Emlog version pro2.1.14 was discovered to contain a SQL injection vulnerability via the uid parameter at /admin/media.php.
SQL injection vulnerability in Novel-Plus v.4.1.0 allows a remote attacker to execute arbitrary code via a crafted script to the sort parameter in /sys/menu/list.
CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/user/level_del.
CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/vod/admin/topic/del.
CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/singer/admin/singer/hy.
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in AF themes WP Post Author allows SQL Injection.This issue affects WP Post Author: from n/a through 3.8.2.
Air Cargo Management System 1.0 is vulnerable to SQL Injection via /acms/admin/cargo_types/manage_cargo_type.php?id=.
Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/?p=products&c=.
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Themesgrove Onepage Builder allows SQL Injection.This issue affects Onepage Builder: from n/a through 2.4.1.
In WS_FTP Server versions prior to 8.7.4 and 8.8.2, a SQL injection vulnerability exists in the WS_FTP Server manager interface. An attacker may be able to infer information about the structure and contents of the database and execute SQL statements that alter or delete database elements.
Covid-19 Travel Pass Management System v1.0 is vulnerable to SQL Injection via /ctpms/admin/?page=applications/view_application&id=.
Blind SQL injection in a service running in Snow Software license manager from version 8.0.0 up to and including 9.30.1 on Windows allows a logged in user with high privileges to inject SQL commands via the web portal.
Covid-19 Travel Pass Management System v1.0 is vulnerable to SQL Injection via /ctpms/admin/applications/update_status.php?id=.
Sourcecodester Simple Social Networking Site v1.0 is vulnerable to SQL Injection via /sns/admin/?page=user/manage_user&id=.
Air Cargo Management System 1.0 is vulnerable to SQL Injection via /acms/classes/Master.php?f=delete_cargo.
An issue was discovered in Centreon centreon-web 24.10.x before 24.10.3, 24.04.x before 24.04.9, 23.10.x before 23.10.19, 23.04.x before 23.04.24. A user with high privileges is able to inject SQL into the form used to create virtual metrics.
Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/admin/orders/view_order.php?view=user&id=.
Air Cargo Management System 1.0 is vulnerable to SQL Injection via /acms/admin/cargo_types/view_cargo_type.php?id=.
CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the id parameter at /admin.php/pic/admin/lists/zhuan.
CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the id parameter at /admin.php/news/admin/news/save.
SQL Injection in GitHub repository pimcore/pimcore prior to 10.6.4.
CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the id parameter at /admin.php/news/admin/topic/save.
Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/admin/?page=maintenance/manage_category&id=.
CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/singer/admin/singer/del.
Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/admin/?page=product/manage_product&id=.
CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the id parameter at /admin.php/pic/admin/lists/zhuan.
A SQL Injection vulnerability detected in Food Ordering System v1.0 allows attackers to run commands on the database by sending crafted SQL queries to the ID parameter.
Air Cargo Management System 1.0 is vulnerable to SQL Injection via /acms/admin/?page=transactions/manage_transaction&id=.
Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/admin/?page=maintenance/manage_sub_category&id=.
Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/admin/?page=inventory/manage_inventory&id=.
CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/Label/js_del.
College Management System v1.0 is vulnerable to SQL Injection via /College_Management_System/admin/display-teacher.php?teacher_id=.
CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the id parameter at /admin.php/pic/admin/type/del.
CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/pic/admin/type/save.
Covid-19 Travel Pass Management System v1.0 is vulnerable to SQL Injection via /ctpms/admin/?page=individuals/view_individual&id=.
SQL Injection in GitHub repository pimcore/pimcore prior to 10.5.24.
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Groundhogg Inc. Groundhogg allows SQL Injection.This issue affects Groundhogg: from n/a through 2.7.11.
The tagDiv Opt-In Builder plugin is vulnerable to Blind SQL Injection via the 'subscriptionCouponId' parameter via the 'create_stripe_subscription' REST API endpoint in versions up to, and including, 1.4.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with administrator-level privileges to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
A vulnerability has been found in IBOS OA 4.5.5 and classified as critical. This vulnerability affects the function actionExport of the file ?r=recruit/interview/export&interviews=x of the component Interview Management Export. The manipulation of the argument interviews leads to sql injection. The exploit has been disclosed to the public and may be used. VDB-232546 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Online Nurse Hiring System v1.0 was discovered to contain a SQL injection vulnerability in the component /admin/profile.php via the fullname parameter.
Sourcecodester Faculty Evaluation System v1.0 is vulnerable to SQL Injection via /eval/admin/manage_task.php?id=.
KASHIPARA E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_subject.php.
A vulnerability was found in PHPGurukul Zoo Management System 2.1. It has been rated as critical. This issue affects some unknown processing of the file /admin/normal-bwdates-reports-details.php. The manipulation of the argument fromdate leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-266273 was assigned to this vulnerability.
Kashipara E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_student.php.
SQL injection vulnerability found in Online Travel Agency System v.1.0 allows a remote attacker to execute arbitrary code via the id parameter at daily_expenditure_edit.php.
Sourcecodester Faculty Evaluation System v1.0 is vulnerable to SQL Injection via /eval/admin/view_faculty.php?id=.
A SQL Injection was found in /admin/edit_user.php of kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the firstname, lastname, and username parameters.
An issue was discovered in Veritas InfoScale Operations Manager (VIOM) before 7.4.2.800 and 8.x before 8.0.410. The InfoScale VIOM web application is vulnerable to SQL Injection in some of the areas of the application. This allows attackers (who must have admin credentials) to submit arbitrary SQL commands on the back-end database to create, read, update, or delete any sensitive data stored in the database.
SQL injection vulnerability found in Online Travel Agency System v.1.0 allows a remote attacker to execute arbitrary code via the emp_id parameter at employee_detail.php.
Sql injection vulnerability found in Rail Pass Management System v.1.0 allows a remote attacker to execute arbitrary code via the viewid parameter of the view-pass-detail.php file.