13174 matches found
CVE-2021-29350
SQL injection in the getip function in conn/function.php in 发货100-设计素材下载系统 1.1 allows remote attackers to inject arbitrary SQL commands via the X-Forwarded-For header to admin/productadd.php...
CVE-2021-20678
SQL injection vulnerability in the Paid Memberships Pro versions prior to 2.5.6 allows remote authenticated attackers to execute arbitrary SQL commands via unspecified vectors...
CVE-2021-43420
SQL injection vulnerability in Login.php in Sourcecodester Online Payment Hub v1 by oretnom23, allows attackers to execute arbitrary SQL commands via the username parameter...
CVE-2021-26762
SQL injection vulnerability in PHPGurukul Student Record System 4.0 allows remote attackers to execute arbitrary SQL statements, via the cid parameter to edit-course.php...
CVE-2021-26232
SQL injection vulnerability in SourceCodester Simple College Website v 1.0 allows remote attackers to execute arbitrary SQL statements via the id parameter to news.php...
CVE-2021-26231
SQL injection vulnerability in SourceCodester Fantastic Blog CMS v 1.0 allows remote attackers to execute arbitrary SQL statements, via the id parameter to category.php...
CVE-2020-29143
A SQL injection vulnerability in interface/reports/nonreported.php in OpenEMR before 5.0.2.5 allows a remote authenticated attacker to execute arbitrary SQL commands via the formcode parameter...
CVE-2020-15887
A SQL injection vulnerability in softwareupdatecontroller.php in the Software Update module before 1.6 for MunkiReport allows attackers to execute arbitrary SQL commands via the last URL parameter of the /module/softwareupdate/gettabdata/ endpoint...
CVE-2020-35337
ThinkSAAS before 3.38 contains a SQL injection vulnerability through app/topic/action/admin/topic.php via the title parameter, which allows remote attackers to execute arbitrary SQL commands...
CVE-2020-29437
SQL injection in the Buzz module of OrangeHRM through 4.6 allows remote authenticated attackers to execute arbitrary SQL commands via the orangehrmBuzzPlugin/lib/dao/BuzzDao.php loadMorePostsFormprofileUserId parameter to the buzz/loadMoreProfile endpoint...
CVE-2020-21012
Sourcecodester Hotel and Lodge Management System 2.0 is vulnerable to unauthenticated SQL injection and can allow remote attackers to execute arbitrary SQL commands via the email parameter to the edit page for Customer, Room, Currency, Room Booking Details, or Tax Details...
CVE-2020-14443
A SQL injection vulnerability in accountancy/customer/card.php in Dolibarr 11.0.3 allows remote authenticated users to execute arbitrary SQL commands via the id parameter...
CVE-2020-12013
A specially crafted WCF client that interfaces to the may allow the execution of certain arbitrary SQL commands remotely. This affects: Mitsubishi Electric MC Works64 Version 4.02C 10.95.208.31 and earlier, all versions; Mitsubishi Electric MC Works32 Version 3.00A 9.50.255.02; ICONICS GenBroker6...
CVE-2020-11530
A blind SQL injection vulnerability is present in Chop Slider 3, a WordPress plugin. The vulnerability is introduced in the id GET parameter supplied to getscript/index.php, and allows an attacker to execute arbitrary SQL queries in the context of the WP database user...
CVE-2020-10582
A SQL injection on the /admin/displayerrors.php script of Invigo Automatic Device Management ADM through 5.0 allows remote attackers to execute arbitrary SQL requests including data reading and modification on the database...
CVE-2020-2240
A cross-site request forgery CSRF vulnerability in Jenkins database Plugin 1.6 and earlier allows attackers to execute arbitrary SQL scripts...
CVE-2020-21662
SQL injection vulnerability in yunyecms 2.0.2 allows remote attackers to run arbitrary SQL commands via XFF...
CVE-2020-35378
SQL Injection in the login page in Online Bus Ticket Reservation 1.0 allows attackers to execute arbitrary SQL commands and bypass authentication via the username and password fields...
CVE-2020-29140
A SQL injection vulnerability in interface/reports/immunizationreport.php in OpenEMR before 5.0.2.5 allows a remote authenticated attacker to execute arbitrary SQL commands via the formcode parameter...
CVE-2020-24769
SQL injection vulnerability in takeconfirm.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the classes parameter...