Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Kemal YAZICI - PluginPress Shortcode IMDB allows SQL Injection.This issue affects Shortcode IMDB: from n/a through 6.0.8.
A SQL injection vulnerability in login portal in AnteeoWMS before v4.7.34 allows unauthenticated attackers to execute arbitrary SQL commands via the username parameter and disclosure of some data in the underlying DB.
SQL injection vulnerability, by which an attacker could send a specially designed query through CATEGORY parameter in /jobportal/admin/vacancy/controller.php, and retrieve all the information stored in it.
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WBW WBW Product Table PRO allows SQL Injection.This issue affects WBW Product Table PRO: from n/a through 1.9.4.
A vulnerability classified as critical has been found in Projectworlds Online Examination System 1.0. This affects an unknown part of the file /Bloodgroop_process.php. The manipulation of the argument Pat_BloodGroup1 leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
A vulnerability, which was classified as critical, has been found in SourceCodester Computer Laboratory Management System 1.0. Affected by this issue is the function delete_category of the file /classes/Master.php?f=delete_category. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
A vulnerability was found in code-projects Hospital Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file index.php of the component Login. The manipulation of the argument username leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Smackcoders SendGrid for WordPress allows SQL Injection.This issue affects SendGrid for WordPress: from n/a through 1.4.
The Media Library Folders plugin for WordPress is vulnerable to second order SQL Injection via the 'sort_type' parameter of the 'mlf_change_sort_type' AJAX action in all versions up to, and including, 8.2.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
SQL Injection in download student learning course function of Easytest Online Test Platform ver.24E01 and earlier allow remote attackers to execute arbitrary SQL commands via the uid parameter.
A vulnerability has been found in itsourcecode E-Commerce Website 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file search_list.php. The manipulation of the argument user leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
A vulnerability classified as critical has been found in itsourcecode Project Expense Monitoring System 1.0. This affects an unknown part of the file transferred_report.php. The manipulation of the argument start/end/employee leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
SQL injection vulnerability in Gescen on the centrosdigitales.net platform. This vulnerability allows an attacker to send a specially crafted SQL query to the pass parameter and retrieve all the data stored in the database.
The Business Directory Plugin – Easy Listing Directories for WordPress plugin for WordPress is vulnerable to time-based SQL Injection via the ‘listingfields’ parameter in all versions up to, and including, 6.4.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
A vulnerability was found in itsourcecode Placement Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /add_company.php. The manipulation of the argument Name leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.
SQL Injection vulnerability in Best Free Law Office Management Software-v1.0 allows an attacker to execute arbitrary code and obtain sensitive information via a crafted payload to the kortex_lite/control/register_case.php interface
A vulnerability classified as critical was found in SourceCodester Music Gallery Site 1.0. Affected by this vulnerability is an unknown functionality of the file /php-music/classes/Master.php?f=delete_music. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
SQL Injection vulnerability in oretnom23 Judging Management System v1.0, allows remote attackers to execute arbitrary code and obtain sensitive information via sub_event_id parameter in sub_event_stat_update.php.
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Oliva Expertise Oliva Expertise EKS allows SQL Injection.This issue affects Oliva Expertise EKS: before 1.2.
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in highwarden Super Store Finder allows SQL Injection.This issue affects Super Store Finder: from n/a before 6.9.8.
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Favethemes Houzez - Real Estate WordPress Theme.This issue affects Houzez - Real Estate WordPress Theme: from n/a before 2.8.3.
SQL injection vulnerability found in Maximilian Vogt companymaps (cmaps) v.8.0 allows a remote attacker to execute arbitrary code via a crafted script in the request.
Sourcecodester Judging Management System v1.0 is vulnerable to SQL Injection via /php-jms/print_judges.php?print_judges.php=&se_name=&sub_event_id=.
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Lisa Software Florist Site allows SQL Injection.This issue affects Florist Site: before 3.0.
Delta Electronics DIAEnergie is vulnerable to an SQL injection in the script AM_RegReport.aspx. An unauthenticated attacker may be able to exploit this issue to obtain records contained in the targeted product.
