School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via the medium parameter at substaff.php.
School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via the medium parameter at dtmarks.php.
School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via the medium parameter at paidclass.php.
School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via the sid parameter at /search.php?action=2.
School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via the medium parameter at insertattendance.php.
School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via the medium parameter at attendance.php.
A vulnerability has been found in lahirudanushka School Management System 1.0.0/1.0.1 and classified as critical. Affected by this vulnerability is an unknown functionality of the file subject.php of the component Subject Page. The manipulation of the argument update leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-269491.
School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via the transport parameter at vehicle.php.
School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via the medium parameter at admininsert.php.
School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via the medium parameter at unitmarks.php.
A SQL injection vulnerability in /model/add_student_first_payment.php in campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the index parameter.
A vulnerability classified as critical has been found in Campcodes Coffee Shop POS System 1.0. Affected is an unknown function of the file /admin/user/manage_user.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-226980.
A SQL injection vulnerability in "/music/ajax.php?action=login" of Kashipara Music Management System v1.0 allows remote attackers to execute arbitrary SQL commands and bypass Login via the email parameter.
Chichen Tech CMS v1.0 was discovered to contain multiple SQL injection vulnerabilities in the file product_list.php via the id and cid parameters.
A vulnerability was found in Campcodes Online Thesis Archiving System 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/departments/view_department.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-226265 was assigned to this vulnerability.
Hotel Management System commit 91caab8 was discovered to contain a SQL injection vulnerability via the book_id parameter at admin_modify_room.php.
SQL injection vulnerability in Welcart e-Commerce prior to 2.11.2 allows an attacker who can login to the product to obtain or alter the information stored in the database.
Online Pizza Ordering System 1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/view_order.php.
The Quick Post Duplicator for WordPress is vulnerable to SQL Injection via the ‘post_id’ parameter in versions up to, and including, 2.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with contributor-level privileges to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
The WP Replicate Post plugin for WordPress is vulnerable to SQL Injection via the post_id parameter in versions up to, and including, 4.0.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for contributor-level attackers or higher to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
A vulnerability classified as critical has been found in Campcodes Online Thesis Archiving System 1.0. This affects an unknown part of the file /admin/curriculum/view_curriculum.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-226269 was assigned to this vulnerability.
A vulnerability was found in Campcodes Online Thesis Archiving System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file classes/Master.php. The manipulation of the argument name leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-226267.
Shopware is an open commerce platform. Prior to versions 6.6.5.1 and 6.5.8.13, the Shopware application API contains a search functionality which enables users to search through information stored within their Shopware instance. The searches performed by this function can be aggregated using the parameters in the `aggregations` object. The `name` field in this `aggregations` object is vulnerable SQL-injection and can be exploited using SQL parameters. Update to Shopware 6.6.5.1 or 6.5.8.13 to receive a patch. For older versions of 6.1, 6.2, 6.3, and 6.4, corresponding security measures are also available via a plugin.
Delta Electronics DIAEnergie is vulnerable to an SQL injection in the script Handler_CFG.ashx. An authenticated attacker may be able to exploit this issue to cause delay in the targeted product.
Best POS Management System 1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /kruxton/manage_user.php.
A SQL injection vulnerability in "/music/controller.php?page=view_music" in Kashipara Music Management System v1.0 allows an attacker to execute arbitrary SQL commands via the "id" parameter.
SQL injection vulnerability in the authentication module in Convivance StandVoice 4.5 through 6.2 allows remote attackers to execute arbitrary code via the GEST_LOGIN parameter.
BP Monitoring Management System v1.0 was discovered to contain a SQL injection vulnerability via the emailid parameter in the login page.
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Yontem Informatics Vehicle Tracking System allows SQL Injection. This issue affects Vehicle Tracking System: before 8.
RuoYi CMS v4.7.9 was discovered to contain a SQL injection vulnerability via the job_id parameter at /sasfs1.
A vulnerability was found in Campcodes Video Sharing Website 1.0. It has been classified as critical. This affects an unknown part of the file watch.php. The manipulation of the argument code leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-225915.
The Custom 404 Pro WordPress plugin before 3.8.1 does not properly sanitize database inputs, leading to multiple SQL Injection vulnerabilities.
SourceCodester Alumni Management System 1.0 is affected by SQL injection causing arbitrary remote code execution from GET input in view_event.php via the 'id' parameter.
Point Of Sales 1.0 allows SQL injection via the login screen, related to LoginForm1.vb.
A vulnerability has been found in SourceCodester Judging Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file edit_contestant.php. The manipulation of the argument contestant_id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-226147.
A vulnerability, which was classified as problematic, was found in Control iD RHiD 23.3.19.0. This affects an unknown part of the file /v2/customerdb/operator.svc/a of the component Edit Handler. The manipulation of the argument email leads to sql injection. It is possible to initiate the attack remotely. The identifier VDB-225921 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
A vulnerability classified as critical has been found in SourceCodester Employee and Visitor Gate Pass Logging System 1.0. Affected is an unknown function of the file /admin/maintenance/view_designation.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-226098 is the identifier assigned to this vulnerability.
A vulnerability was found in novel-plus 3.6.2. It has been rated as critical. This issue affects some unknown processing of the file /author/list?limit=10&offset=0&order=desc. The manipulation of the argument sort leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-225917 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
A vulnerability classified as critical was found in novel-plus 3.6.2. Affected by this vulnerability is an unknown functionality of the file /category/list?limit=10&offset=0&order=desc. The manipulation of the argument sort leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-225919. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. QuerySet.values() and values_list() methods on models with a JSONField are subject to SQL injection in column aliases via a crafted JSON object key as a passed *arg.
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'), CWE - 200 - Exposure of Sensitive Information to an Unauthorized Actor, CWE - 522 - Insufficiently Protected Credentials vulnerability in Magarsus Consultancy SSO (Single Sign On) allows SQL Injection. This issue affects SSO (Single Sign On): from 1.0 before 1.1.
A vulnerability, which was classified as critical, has been found in Campcodes Advanced Online Voting System 1.0. Affected by this issue is some unknown functionality of the file /admin/candidates_row.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-225938 is the identifier assigned to this vulnerability.
A vulnerability classified as critical was found in Campcodes Advanced Online Voting System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/ballot_down.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-225937 was assigned to this vulnerability.
A vulnerability was found in SourceCodester Vehicle Service Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/maintenance/manage_category.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-226103.
Projectworlds Online Examination System v1.0 is vulnerable to SQL Injection via the subject parameter in feed.php.
Hotel Management System commit 91caab8 was discovered to contain a SQL injection vulnerability via the room_type parameter at admin_room_added.php.
A vulnerability classified as critical has been found in SourceCodester Purchase Order Management System 1.0. Affected is an unknown function of the file /admin/suppliers/view_details.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-226206 is the identifier assigned to this vulnerability.
Pharmacy Management System commit a2efc8 was discovered to contain a SQL injection vulnerability via the invoice_number parameter at preview.php.
A vulnerability classified as critical has been found in Campcodes Advanced Online Voting System 1.0. Affected is an unknown function of the file /admin/positions_row.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-225936.
A vulnerability was found in Campcodes Advanced Online Voting System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/voters_row.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-225933 was assigned to this vulnerability.