An SQL Injection vulnerability exists in Sourcecodester Computer and Mobile Repair Shop Management system (RSMS) 1.0 via the code parameter in /rsms/ node app.
Prestashop posstaticblocks <= 1.0.0 is vulnerable to SQL Injection via posstaticblocks::getPosCurrentHook().
SQL injection vulnerability in the City Autocomplete (cityautocomplete) module from ebewe.net for PrestaShop, prior to version 1.8.12 (for PrestaShop version 1.5/1.6) or prior to 2.0.3 (for PrestaShop version 1.7), allows remote attackers to execute arbitrary SQL commands via the type, input_name. or q parameter in the autocompletion.php front controller.
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Tise Technology Parking Web Report allows SQL Injection. This issue affects Parking Web Report: before 2.1.
A security flaw has been discovered in code-projects Jonnys Liquor 1.0. Affected by this issue is some unknown functionality of the file /detail.php of the component GET Parameter Handler. Performing manipulation of the argument Product results in sql injection. Remote exploitation of the attack is possible. The exploit has been released to the public and may be exploited.
A vulnerability has been found in itsourcecode Student Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /new_school_year.php. The manipulation of the argument sy leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Sourcecodester Judging Management System v1.0 is vulnerable to SQL Injection via /php-jms/print_judges.php?print_judges.php=&se_name=&sub_event_id=.
A vulnerability was found in code-projects Online Shop Project 1.0. This issue affects some unknown processing of the file /login.php. The manipulation of the argument Password results in sql injection. The attack may be performed from remote. The exploit has been made public and could be used.
An SQL Injection vulnerability exists in Sourcecodester Employee and Visitor Gate Pass Logging System 1.0 via the username parameter.
Prestashop posstaticfooter <= 1.0.0 is vulnerable to SQL Injection via posstaticfooter::getPosCurrentHook().
Projectworlds online-shopping-webvsite-in-php 1.0 suffers from a SQL Injection vulnerability via the "id" parameter in cart_add.php, No login is required.
SQL Injection vulnerability in oretnom23 Judging Management System v1.0, allows remote attackers to execute arbitrary code and obtain sensitive information via sub_event_id parameter in sub_event_details_edit.php.
Nettmp NNT 5.1 is affected by a SQL injection vulnerability. An attacker can bypass authentication and access the panel with an administrative account.
An SQL Injection vulnerability exists in Sourcecodester Simple Music Clour Community System 1.0 via the email parameter in /music/ajax.php.
SQL injection bypass authentication vulnerability in PHPGURUKUL Employee Record Management System 1.2 via index.php. An attacker can log in as an admin account of this system and can destroy, change or manipulate all sensitive information on the system.
Online Shopping Portal v3.1 was discovered to contain multiple time-based SQL injection vulnerabilities via the email and contactno parameters.
A vulnerability was detected in itsourcecode Student Management System 1.0. This impacts an unknown function of the file /newcurriculm.php. Performing manipulation of the argument ID results in sql injection. The attack can be initiated remotely. The exploit is now public and may be used.
A vulnerability was found in Campcodes Supplier Management System 1.0. This affects an unknown part of the file /manufacturer/confirm_order.php. Performing a manipulation of the argument ID results in sql injection. The attack can be initiated remotely. The exploit has been made public and could be used.
A weakness has been identified in code-projects Responsive Hotel Site 1.0. Impacted is an unknown function of the file /admin/reservation.php. This manipulation of the argument email causes sql injection. The attack can be initiated remotely. The exploit has been made available to the public and could be exploited.
Unauthenticated SQL Injection (SQLi) vulnerability discovered in [GWA] AutoResponder WordPress plugin (versions <= 2.3), vulnerable at (&listid). No patched version available, plugin closed.
A vulnerability was found in itsourcecode Web-Based Internet Laboratory Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /subject/controller.php. The manipulation results in sql injection. It is possible to launch the attack remotely. The exploit has been made public and could be used.
There is an upload sql injection vulnerability in the background of taocms 3.0.2 in parameter id:action=cms&ctrl=update&id=26
An SQL Injection vulnerability exists in Sourcecodester Online Railway Reservation Sysytem 1.0 via the sid parameter.
A vulnerability has been found in itsourcecode Web-Based Internet Laboratory Management System 1.0. Affected is an unknown function of the file /settings/controller.php. The manipulation leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
SQL Injection vulnerability in oretnom23 Judging Management System v1.0, allows remote attackers to execute arbitrary code and obtain sensitive information via sub_event_id parameter in sub_event_stat_update.php.
Judging Management System v1.0 by oretnom23 was discovered to vulnerable to SQL injection via /php-jms/review_result.php?mainevent_id=, mainevent_id.