A vulnerability classified as critical has been found in ningzichun Student Management System 1.0. This affects an unknown part of the file login.php. The manipulation of the argument user/pass leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-230355.
SQL Injection vulnerability in todesk v.1.1 allows a remote attacker to execute arbitrary code via the /todesk.com/news.html parameter.
Sourcecodester Student Study Center Desk Management System v1.0 admin\reports\index.php#date_from has a SQL Injection vulnerability.
Sourcecodehero Event Management System1.0 is vulnerable to SQL Injection via the parameter 'username' in /event/admin/login.php.
RapidCMS v1.3.1 was discovered to contain a SQL injection vulnerability via the articleid parameter at /default/article.php.
SeaCMS v12.9 was discovered to contain a SQL injection vulnerability via the id parameter at /dmplayer/dmku/index.php?ac=del.
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Veon Computer Service Tracking Software allows SQL Injection.This issue affects Service Tracking Software: before crm 2.0.
A vulnerability was found in itsourcecode Tailoring Management System 1.0. It has been classified as critical. This affects an unknown part of the file /incedit.php?id=4. The manipulation of the argument id/inccat/desc/date/amount leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
SQL Injection vulnerability in Online Complaint Site v.1.0 allows a remote attacker to escalate privileges via the username and password parameters in the /admin.index.php component.
Shoppingfeed PrestaShop is an add-on to the PrestaShop ecommerce platform to synchronize data. The module Shoppingfeed for PrestaShop is vulnerable to SQL injection between version 1.4.0 and 1.8.2 due to a lack of input sanitization. This issue has been addressed in version 1.8.3. Users are advised to upgrade. There are no known workarounds for this issue.
SQL injection vulnerability in versions prior to 4.7.0 of Quiter Gateway by Quiter. This vulnerability allows an attacker to retrieve, create, update and delete databases through the id_concesion parameter in /<Client>FacturaE/DescargarFactura.
A vulnerability was found in itsourcecode Vehicle Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file mybill.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
A vulnerability classified as critical has been found in itsourcecode Placement Management System 1.0. Affected is an unknown function of the file /add_drive.php. The manipulation of the argument drive_title leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.
The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to time-based SQL Injection via the ‘term_id’ parameter in versions up to, and including, 4.2.6.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
Time-based blind SQL Injection vulnerability in Cloudlog v2.6.15 at the endpoint /index.php/logbookadvanced/search in the qsoresults parameter.
A vulnerability was found in code-projects Responsive Hotel Site 1.0. It has been classified as critical. Affected is an unknown function of the file index.php. The manipulation of the argument name/phone/email leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
A vulnerability classified as critical was found in SourceCodester Music Gallery Site 1.0. This vulnerability affects unknown code of the file /classes/Master.php?f=delete_category. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in highwarden Super Store Finder allows SQL Injection.This issue affects Super Store Finder: from n/a through 6.9.7.
ERP commit 44bd04 was discovered to contain a SQL injection vulnerability via the id parameter at /index.php/basedata/contact/delete?action=delete.
A vulnerability classified as critical was found in itsourcecode Project Expense Monitoring System 1.0. This vulnerability affects unknown code of the file printtransfer.php. The manipulation of the argument transfer_id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Dr.ID Access Control System from SECOM does not properly validate a specific page parameter, allowing unauthenticated remote attackers to inject SQL commands to read, modify, and delete database contents.
SQL injection in TCMAN's GIM v11. This vulnerability allows an unauthenticated attacker to inject an SQL statement to obtain, update and delete all information in the database. This vulnerability was found in each of the following parameters according to the vulnerability identifier ‘User’ parameter of the ‘ValidateUserAndGetData’ endpoint.
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Marksoft allows SQL Injection.This issue affects Marksoft: through Mobile:v.7.1.7 ; Login:1.4 ; API:20230605.
A vulnerability was found in SourceCodester Simple Online Bidding System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /simple-online-bidding-system/bidding/admin/ajax.php?action=login2. The manipulation of the argument username leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Judging Management System v1.0 by oretnom23 was discovered to vulnerable to SQL injection via /php-jms/review_result.php?mainevent_id=, mainevent_id.