Multiple SQL injection vulnerabilities in Abarcar Realty Portal allow remote attackers to execute arbitrary SQL commands via the (1) neid parameter to newsdetails.php, or the (2) slid parameter to slistl.php. NOTE: the cat vector is already covered by CVE-2006-2853. NOTE: the vendor has notified CVE that the current version only creates static pages, and that slistl.php/slid never existed in any version
SQL injection vulnerability in editpoll.php in Powie's PHP Forum (pForum) 1.29a and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via /admin/pagerole.php&action=display&value=1&roleid=.
A security vulnerability has been detected in Campcodes Online Learning Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/edit_subject.php. The manipulation of the argument subject_code leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be used.
A vulnerability was detected in code-projects E-Commerce Website 1.0. Affected by this vulnerability is an unknown functionality of the file /pages/admin_account_delete.php. Performing manipulation of the argument user_id results in sql injection. It is possible to initiate the attack remotely. The exploit is now public and may be used.
Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via /admin/posts.php&find=.
An SQL Injection vulnerability exists in Sourcecodester Attendance and Payroll System v1.0 which allows a remote attacker to bypass authentication via unsanitized login parameters.
A vulnerability was determined in Campcodes Grocery Sales and Inventory System 1.0. This affects an unknown function of the file /ajax.php?action=save_supplier. Executing manipulation of the argument ID can lead to sql injection. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized.
An unauthenticated SQL Injection vulnerability exists in RosarioSIS before 7.6.1 via the votes parameter in ProgramFunctions/PortalPollsNotes.fnc.php.
A vulnerability has been found in SourceCodester Pet Grooming Management Software 1.0. Affected by this issue is some unknown functionality of the file /admin/print_inv.php. Such manipulation of the argument ID leads to sql injection. The attack can be executed remotely. The exploit has been disclosed to the public and may be used.
A vulnerability was found in Wavlink WL-WN578W2 221110. The impacted element is the function sub_409184 of the file /wizard_rep.shtml. The manipulation of the argument sel_EncrypTyp results in command injection. The attack may be performed from remote. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
A weakness has been identified in Campcodes Online Learning Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/add_subject.php. Executing manipulation of the argument subject_code can lead to sql injection. The attack may be performed from remote. The exploit has been made available to the public and could be exploited.
A security flaw has been discovered in Campcodes Online Job Finder System 1.0. This issue affects some unknown processing of the file /advancesearch.php. Performing manipulation of the argument Username results in sql injection. The attack is possible to be carried out remotely. The exploit has been released to the public and may be exploited.
A vulnerability has been found in PHPGurukul Beauty Parlour Management System 1.1. This affects an unknown function of the file /admin/view-enquiry.php. The manipulation of the argument viewid leads to sql injection. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used.
EMC AppSync (all versions prior to 3.5) contains a SQL injection vulnerability that could potentially be exploited by malicious users to compromise the affected system.
A vulnerability was detected in SourceCodester Online Hotel Reservation System 1.0. Affected is an unknown function of the file /admin/updateaddress.php. The manipulation of the argument address results in sql injection. The attack may be launched remotely. The exploit is now public and may be used.
PHPGurukul Dairy Farm Shop Management System 1.0 is vulnerable to SQL injection, as demonstrated by the username parameter in index.php, the category and CategoryCode parameters in add-category.php, the CompanyName parameter in add-company.php, and the ProductName and ProductPrice parameters in add-product.php.
Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via /admin/uesrs.php&action=type&userrole=User&userid=.
Multiple SQL injection vulnerabilities in Sharetronix 3.1.1 allow remote attackers to execute arbitrary SQL commands via the (1) fb_user_id or (2) tw_user_id parameter to signup.
The seminars (aka Seminar Manager) extension through 4.1.3 for TYPO3 allows SQL Injection.
A vulnerability classified as critical has been found in SourceCodester Gym Management System. This affects an unknown part of the file login.php. The manipulation of the argument user_email leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-206451.
Simple Bus Ticket Booking System v1.0 was discovered to contain multiple SQL injection vulnerbilities via the username and password parameters at /assets/partials/_handleLogin.php.
A vulnerability was identified in Campcodes Online Learning Management System 1.0. This impacts an unknown function of the file /admin/edit_class.php. Such manipulation of the argument class_name leads to sql injection. The attack can be executed remotely. The exploit is publicly available and might be used.