A vulnerability was determined in itsourcecode Inventory Management System 1.0. This affects an unknown function of the file /admin/login.php. Executing manipulation of the argument user_email can lead to sql injection. It is possible to launch the attack remotely. The exploit has been publicly disclosed and may be utilized.
SQL injection vulnerability found in Judging Management System v.1.0 allows a remote attacker to execute arbitrary code via the crit_id parameter of the edit_criteria.php file.
SourceCodester Online Pizza Ordering System v1.0 is vulnerable to SQL Injection via the QTY parameter.
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Drupal Drupal core allows SQL Injection. This issue affects Drupal core: from 8.9.0 before 10.4.10, from 10.5.0 before 10.5.10, from 10.6.0 before 10.6.9, from 11.0.0 before 11.1.10, from 11.2.0 before 11.2.12, from 11.3.0 before 11.3.10.
PrestaShop jmspagebuilder 3.x is vulnerable to SQL Injection via ajax_jmspagebuilder.php.
Online Magazine Management System 1.0 contains a SQL injection authentication bypass vulnerability. The Admin panel authentication can be bypassed due to SQL injection vulnerability in the login form allowing attacker to gain access as admin to the application.
An SQL Injection vulnerabiity exists in Sourcecodester Logistic Hub Parcel's Management System 1.0 via the username parameter in login.php.
Projectworlds Hospital Management System v1.0 is vulnerable to SQL injection via the appointment_no parameter in payment.php.
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Lisa Software Florist Site allows SQL Injection. This issue affects Florist Site: before 3.0.
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in MedData HBYS allows SQL Injection.This issue affects HBYS: from unspecified before 1.1.
A vulnerability was detected in SourceCodester Best House Rental Management System 1.0. Affected by this vulnerability is the function save_category of the file /admin_class.php. Performing manipulation of the argument Name results in sql injection. The attack can be initiated remotely. The exploit is now public and may be used.
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in biztechc Copy or Move Comments allows SQL Injection.This issue affects Copy or Move Comments: from n/a through 5.0.4.
An SQL Injection vulnerability exists in Webtareas 2.4p3 and earlier via the $uq HTTP POST parameter in editapprovalstage.php.
An SQL Injection vulnerability exists in Courcecodester COVID 19 Testing Management System (CTMS) 1.0 via the (1) username and (2) contactno parameters.
A vulnerability was found in ITRS Group monitor-ninja up to 2021.11.1. It has been rated as critical. Affected by this issue is some unknown functionality of the file modules/reports/models/scheduled_reports.php. The manipulation leads to sql injection. Upgrading to version 2021.11.30 is able to address this issue. The name of the patch is 6da9080faec9bca1ca5342386c0421dca0a6c0cc. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-230084.
An SQL Injection vulnerability exists in code-projects Pharmacy Management 1.0 via the username parameter in the administer login form.
Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Security Management functionality in Synology DiskStation Manager (DSM) before 7.0.1-42218-2 allows remote attackers to inject SQL commands via unspecified vectors.
EGavilan Media User-Registration-and-Login-System-With-Admin-Panel 1.0 is vulnerable to SQL Injection via profile_action - update_user. This allows a remote attacker to compromise Application SQL database.
PrestaShop/paypal is an open source module for the PrestaShop web commerce ecosystem which provides paypal payment support. A SQL injection vulnerability found in the PrestaShop paypal module from release from 3.12.0 to and including 3.16.3 allow a remote attacker to gain privileges, modify data, and potentially affect system availability. The cause of this issue is that SQL queries were being constructed with user input which had not been properly filtered. Only deployments on PrestaShop 1.6 are affected. Users are advised to upgrade to module version 3.16.4. There are no known workarounds for this vulnerability.
pagekit all versions, as of 15-10-2021, is vulnerable to SQL Injection via Comment listing.
An unauthenticated SQL Injection vulnerability exists in RosarioSIS before 7.6.1 via the votes parameter in ProgramFunctions/PortalPollsNotes.fnc.php.
Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Log Management functionality in Synology DiskStation Manager (DSM) before 7.0.1-42218-2 allows remote attackers to inject SQL commands via unspecified vectors.
CmsWing 1.3.7 is affected by a SQLi vulnerability via parameter: behavior rule.
Multiple SQL Injection vulnerabilities exist in bloofoxCMS 0.5.2.1 - 0.5.1 via the (1) URLs, (2) lang_id, (3) tmpl_id, (4) mod_rewrite (5) eta_doctype. (6) meta_charset, (7) default_group, and (8) page group parameters in the settings mode in admin/index.php.