CVE-2022-33060

Online Railway Reservation System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=deleteschedule...

UBUNTU-CVE-2021-41689

DCMTK through 3.6.6 does not handle string copy properly. Sending specific requests to the dcmqrdb program, it would query its database and copy the result even if the result is null, which can incur a head-based overflow. An attacker can use it to launch a DoS attack...

CVE-2022-32405

Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the 'id' parameter at /pms/admin/prisons/viewprison.php:4...

CVE-2022-32401

Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the 'id' parameter at /pms/admin/inmates/manageprivilege.php:4...

74cms SQL注入漏洞

74cms is an online recruitment system based on PHP and MySQL by China Xunyi Technology Company. A SQL injection vulnerability exists in 74cmsSE v3.5.1, which originates from the lack of validation of externally entered SQL statements in the keyword parameter of /home/campus/campusjob. An attacker...

74cms SQL注入漏洞

74cmsSE is a free open source professional recruitment system based on PHP MYSQL. 74cmsSE is vulnerable to SQL injection, which results from the lack of validation of external input SQL statements in the /freelance/resumelist keyword parameter. An attacker could use this vulnerability to execute...

CVE-2022-31296

Online Discussion Forum Site 1 was discovered to contain a blind SQL injection vulnerability via the component /odfs/posts/viewpost.php...

ZZCMS SQL注入漏洞

ZZCMS is a content management system CMS by the ZZCMS team in China. A security vulnerability exists in ZZCMS 2019 version, which can be exploited by an attacker to perform a SQL injection attack via the id parameter in /admin/dlsendmail.php...

YouDianCMS SQL注入漏洞

YouDianCMS is a website CMS. YoudianCMS version v9.5.0 suffers from a SQL injection vulnerability, which originates from the id parameter at /App/Lib/Action/Admin/SiteAction.class.php that lacks validation of externally entered SQL statements. An attacker can exploit this vulnerability to execute...

PEEL Shopping CMS SQL注入漏洞

PEEL Shopping CMS is a shopping platform. A SQL injection vulnerability exists in PEEL Shopping CMS version 9.4.0, which stems from a lack of filtering of SQL data in utilisateurs.php. An attacker belonging to the Administrators group can inject malicious SQL queries to affect the application's...

Patient Records Management System SQL注入漏洞

Sourcecodester Hospital Patient Records Management System is a web-based application that provides an automated platform for hospitals to store and manage their patient records. Management System is vulnerable to a SQL injection vulnerability that originates in /hprms/admin/rooms/viewroom.php?id=...

CVE-2022-0786

The KiviCare WordPress plugin before 2.3.9 does not sanitise and escape some parameters before using them in SQL statements via the ajaxpost AJAX action with the getdoctordetails route, leading to SQL Injections exploitable by unauthenticated users...

Sql injection

The Export any WordPress data to XML/CSV WordPress plugin before 1.3.5 does not sanitize the cpt POST parameter when exporting post data before using it in a database query, leading to an SQL injection vulnerability...

phplist SQL注入漏洞

phplist is a suite of open source newsletter and email marketing software from the UK-based phplist. Version 3.2.6 of phplist contains a security vulnerability that can be exploited by attackers to conduct SQL injection attacks...

CVE-2022-1687

The Logo Slider WordPress plugin through 1.4.8 does not sanitise and escape the lspsliderid parameter before using it in a SQL statement via the Manage Slider Images admin page, leading to an SQL Injection...

CVE-2022-32008

Complete Online Job Search System v1.0 is vulnerable to SQL Injection via eris/admin/vacancy/index.php?view=edit&id=...

CVE-2022-29659

Responsive Online Blog v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at single.php...

Online Ordering System SQL注入漏洞

Online Ordering System is a multi-store ordering system that can be used by any small business. version 1.0 of Online Ordering System is vulnerable to a SQL injection vulnerability that stems from a lack of validation of externally entered SQL statements on the admin/vieworders.php page, which...

Rescue Dispatch Management System SQL注入漏洞

Rescue Dispatch Management System is a rescue dispatch management system from Carlo Montero's personal developer. rescue dispatch management system v1.0 is vulnerable to SQL injection, which originates from /rdms/classes/ Master.php?f=deletereport page lacks validation of externally entered SQL...

CVE-2022-29688

CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/singer/admin/singer/hy...