A vulnerability was determined in Campcodes Online Learning Management System 1.0. This vulnerability affects unknown code of the file /admin/save_student.php. Executing manipulation of the argument class_id can lead to sql injection. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized.
A security flaw has been discovered in SourceCodester Wedding Reservation Management System 1.0. This vulnerability affects unknown code of the file /global.php. The manipulation of the argument User results in sql injection. The attack may be launched remotely. The exploit has been released to the public and may be exploited.
A vulnerability was identified in code-projects Simple Food Ordering System 1.0. Impacted is an unknown function of the file /product.php. Such manipulation of the argument Category leads to sql injection. The attack can be launched remotely. The exploit is publicly available and might be used.
An SQL Injection vulnerability exists in the ID parameter in Online TV Database 2011.
A security vulnerability has been detected in code-projects E-Banking System 1.0. This affects an unknown function of the file /register.php of the component POST Parameter Handler. The manipulation of the argument username/password leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be used.
A Blind SQL injection vulnerability exists in the /DataHandler/Handler_CFG.ashx endpoint of Delta Electronics DIAEnergie Version 1.7.5 and prior. The application does not properly validate the user-controlled value supplied through the parameter keyword before using it as part of an SQL query. A remote, unauthenticated attacker can exploit this issue to execute arbitrary code in the context of NT SERVICE\MSSQLSERVER.
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Farktor Software E-Commerce Services Inc. E-Commerce Package allows Blind SQL Injection.This issue affects E-Commerce Package: through 27112025.
A vulnerability was detected in Campcodes Computer Sales and Inventory System 1.0. This vulnerability affects unknown code of the file /pages/sup_edit1.php. Performing manipulation of the argument ID results in sql injection. Remote exploitation of the attack is possible. The exploit is now public and may be used.
A vulnerability, which was classified as critical, was found in SourceCodester Lot Reservation Management System 1.0. Affected is an unknown function of the file /home.php. The manipulation of the argument type leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-272802 is the identifier assigned to this vulnerability.
Online Matrimonial Project v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'id' parameter of the partner_preference.php resource does not validate the characters received and they are sent unfiltered to the database.
A vulnerability has been found in code-projects Hostel Management System 1.0. This impacts an unknown function of the file /justines/admin/mod_amenities/index.php?view=view. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
A security flaw has been discovered in Campcodes Online Apartment Visitor Management System 1.0. Affected is an unknown function of the file /visitor-detail.php. The manipulation of the argument editid results in sql injection. The attack can be executed remotely. The exploit has been released to the public and may be used for attacks.
A weakness has been identified in itsourcecode Student Transcript Processing System 1.0. Affected is an unknown function of the file /login.php. Executing a manipulation of the argument uname can lead to sql injection. It is possible to launch the attack remotely. The exploit has been made available to the public and could be used for attacks.
A vulnerability was identified in Campcodes Online Apartment Visitor Management System 1.0. Impacted is an unknown function of the file /search-visitor.php. The manipulation of the argument searchdata leads to sql injection. The attack may be initiated remotely. The exploit is publicly available and might be used.
A vulnerability was determined in kidaze CourseSelectionSystem up to 42cd892b40a18d50bd4ed1905fa89f939173a464. This impacts an unknown function of the file /Profilers/PriProfile/COUNT3s4.php. Executing manipulation of the argument cbranch can lead to sql injection. It is possible to launch the attack remotely. The exploit has been publicly disclosed and may be utilized. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available.
A flaw has been found in code-projects Project Monitoring System 1.0. The impacted element is an unknown function of the file /login.php. This manipulation of the argument username/password causes sql injection. The attack may be initiated remotely. The exploit has been published and may be used.
A vulnerability was identified in CodeAstro Student Grading System 1.0. This issue affects some unknown processing of the file /adminLogin.php. Such manipulation of the argument staffId leads to sql injection. The attack may be performed from remote. The exploit is publicly available and might be used.
A vulnerability was found in code-projects E-Commerce Website 1.0. Impacted is an unknown function of the file /pages/user_index_search.php. Performing manipulation of the argument Search results in sql injection. The attack is possible to be carried out remotely. The exploit has been made public and could be used.
A weakness has been identified in Campcodes Online Apartment Visitor Management System 1.0. This impacts an unknown function of the file /forgot-password.php. This manipulation of the argument email causes sql injection. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be used for attacks.
A weakness has been identified in Campcodes Online Learning Management System 1.0. This vulnerability affects unknown code of the file /admin/admin_user.php. Executing manipulation of the argument firstname can lead to sql injection. The attack may be launched remotely. The exploit has been made available to the public and could be exploited.
The TYPO3 Core wec_discussion extension before 2.1.1 is vulnerable to SQL Injection due to improper sanitation of user-supplied input.
A SQL injection vulnerability in the pandora_console component of Artica Pandora FMS 742 allows an unauthenticated attacker to upgrade his unprivileged session via the /include/chart_generator.php session_id parameter, leading to a login bypass.
A vulnerability was identified in PHPGurukul Beauty Parlour Management System 1.1. Affected by this issue is some unknown functionality of the file /admin/customer-list.php. Such manipulation of the argument delid leads to sql injection. It is possible to launch the attack remotely. The exploit is publicly available and might be used.
DuxCMS v3.1.3 was discovered to contain a SQL injection vulnerability via the component s/tools/SendTpl/index?keyword=.
A weakness has been identified in code-projects Online Course Registration 1.0. This impacts an unknown function of the file /admin/edit-course.php. Executing manipulation of the argument coursecode can lead to sql injection. The attack can be executed remotely. The exploit has been made available to the public and could be exploited.
