Badminton Center Management System v1.0 is vulnerable to SQL Injection via /bcms/admin/?page=service_transactions/view_details&id=.
Hospital's Patient Records Management System v1.0 is vulnerable to SQL Injection via /hprms/admin/rooms/manage_room.php?id=.
Badminton Center Management System v1.0 is vulnerable to SQL Injection via /bcms/admin/?page=service_transactions/manage_service_transaction&id=.
Complete Online Job Search System v1.0 is vulnerable to SQL Injection via /eris/index.php?q=result&searchfor=byfunction.
itsourcecode Advanced School Management System v1.0 is vulnerable to SQL Injection via /school/model/get_subject_routing.php?id=.
Fast Food Ordering System v1.0 is vulnerable to SQL Injection via /ffos/classes/Master.php?f=delete_menu.
Online Railway Reservation System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_reservation.