CVE-2024-37858

SQL Injection vulnerability in Lost and Found Information System 1.0 allows a remote attacker to escalate privileges via the id parameter to php-lfis/admin/categories/managecategory.php...

CVE-2024-7289

A vulnerability was found in SourceCodester Establishment Billing Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /managepayment.php. The manipulation of the argument id leads to sql injection. The attack may be launched...

CVE-2024-5235

A vulnerability classified as critical has been found in Campcodes Complete Web-Based School Management System 1.0. Affected is an unknown function of the file /view/teachersalaryinvoice.php. The manipulation of the argument teacherid leads to sql injection. It is possible to launch the attack...

CVE-2024-10423

A vulnerability, which was classified as critical, was found in Project Worlds Student Project Allocation System 1.0. Affected is an unknown function of the file /student/projectselection/projectselection.php of the component Project Selection Page. The manipulation of the argument projectid lead...

CVE-2024-10447

A vulnerability classified as critical was found in Project Worlds Online Time Table Generator 1.0. Affected by this vulnerability is an unknown functionality of the file /timetable/staff/staffdashboard.php?info=updateprofile. The manipulation of the argument n leads to sql injection. The attack...

CVE-2024-9011

A vulnerability, which was classified as critical, was found in code-projects Crud Operation System 1.0. Affected is an unknown function of the file updata.php. The manipulation of the argument sid leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclose...

CVE-2024-9090

A vulnerability was found in SourceCodester Modern Loan Management System 1.0. It has been classified as critical. Affected is an unknown function of the file searchmember.php. The manipulation of the argument searchMember leads to sql injection. It is possible to launch the attack remotely. The...

CVE-2024-10656

A vulnerability was found in Tongda OA 2017 up to 11.9. It has been rated as critical. This issue affects some unknown processing of the file /pda/meeting/apply.php. The manipulation of the argument mrid leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed ...

CVE-2024-48177

MRCMS 3.1.2 contains a SQL injection vulnerability via the RID parameter in /admin/article/delete.do...

CVE-2023-0758

A vulnerability was found in glorylion JFinalOA 1.0.2 and classified as critical. This issue affects some unknown processing of the file src/main/java/com/pointlion/mvc/common/model/SysOrg.java. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The...

CVE-2023-0771

SQL Injection in GitHub repository ampache/ampache prior to 5.5.7,develop...

CVE-2023-26440

The cacheservice API could be abused to indirectly inject parameters with SQL syntax which was insufficiently sanitized and would later be executed when creating new cache groups. Attackers with access to a local or restricted network could perform arbitrary SQL queries. We have improved the inpu...

CVE-2023-35071

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in MRV Tech Logging Administration Panel allows SQL Injection. This issue affects Logging Administration Panel: before 20230915...

CVE-2023-25684

IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 247597...

CVE-2023-34976

A SQL injection vulnerability has been reported to affect Video Station. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network. We have already fixed the vulnerability in the following version: Video Station 5.7.0 2023/07/27 and later...

CVE-2023-30016

SQL Injection vulnerability in oretnom23 Judging Management System v1.0, allows remote attackers to execute arbitrary code and obtain sensitive information via subeventid parameter in subeventdetailsedit.php...

CVE-2023-38382

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Daniel Söderström / Sidney van de Stouwe Subscribe to Category allows SQL Injection.This issue affects Subscribe to Category: from n/a through 2.7.4...

CVE-2023-26093

Liima before 1.17.28 allows Hibernate query language HQL injection, related to colToSort in the deployment filter...

CVE-2023-24199

Raffle Draw System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at deleteticket.php...

CVE-2023-23758

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability allows SQL Injection...