| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| SQL Injection vulnerability in cskaza cszcms version 1.2.9, allows attackers to gain sensitive information via pm_sendmail parameter in csz_model.php. |
| CSE Bookstore version 1.0 is vulnerable to time-based blind, boolean-based blind and OR error-based SQL injection in pubid parameter in bookPerPub.php and in cart.php. A successful exploitation of this vulnerability will lead to an attacker dumping the entire database on which the web application is running. |
| SQL Injection vulnerability in oretnom23 School Faculty Scheduling System version 1.0, allows remote attacker to execute arbitrary code, escalate privilieges, and gain sensitive information via crafted payload to id parameter in manage_user.php. |
| SQL injection vulnerability in SourceCodester Water Billing System 1.0 via the id parameter to edituser.php. |
| AppCMS 2.0.101 in /admin/download_frame.php has a SQL injection vulnerability which allows attackers to obtain sensitive database information. |
| The id parameter in detail.php of Online Book Store v1.0 is vulnerable to union-based blind SQL injection, which leads to the ability to retrieve all databases. |
| Seat-Reservation-System 1.0 has a SQL injection vulnerability in index.php in the id parameter where attackers can obtain sensitive database information. |
| An issue was discovered in the XCloner Backup and Restore plugin before 4.2.13 for WordPress. It gave authenticated attackers the ability to modify arbitrary files, including PHP files. Doing so would allow an attacker to achieve remote code execution. The xcloner_restore.php write_file_action could overwrite wp-config.php, for example. Alternatively, an attacker could create an exploit chain to obtain a database dump. |
| Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php newpassword function. |
| Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php resetpassword function. |
| Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php check function. |
| doFilter in com.adventnet.appmanager.filter.UriCollector in Zoho ManageEngine Applications Manager through 14930 allows an authenticated SQL Injection via the resourceid parameter to showresource.do. |
| PHPGURUKUL Hospital Management System V 4.0 does not properly restrict access to admin/dashboard.php, which allows attackers to access all data of users, doctors, patients, change admin password, get appointment history and access all session logs. |
| HGiga MailSherlock contains a SQL injection flaw. Attackers can inject and launch SQL commands in a URL parameter of specific cgi pages. |
| HGiga MailSherlock contains a vulnerability of SQL Injection. Attackers can inject and launch SQL commands in a URL parameter. |
| phpList 3.5.9 allows SQL injection by admins who provide a crafted fourth line of a file to the "Config - Import Administrators" page. |
| An issue was discovered in Cacti 1.2.x through 1.2.16. A SQL injection vulnerability in data_debug.php allows remote authenticated attackers to execute arbitrary SQL commands via the site_id parameter. This can lead to remote code execution. |
| A second-order SQL injection issue in Widgets/TopDevicesController.php (aka the Top Devices dashboard widget) of LibreNMS before 21.1.0 allows remote authenticated attackers to execute arbitrary SQL commands via the sort_order parameter against the /ajax/form/widget-settings endpoint. |
| Zoho ManageEngine ServiceDesk Plus before 11134 allows an Authentication Bypass (only during SAML login). |
| BigProf Online Invoicing System before 2.9 suffers from an unauthenticated SQL Injection found in /membership_passwordReset.php (the endpoint that is responsible for issuing self-service password resets). An unauthenticated attacker is able to send a request containing a crafted payload that can result in sensitive information being extracted from the database, eventually leading into an application takeover. This vulnerability was introduced as a result of the developer trying to roll their own sanitization implementation in order to allow the application to be used in legacy environments. |