Multiple SQL injection vulnerabilities in the administration interface in ASKIA askiaweb allow remote attackers to execute arbitrary SQL commands via (1) the nHistoryId parameter to WebProd/pages/pgHistory.asp or (2) the OrderBy parameter to WebProd/pages/pgadmin.asp.
Dolibarr ERP/CRM 4.0.4 has SQL Injection in doli/theme/eldy/style.css.php via the lang parameter.
A vulnerability has been found in SourceCodester Online Exam Form Submission 1.0. Affected is an unknown function of the file /admin/index.php. Such manipulation of the argument email leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
There is an upload sql injection vulnerability in the background of taocms 3.0.2 in parameter id:action=cms&ctrl=update&id=26
Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via /admin/siteoptions.php&social=remove&sid=2.
Multiple SQL injection vulnerabilities in Gespage before 7.4.9 allow remote attackers to execute arbitrary SQL commands via the (1) show_prn parameter to webapp/users/prnow.jsp or show_month parameter to (2) webapp/users/blhistory.jsp or (3) webapp/users/prhistory.jsp.
An Incorrect Access Control vulnerability exists in CoreNLP 4.3.2 via the classifier in NERServlet.java (lines 158 and 159).
Simple Real Estate Portal System v1.0 was discovered to contain a SQL injection vulnerability via /reps/admin/?page=agents/manage_agent.
A vulnerability was identified in Campcodes Grocery Sales and Inventory System 1.0. This impacts an unknown function of the file /ajax.php?action=delete_supplier. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit is publicly available and might be used.
SQL injection vulnerability in appRain CMF 3.0.2 and earlier allows remote attackers to execute arbitrary SQL commands via the PATH_INFO to blog-by-cat/.
Red Planet Laundry Management System 1.0 is vulnerable to SQL Injection.
Sourcecodester Covid-19 Directory on Vaccination System1.0 is vulnerable to SQL Injection via the admin/login.php txtusername (aka Username) field.
A vulnerability was identified in code-projects Hostel Management System 1.0. Impacted is an unknown function of the file /justines/admin/mod_roomtype/index.php?view=view. Such manipulation of the argument ID leads to sql injection. The attack may be launched remotely. The exploit is publicly available and might be used.
NETGEAR ProSafe SSL VPN firmware FVS336Gv2 and FVS336Gv3 was discovered to contain a SQL injection vulnerability via USERDBDomains.Domainname at cgi-bin/platform.cgi.
Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via /admin/siteoptions.php&action=displaygoal&value=1&roleid=1.
A vulnerability was detected in Campcodes Grocery Sales and Inventory System 1.0. This affects an unknown part of the file /manage_user.php. The manipulation of the argument ID results in sql injection. It is possible to launch the attack remotely. The exploit is now public and may be used.
SQL Injection vulnerability exists in TuziCMS v2.0.6 via the id parameter in App\Manage\Controller\DownloadController.class.php.
mingyuefusu Library Management System all versions as of 03-27-2022 is vulnerable to SQL Injection.
Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via /admin/uesrs.php&action=display&value=Show&userid=.
Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via /admin/uesrs.php&action=type&userrole=Admin&userid=3.
An SQL Injection vulnerability exists in code-projects Pharmacy Management 1.0 via the username parameter in the administer login form.
SQL injection vulnerability in blog/edit.php in Moodle 1.6.1 and earlier allows remote attackers to execute arbitrary SQL commands via the format parameter as stored in the $blogEntry variable, which is not properly handled by the insert_record function, which calls _adodb_column_sql in the adodb layer (lib/adodb/adodb-lib.inc.php), which does not convert the data type to an int.
LayerBB 1.1.1 and 1.1.3 has SQL Injection via the search.php search_query parameter.
Unauthenticated SQL Injection (SQLi) vulnerability discovered in [GWA] AutoResponder WordPress plugin (versions <= 2.3), vulnerable at (&listid). No patched version available, plugin closed.
A SQL injection vulnerability exists in Sourcecodester Fantastic Blog CMS 1.0 . An attacker can inject query in "/fantasticblog/single.php" via the "id=5" parameters.
EmpireCMS 7.5 has a SQL injection vulnerability in AdClass.php
MyBatis PageHelper v1.x.x-v3.7.0 v4.0.0-v5.0.0,v5.1.0-v5.3.0 was discovered to contain a time-blind SQL injection vulnerability via the orderBy parameter.