A vulnerability was determined in projectworlds Online Ordering Food System 1.0. This issue affects some unknown processing of the file /all-orders.php. This manipulation of the argument Status causes sql injection. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized.
A flaw has been found in Reservation Online Hotel Reservation System 1.0. Affected by this vulnerability is an unknown functionality of the file /reservation/paypalpayout.php. Executing manipulation of the argument confirm can lead to sql injection. The attack may be launched remotely. The exploit has been published and may be used.
A security flaw has been discovered in PHPGurukul Beauty Parlour Management System 1.1. The affected element is an unknown function of the file /admin/search-appointment.php. The manipulation of the argument searchdata results in sql injection. It is possible to launch the attack remotely. The exploit has been released to the public and may be used for attacks.
A flaw has been found in code-projects Online Bidding System 1.0. This impacts an unknown function of the file /administrator/bidlist.php. Executing manipulation of the argument ID can lead to sql injection. The attack may be launched remotely. The exploit has been published and may be used.
A security vulnerability has been detected in Campcodes Computer Sales and Inventory System 1.0. Affected by this vulnerability is an unknown functionality of the file /pages/us_edit1.php. The manipulation of the argument ID leads to sql injection. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used.
A vulnerability was detected in Campcodes Online Learning Management System 1.0. This affects an unknown part of the file /admin/calendar_of_events.php. The manipulation of the argument date_start results in sql injection. The attack may be launched remotely. The exploit is now public and may be used.
A flaw has been found in ProjectsAndPrograms School Management System 1.0. Affected by this vulnerability is an unknown functionality of the file owner_panel/fetch-data/select-students.php. This manipulation of the argument select causes sql injection. Remote exploitation of the attack is possible. The exploit has been published and may be used.
A security flaw has been discovered in SourceCodester Farm Management System 1.0. Affected by this issue is some unknown functionality of the file /uploadProduct.php. Performing manipulation of the argument Type results in sql injection. The attack may be initiated remotely. The exploit has been released to the public and may be exploited.
A vulnerability has been found in SourceCodester Hotel and Lodge Management System 1.0. Affected is an unknown function of the file /edit_curr.php. Such manipulation of the argument currsymbol leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
A vulnerability was determined in Campcodes Online Apartment Visitor Management System 1.0. This issue affects some unknown processing of the file /index.php. Executing a manipulation of the argument Username can lead to sql injection. The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized.
A vulnerability was detected in Campcodes Grocery Sales and Inventory System 1.0. This affects an unknown part of the file /manage_user.php. The manipulation of the argument ID results in sql injection. It is possible to launch the attack remotely. The exploit is now public and may be used.
Simple Client Management System 1.0 is vulnerable to SQL Injection via /cms/admin/?page=client/view_client&id=.
S-CMS v5.0 was discovered to contain a SQL injection vulnerability via the A_bbsauth parameter at /admin/ajax.php.
A vulnerability was detected in code-projects Online Bidding System 1.0. Affected is an unknown function of the file /administrator/wew.php. Performing manipulation of the argument ID results in sql injection. The attack may be initiated remotely. The exploit is now public and may be used.
A vulnerability was detected in code-projects E-Commerce Website 1.0. Impacted is an unknown function of the file /pages/edit_order_details.php. The manipulation of the argument order_id results in sql injection. The attack may be launched remotely. The exploit is now public and may be used.
A vulnerability was determined in PHPGurukul Small CRM 4.0. This impacts an unknown function of the file /create-ticket.php. Executing manipulation of the argument subject can lead to sql injection. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized.
The plugmatter-optin-feature-box-lite plugin before 2.0.14 for WordPress has SQL injection via the wp-admin/admin-ajax.php?action=pmfb_mailchimp pmfb_tid parameter.
A vulnerability was detected in Tipray 厦门天锐科技股份有限公司 Data Leakage Prevention System 天锐数据泄露防护系统 1.0. This affects the function findModulePage of the file findModulePage.do. The manipulation of the argument sort results in sql injection. The attack can be launched remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
A vulnerability was identified in code-projects E-Commerce Website 1.0. This affects an unknown function of the file /pages/admin_account_update.php. Such manipulation of the argument user_id leads to sql injection. The attack can be launched remotely. The exploit is publicly available and might be used.
A vulnerability has been found in Campcodes Computer Sales and Inventory System 1.0. Impacted is an unknown function of the file /pages/pro_edit1.php. The manipulation of the argument prodcode leads to sql injection. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used.
A weakness has been identified in Tipray 厦门天锐科技股份有限公司 Data Leakage Prevention System 天锐数据泄露防护系统 1.0. The affected element is the function findFileServerPage of the file findFileServerPage.do. Executing manipulation of the argument sort can lead to sql injection. It is possible to launch the attack remotely. The exploit has been made available to the public and could be exploited. The vendor was contacted early about this disclosure but did not respond in any way.
A security flaw has been discovered in SourceCodester Hotel and Lodge Management System 1.0. The affected element is an unknown function of the file /login.php. Performing manipulation of the argument email results in sql injection. The attack may be initiated remotely. The exploit has been released to the public and may be exploited.
A vulnerability was identified in Campcodes Online Learning Management System 1.0. This impacts an unknown function of the file /admin/edit_class.php. Such manipulation of the argument class_name leads to sql injection. The attack can be executed remotely. The exploit is publicly available and might be used.
E-Learning System 1.0 suffers from an unauthenticated SQL injection vulnerability, which allows remote attackers to execute arbitrary code on the hosting web server and gain a reverse shell.
A weakness has been identified in PHPGurukul Beauty Parlour Management System 1.1. The impacted element is an unknown function of the file /admin/search-invoices.php. This manipulation of the argument searchdata causes sql injection. The attack can be initiated remotely. The exploit has been made available to the public and could be used for attacks.