A vulnerability was found in ponaravindb Hospital Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /func3.php. The manipulation of the argument username1 leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
The Fontsy WordPress plugin through 1.8.6 does not properly sanitize and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection.
A vulnerability was found in code-projects Online Shoe Store 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/admin_running.php. The manipulation of the argument qty leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
A vulnerability was found in code-projects Simple Online Hotel Reservation System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/confirm_reserve.php. The manipulation of the argument transaction_id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
A vulnerability classified as critical has been found in code-projects Online Shoe Store 1.0. This affects an unknown part of the file /admin/confirm.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
A vulnerability has been found in code-projects Online Shoe Store 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /contactus1.php. The manipulation of the argument Message leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
An SQL injection vulnerability has been reported to affect several QNAP operating system versions. The remote attackers can then exploit the vulnerability to execute unauthorized code or commands. We have already fixed the vulnerability in the following versions: QTS 5.2.7.3297 build 20251024 and later QuTS hero h5.2.7.3297 build 20251024 and later QuTS hero h5.3.1.3292 build 20251024 and later
The simple-login-log plugin before 1.1.2 for WordPress has SQL injection.
Car-Booking-System-PHP v.1.0 is vulnerable to SQL Injection in /carlux/contact.php.
A vulnerability was found in code-projects Hostel Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /contact_manager.php. The manipulation of the argument student_roll_no leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
A vulnerability was found in code-projects Hostel Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /empty_rooms.php. The manipulation of the argument search_box leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
A vulnerability classified as critical has been found in Brilliance Golden Link Secondary System up to 20250609. This affects an unknown part of the file /storagework/custTakeInfoPage.htm. The manipulation of the argument custTradeName leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
A vulnerability, which was classified as critical, was found in Campcodes Sales and Inventory System 1.0. This affects an unknown part of the file /pages/account_add.php. The manipulation of the argument id/amount leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
A vulnerability was found in code-projects Online Shoe Store 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /cart.php. The manipulation of the argument qty[] leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
NASA AIT-Core v2.5.2 was discovered to contain multiple SQL injection vulnerabilities via the query_packets and insert functions.
A vulnerability was found in code-projects Hostel Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /contact.php. The manipulation of the argument hostel_name leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
A vulnerability was found in zhilink 智互联(深圳)科技有限公司 ADP Application Developer Platform 应用开发者平台 1.0.0. It has been rated as critical. This issue affects some unknown processing of the file /adpweb/a/base/barcodeDetail/. The manipulation of the argument barcodeNo/barcode/itemNo leads to sql injection. The attack may be initiated remotely. The vendor was contacted early about this disclosure but did not respond in any way.
A vulnerability was found in code-projects Online Shoe Store 1.0. It has been rated as critical. This issue affects some unknown processing of the file /function/edit_customer.php. The manipulation of the argument firstname leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.
Apartment Visitor Management System v1.0 is vulnerable to SQL Injection via /avms/index.php.
Car-Booking-System-PHP v.1.0 is vulnerable to SQL Injection in /carlux/sign-in.php.
A vulnerability was found in PHPGurukul Pre-School Enrollment System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /visit.php. The manipulation of the argument gname leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
A vulnerability, which was classified as critical, has been found in PHPGurukul Emergency Ambulance Hiring Portal 1.0. Affected by this issue is some unknown functionality of the file /index.php. The manipulation of the argument Message leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.
J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the findPage function in SysMsgPushMapper.xml.
WeGIA is an open source web manager with a focus on charitable institutions. Versions 3.4.12 and below contain an SQL Injection vulnerability which was identified in the /pet/profile_pet.php endpoint, specifically in the id_pet parameter. This vulnerability allows attackers to execute arbitrary SQL commands, compromising the confidentiality, integrity, and availability of the database. This issue is fixed in version 3.5.0.
DELL EMC Avamar Server, versions 19.1, 19.2, 19.3, contain a SQL Injection Vulnerability in Fitness Analyzer. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the execution of certain SQL commands on the application's backend database, causing unauthorized read and write access to application data. Exploitation may lead to leakage or deletion of sensitive backup data; hence the severity is Critical. Dell EMC recommends customers to upgrade at the earliest opportunity.
A SQL Injection Vulnerability in CentralSquare Community Development 19.5.7 allows attackers to inject SQL via the permit_no field.
