Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/classes/Master.php?f=delete_vehicle.
Directory Management System v1.0 was discovered to contain a SQL injection vulnerability via the editid parameter in view-directory.php.
Multiple SQL injection vulnerabilities in Fiyo CMS 2.0.1.8 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in an edit action to dapur/index.php; (2) cat, (3) user, or (4) level parameter to dapur/apps/app_article/controller/article_list.php; or (5) email parameter in an email action or (6) username parameter in a user action to dapur/apps/app_user/controller/check_user.php.
GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. In affected versions there is a SQL injection vulnerability which is possible on login page. No user credentials are required to exploit this vulnerability. Users are advised to upgrade as soon as possible. There are no known workarounds for this issue.
Online Ordering System 1.0 by oretnom23 is vulnerable to SQL Injection via admin/vieworders.php.
Online Ordering System 2.3.2 is vulnerable to SQL Injection via /ordering/admin/stockin/loaddata.php.
Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/classes/Master.php?f=delete_booking.
elitecms 1.01 is vulnerable to SQL Injection via /admin/add_post.php.
Online Ordering System 2.3.2 is vulnerable to SQL Injection via /ordering/admin/stockin/index.php?view=edit&id=.
A vulnerability, which was classified as critical, has been found in SourceCodester Aplaya Beach Resort Online Reservation System 1.0. Affected by this issue is some unknown functionality of the file admin/mod_room/index.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-259454 is the identifier assigned to this vulnerability.
Roxy-wi is an open source web interface for managing Haproxy, Nginx, Apache and Keepalived servers. A vulnerability in Roxy-wi allows a remote, unauthenticated attacker to code execution by sending a specially crafted HTTP request to /app/options.py file. This affects Roxy-wi versions before 6.1.1.0. Users are advised to upgrade. There are no known workarounds for this issue.
A vulnerability, which was classified as critical, has been found in PHPGurukul Art Gallery Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/edit-artist-detail.php?editid=1. The manipulation of the argument Name leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Multiple SQL injection vulnerabilities in SmartCMS v.2.
SQL injection vulnerability in view.php in the Google Doc Embedder plugin before 2.5.15 for WordPress allows remote attackers to execute arbitrary SQL commands via the gpid parameter.
Online Ordering System By janobe 2.3.2 is vulneranle to SQL Injection via /ordering/index.php?q=products&id=.
SQL injection vulnerability in the CP Multi View Event Calendar plugin 1.01 for WordPress allows remote attackers to execute arbitrary SQL commands via the calid parameter.
Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/classes/Master.php?f=delete_service.
A vulnerability was found in Sourcecodehero ERP System Project. It has been rated as critical. This issue affects some unknown processing of the file /pages/processlogin.php. The manipulation of the argument user leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-207845 was assigned to this vulnerability.
An issue was discovered in PvPGN Stats 2.4.6. SQL Injection exists in ladder/stats.php via the GET game parameter.
Docebo Community Edition v4.0.5 and below was discovered to contain a SQL injection vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer
Online Ordering System v2.3.2 was discovered to contain a SQL injection vulnerability via /ordering/index.php?q=category&search=.
School Dormitory Management System 1.0 is vulnerable to SQL Injection via accounts/view_details.php:4.
SQL injection vulnerability in ss_handler.php in the WordPress Spreadsheet (wpSS) plugin 0.62 for WordPress allows remote attackers to execute arbitrary SQL commands via the ss_id parameter.
A flaw was found in moodle where an SQL injection risk was identified in Badges code relating to configuring criteria.
Simple Bus Ticket Booking System 1.0 is vulnerable to SQL Injection via /SimpleBusTicket/index.php.
GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. glpi-inventory-plugin is a plugin for GLPI to handle inventory management. In affected versions a SQL injection can be made using package deployment tasks. This issue has been resolved in version 1.0.2. Users are advised to upgrade. Users unable to upgrade should delete the `front/deploypackage.public.php` file if they are not using the `deploy tasks` feature.
Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/admin/?page=bookings/view_details&id=.
Online Ordering System By janobe 2.3.2 is vulnerable to SQL Injection via /ordering/admin/orders/loaddata.php.
Ninka before 1.3.2 might allow remote attackers to obtain sensitive information, manipulate license compliance scan results, or cause a denial of service (process hang) via a crafted filename.
elitecms v1.01 is vulnerable to SQL Injection via /admin/add_sidebar.php.
Covid-19 Travel Pass Management System v1.0 is vulnerable to SQL Injection via /ctpms/classes/Master.php?f=update_application_status
Online Discussion Forum Site 1 was discovered to contain a blind SQL injection vulnerability via the component /odfs/posts/view_post.php.
Simple Inventory System v1.0 is vulnerable to SQL Injection via /inventory/table_edit_ajax.php.
A vulnerability was found in code-projects Simple Flight Ticket Booking System 1.0. Affected by this issue is some unknown functionality of the file SearchResultRoundtrip.php. Performing a manipulation of the argument from results in sql injection. The attack may be initiated remotely. The exploit has been made public and could be used.
elitecms 1.01 is vulnerable to SQL Injection via admin/edit_sidebar.php?page=2&sidebar=
Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/classes/Master.php?f=get_vehicle_service.
Money Transfer Management System 1.0 is vulnerable to SQL Injection via /mtms/admin/?page=transaction/send&id=, id.
The oelib (aka One is Enough Library) extension through 4.1.5 for TYPO3 allows SQL Injection.
A vulnerability was found in SourceCodester AC Repair and Services System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/services/manage_service.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
SQL injection vulnerability in NewsController.php in the News module 5.3.2 and earlier for TYPO3 allows unauthenticated users to execute arbitrary SQL commands via vectors involving overwriteDemand for order and OrderByAllowed.
SQL injection vulnerability in index.php in AlstraSoft Forum Pay Per Post Exchange 2.0 allows remote attackers to execute arbitrary SQL commands via the catid parameter in a forum_catview action.
A vulnerability has been found in PHPGurukul Art Gallery Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/edit-art-type-detail.php?editid=1. The manipulation of the argument arttype leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
A vulnerability was found in PHPGurukul Art Gallery Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/add-art-product.php. The manipulation of the argument arttype leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
A security flaw has been discovered in code-projects Simple Flight Ticket Booking System 1.0. This affects an unknown function of the file /Admindelete.php. The manipulation of the argument flightno results in sql injection. The attack may be performed from remote. The exploit has been released to the public and may be used for attacks.
SQL injection vulnerability in Php/Functions/log_function.php in phpTrafficA 2.3 and earlier allows remote attackers to execute arbitrary SQL commands via a User-Agent HTTP header.
Online Sports Complex Booking System 1.0 is vulnerable to SQL Injection via \scbs\classes\Master.php?f=delete.
Insurance Management System 1.0 is vulnerable to SQL Injection via /insurance/editClient.php?client_id=.
Food-order-and-table-reservation-system- 1.0 is vulnerable to SQL Injection in categorywise-menu.php via the catid parameters.
Sourcecodester Online Thesis Archiving System v1.0 is vulnerale to SQL injection in the file /otas/view_archive.php.
Online Sports Complex Booking System 1.0 is vulnerable to SQL Injection via /scbs/admin/categories/manage_category.php?id=.