13174 matches found
Simple Pizza Ordering System paymentportal.php File SQL Injection Vulnerability
Simple Pizza Ordering System is a simple pizza ordering system. Simple Pizza Ordering System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter person in the file /paymentportal.php. The vulnerability can be...
CVE-2025-49853
CVE-2025-49853 affects ControlID iDSecure On-premises versions 4.7.48.0 and prior. Root cause is an SQL injection vulnerability that could leak arbitrary information and allow insertion of arbitrary SQL syntax into queries, impacting confidentiality and integrity (CVSS 3.1/4.0 CRITICAL). Remediat...
CVE-2025-34038 Weaver E-cology SQL Injection
A SQL injection vulnerability exists in Weaver E-cology 8.0 via the getdata.jsp endpoint. The application directly passes unsanitized user input from the sql parameter into a database query within the getSelectAllIdssql, type method, reachable through the cmd=getSelectAllId workflow in the...
TencentOS Server 3: postgresql:15 (TSSA-2024:0086)
The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2024:0086 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...
CVE-2025-49468
The CVE-2025-49468 entry describes a SQL injection in the No Boss Calendar Joomla extension (versions prior to 5.0.7). The vulnerability allows remote authenticated users to execute arbitrary SQL via the id_module parameter. Impact is reported as high for confidentiality, integrity, and availabil...
CVE-2025-49468 Joomla Extension - nobossextensions.com - SQL injection vulnerability in No Boss Calendar component before 5.0.7 for Joomla
A SQL injection vulnerability in No Boss Calendar component before 5.0.7 for Joomla was discovered. The vulnerability allows remote authenticated users to execute arbitrary SQL commands via the idmodule parameter...
CVE-2023-45256
Multiple SQL injection vulnerabilities in the EuroInformation MoneticoPaiement module before 1.1.1 for PrestaShop allow remote attackers to execute arbitrary SQL commands via the TPE, societe, MAC, reference, or aliascb parameter to transaction.php, validation.php, or callback.php...
CVE-2023-45256
Multiple SQL injection vulnerabilities in the EuroInformation MoneticoPaiement module before 1.1.1 for PrestaShop allow remote attackers to execute arbitrary SQL commands via the TPE, societe, MAC, reference, or aliascb parameter to transaction.php, validation.php, or callback.php...
CVE-2023-45256
CVE-2023-45256 describes multiple SQL injection vulnerabilities in the EuroInformation MoneticoPaiement module for PrestaShop, affected in versions prior to 1.1.1. The issue allows remote attackers to inject SQL via parameters TPE, societe, MAC, reference, or aliascb through the endpoints transac...
SQL Injection
github.com/navidrome/navidrome is vulnerable to SQL injection. The vulnerability is due to improper input validation of the role parameter in the /api/artist API endpoint, allowing attackers to inject arbitrary SQL queries...
CVE-2024-57459
A time-based SQL injection vulnerability exists in mydetailsstudent.php in the CloudClassroom PHP Project 1.0. The myds parameter does not properly validate user input, allowing an attacker to inject arbitrary SQL commands...
CVE-2024-57459
A time-based SQL injection vulnerability exists in mydetailsstudent.php in the CloudClassroom PHP Project 1.0. The myds parameter does not properly validate user input, allowing an attacker to inject arbitrary SQL commands...
CVE-2024-47223
A vulnerability in the AWV Audio, Web and Video Conferencing component of Mitel MiCollab through 9.8 SP1 FP2 9.8.1.201 could allow an unauthenticated attacker to conduct a SQL injection attack due to insufficient sanitization of user input. A successful exploit could allow an attacker to access...
CVE-2024-42785
A SQL injection vulnerability in /music/index.php?page=viewplaylist in Kashipara Music Management System v1.0 allows an attacker to execute arbitrary SQL commands via the "id" parameter...
CVE-2024-42784
A SQL injection vulnerability in "/music/controller.php?page=viewmusic" in Kashipara Music Management System v1.0 allows an attacker to execute arbitrary SQL commands via the "id" parameter...
CVE-2024-28297
SQL injection vulnerability in AzureSoft MyHorus 4.3.5 allows authenticated users to execute arbitrary SQL commands via unspecified vectors...
CVE-2024-28322
SQL Injection vulnerability in /event-management-master/backend/register.php in PuneethReddyHC Event Management 1.0 allows attackers to run arbitrary SQL commands via the eventid parameter in a crafted POST request...
CVE-2024-30974
SQL Injection vulnerability in autoexpress v.1.3.0 allows attackers to run arbitrary SQL commands via the carId parameter...
CVE-2024-30990
SQL Injection vulnerability in the "Invoices" page in phpgurukul Client Management System using PHP & MySQL 1.1 allows attacker to execute arbitrary SQL commands via "searchdata" parameter...
CVE-2024-30985
SQL Injection vulnerability in "B/W Dates Reports" page in phpgurukul Client Management System using PHP & MySQL 1.1 allows attacker to execute arbitrary SQL commands via "todate" and "fromdate" parameters...