SQL Injection is present on the hfInventoryDistFormID parameter in the /PSP/appNET/Store/CartV12.aspx/GetUnitPrice endpoint in edu Business Solutions Print Shop Pro WebDesk version 18.34 (fixed in 19.69). Unsanitized user input is incorporated directly into SQL queries without proper parameterization or escaping. This vulnerability allows remote attackers to execute arbitrary SQL commands
SQL injection vulnerability in the module "Complete for Create a Quote in Frontend + Backend Pro" (askforaquotemodul) <= 1.0.51 from Buy Addons for PrestaShop allows attackers to view sensitive information and cause other impacts via methods `AskforaquotemodulcustomernewquoteModuleFrontController::run()`, `AskforaquotemoduladdproductnewquoteModuleFrontController::run()`, `AskforaquotemodulCouponcodeModuleFrontController::run()`, `AskforaquotemodulgetshippingcostModuleFrontController::run()`, `AskforaquotemodulgetstateModuleFrontController::run().`
SQL Injection vulnerability exists in Bhabishya-123 E-commerce 1.0, specifically within the signup.inc.php endpoint. The application directly incorporates unsanitized user inputs into SQL queries, allowing unauthenticated attackers to bypass authentication and gain full access.
WeBid 1.1.2 is vulnerable to SQL Injection via admin/tax.php.
Improper Input Validation vulnerability in OTRS AG OTRS, OTRS AG ((OTRS)) Community Edition allows SQL Injection via TicketSearch Webservice This issue affects OTRS: from 7.0.1 before 7.0.40 Patch 1, from 8.0.1 before 8.0.28 Patch 1; ((OTRS)) Community Edition: from 6.0.1 through 6.0.34.
A vulnerability classified as critical was found in code-projects Hostel Management System 1.0. This vulnerability affects unknown code of the file /allocate_room.php. The manipulation of the argument search_box leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
A vulnerability has been found in code-projects Restaurant Order System 1.0 and classified as critical. This vulnerability affects unknown code of the file /payment.php. The manipulation of the argument tabidNoti leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
A vulnerability has been discovered in Diño Physics School Assistant version 2.3. The vulnerability impacts an unidentified code within the file /admin/?page=borrow/view_borrow. Manipulating the argument id can result in SQL injection.
J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the findPage function in SysTenantMapper.xml.
A vulnerability was found in code-projects Simple Online Hotel Reservation System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/checkout_query.php. The manipulation of the argument transaction_id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
A SQL injection vulnerability in /view/emarks_range_grade_update_form.php in Campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the conversation_id parameter.
A vulnerability has been discovered in Diño Physics School Assistant version 2.3. The vulnerability impacts an unidentified code within the file /admin/category/view_category.php. Manipulating the argument id can result in SQL injection.
A vulnerability was found in code-projects School Fees Payment System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /student.php. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
MTab Bookmark v1.9.5 has an SQL injection vulnerability in /LinkStore/getIcon. An attacker can execute arbitrary SQL statements through this vulnerability without requiring any user rights.
In the module RSI PDF/HTML catalog evolution (prestapdf) <= 7.0.0 from RSI for PrestaShop, a guest can perform SQL injection via `PrestaPDFProductListModuleFrontController::queryDb().'
DzzOffice v2.3.7 and before is vulnerable to SQL Injection in explorer/groupmanage.
A vulnerability has been discovered in Diño Physics School Assistant version 2.3. The vulnerability impacts an unidentified code within the file /classes/Master.php?f=delete_category. Manipulating the argument id can result in SQL injection.
A SQL injection vulnerability in /hrm/user/ in SourceCodester Human Resource Management System 1.0 allows attackers to execute arbitrary SQL commands via the password parameter.
The Business Directory Plugin – Easy Listing Directories for WordPress plugin for WordPress is vulnerable to time-based SQL Injection via the ‘listingfields’ parameter in all versions up to, and including, 6.4.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following 'Users in '/report/printlogs.php' parameter.
A SQL injection vulnerability in /model/get_teacher.php in campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the id parameter.
A vulnerability has been found in code-projects Online Hotel Reservation System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/execedituser.php. The manipulation of the argument userid leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
A vulnerability was found in code-projects Simple Online Hotel Reservation System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/add_room.php. The manipulation of the argument room_type leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
A vulnerability was found in SourceCodester Online Courseware 1.0. It has been classified as critical. This affects an unknown part of the file admin/deactivatestud.php. The manipulation of the argument selector leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-259593 was assigned to this vulnerability.