A SQL injection vulnerability exists in Sourcecodester Engineers Online Portal in PHP via the id parameter to the announcements_student.php web page. As a result a malicious user can extract sensitive data from the web server and in some cases use this vulnerability in order to get a remote code execution on the remote web server.
dynamicMarkt <= 3.10 is affected by SQL injection in the parent parameter of index.php.
SQL Injection vulnerability in DedeCMS 5.7 via mdescription parameter to member/ajax_membergroup.php.
SQL Injection vulnerability in phpCMS 2007 SP6 build 0805 via the digg_mod parameter to digg_add.php.
MetInfo 7.0.0 contains a SQL injection vulnerability via admin/?n=logs&c=index&a=dodel.
The Company's Recruitment Management System in id=2 of the parameter from view_vacancy app on-page appears to be vulnerable to SQL injection. The payloads 19424269' or '1309'='1309 and 39476597' or '2917'='2923 were each submitted in the id parameter. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.
SQL Injection vulnerability in Kliqqi-CMS 2.0.2 in admin/admin_update_module_widgets.php in recordIDValue parameter, allows attackers to gain escalated privileges and execute arbitrary code.
MKCMS V6.2 has SQL injection via the /ucenter/repass.php name parameter.
MKCMS V6.2 has SQL injection via /ucenter/reg.php name parameter.
SQL Injection in ECShop 3.0 via the id parameter to admin/shophelp.php.
Sql injection vulnerability in the yccms 3.3 project. The no_top function's improper judgment of the request parameters, triggers a sql injection vulnerability.
Stivasoft (Phpjabbers) Fundraising Script v1.0 was discovered to contain a SQL injection vulnerability via the pjActionLoadForm function.
SQL Injection vulnerability in NukeViet CMS 4.0.10 - 4.3.07 via:the topicsid parameter in modules/news/admin/addtotopics.php.
SQL Injection vulnerability found in PublicCMS v.4.0 allows a remote attacker to execute arbitrary code via sql parameter of the the SysSiteAdminControl.
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Weblizar The School Management – Education & Learning Management allows SQL Injection.This issue affects The School Management – Education & Learning Management: from n/a through 4.1.
SQL Injection in 74cms 3.2.0 via the x parameter to ajax_officebuilding.php.
An issue was found in CMSWing project version 1.3.8. Because the updateAction function does not check the detail parameter, malicious parameters can execute arbitrary SQL commands.
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Online ADA Accessibility Suite by Online ADA allows SQL Injection.This issue affects Accessibility Suite by Online ADA: from n/a through 4.12.
MKCMS V6.2 has SQL injection via the /ucenter/active.php verify parameter.
SQL Injection in 74cms 3.2.0 via the x parameter to plus/ajax_street.php.
In \lib\admin\action\dataaction.class.php in Gxlcms v1.1, SQL Injection exists via the $filename parameter.
RuoYi up to v4.7.5 was discovered to contain a SQL injection vulnerability via the component /tool/gen/createTable.
A SQL injection issue in the web API in TrueConf Server 5.2.0.10225 (fixed in 5.2.6.10025) allows remote unauthenticated attackers to execute arbitrary SQL commands, ultimately leading to remote code execution.
SQL Injection vulnerability in inxedu 2.0.6 allows attackers to execute arbitrary commands via the functionIds parameter to /saverolefunction.
SQL Injection in 74cms 3.2.0 via the key parameter to plus/ajax_street.php.
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Tips and Tricks HQ, Peter Petreski Simple Photo Gallery simple-photo-gallery allows SQL Injection.This issue affects Simple Photo Gallery: from n/a through v1.8.1.
CampCodes Supplier Management System v1.0 is vulnerable to SQL injection via Supply_Management_System/admin/view_order_items.php?id= .
SQL Injection vulnerability found in Ming-Soft MCMS v.4.7.2 allows a remote attacker to execute arbitrary code via basic_title parameter.
An SQL Injection vulnerabilty exists in the oretnom23 Pharmacy Point of Sale System 1.0 in the login function in actions.php.
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Jason Crouse, VeronaLabs Slimstat Analytics allows SQL Injection.This issue affects Slimstat Analytics: from n/a through 5.0.4.
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Group Arge Energy and Control Systems Smartpower Web allows SQL Injection.This issue affects Smartpower Web: before 23.01.01.
Accruent LLC Maintenance Connection 2021 (all) & 2022.2 was discovered to contain a SQL injection vulnerability via the E-Mail to Work Order function.
SQL Injection vulnerability found in San Luan PublicCMS v.4.0 allows a remote attacker to execute arbitrary code via the sql parameter.
A vulnerability, which was classified as critical, has been found in y_project RuoYi 4.7.5. This issue affects some unknown processing of the file com/ruoyi/generator/controller/GenController. The manipulation leads to sql injection. The name of the patch is 167970e5c4da7bb46217f576dc50622b83f32b40. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-215975.
Modsecurity owasp-modsecurity-crs 3.2.0 (Paranoia level at PL1) has a SQL injection bypass vulnerability. Attackers can use the comment characters and variable assignments in the SQL syntax to bypass Modsecurity WAF protection and implement SQL injection attacks on Web applications.
ConnectWise ManagedITSync integration through 2017 for Kaseya VSA is vulnerable to unauthenticated remote commands that allow full direct access to the Kaseya VSA database. In February 2019, attackers have actively exploited this in the wild to download and execute ransomware payloads on all endpoints managed by the VSA server. If the ManagedIT.asmx page is available via the Kaseya VSA web interface, anyone with access to the page is able to run arbitrary SQL queries, both read and write, without authentication.
SQL injection vulnerability in SeaCMS 10.1 (2020.02.08) via the id parameter in an edit action to admin_members_group.php.
SQL Injection vulnerability in LearnPress – WordPress LMS Plugin <= 4.1.7.3.2 versions.
FlameCMS 3.3.5 contains a SQL injection vulnerability in /master/article.php via the "Id" parameter.
SQL injection vulnerability found in WUZHICMS v.4.1.0 allows a remote attacker to execute arbitrary code via the checktitle() function in admin/content.php.
CSZ CMS v1.2.4 was discovered to contain an arbitrary file upload vulnerability in the component /core/MY_Security.php.
Pligg CMS 2.0.2 contains a time-based SQL injection vulnerability via the $recordIDValue parameter in the admin_update_module_widgets.php file.
OpenSNS v6.1.0 contains a blind SQL injection vulnerability in /Controller/ChinaCityController.class.php via the cid parameter.
SQL Injection vulnerability in NewPK 1.1 via the title parameter to admin\newpost.php.
An issue was found in CMSWing project version 1.3.8. Because the log function does not check the log parameter, malicious parameters can execute arbitrary commands.
FS IMDB Clone 1.0 has SQL Injection via the movie.php f parameter, tvshow.php s parameter, or show_misc_video.php id parameter.
SQL Injection vulnerability in NukeViet CMS module Shops 4.0.29 and 4.3 via the (1) listid parameter in detail.php and the (2) group_price or groupid parameters in search_result.php.
SQL Injection in ECShop 2.7.6 via the goods_number parameter to flow.php. .
SQL Injection vulnerability in function getTableCreationQuery in CreateAddField.php in phpMyAdmin 5.x before 5.2.0 via the tbl_storage_engine or tbl_collation parameters to tbl_create.php.
OpenSNS v6.1.0 contains a blind SQL injection vulnerability in /Controller/ChinaCityController.class.php via the pid parameter.