CVE-2022-4277

A vulnerability was found in Shaoxing Background Management System. It has been declared as critical. This vulnerability affects unknown code of the file /Default/Bd. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed t...

CVE-2022-36669

Hospital Information System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass...

CVE-2017-20029

A vulnerability was found in PHPList 3.2.6 and classified as critical. This issue affects some unknown processing of the file /lists/index.php of the component Edit Subscription. The manipulation leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the...

PT-2021-17127 · Unknown · Phpgurukul Student Record System

Name of the Vulnerable Software and Affected Versions: PHPGurukul Student Record System version 4.0 Description: The issue allows remote attackers to execute arbitrary SQL statements. This is achieved via the cid parameter to the "edit-course.php" endpoint. Recommendations: For PHPGurukul Student...

VulnCheck KEV: CVE-2020-5722

Grandstream UCM6200 series is vulnerable to an unauthenticated remote SQL injection via crafted HTTP request. Exploitation can allow for code execution as root...

PT-2019-15902 · Zoho · Zoho Manageengine Applications Manager

Name of the Vulnerable Software and Affected Versions: Zoho ManageEngine Applications Manager versions prior to 13640 Description: The issue allows for a remote authenticated SQL injection attack. This is achieved via the agentid parameter in the Agent servlet, which affects the Agent.java proces...

CVE-2018-8824

modules/bamegamenu/ajaxphpcode.php in the Responsive Mega Menu Horizontal+Vertical+Dropdown Pro module 1.0.32 for PrestaShop 1.5.5.0 through 1.7.2.5 allows remote attackers to execute a SQL Injection through function calls in the code parameter...

CVE-2018-7734

Afian FileRun before 2018.02.13 suffers from a remote SQL injection vulnerability, when logged in as superuser, via the search parameter in a /?module=users&section=cpanel&page=list request...

Article Directory Script SQL Injection Vulnerability

Article Directory Script is a script for creating article directories in websites. A SQL injection vulnerability exists in Article Directory Script version 3.0. A remote attacker can exploit this vulnerability by sending the 'id' parameter to the author.php or category.php file to inject SQL...

FileRun Remote SQL Injection Vulnerability

FileRun File Manager gives you access to your files anytime, anywhere with self-hosted secure cloud storage, file backups and sharing of photos, videos, documents and more. FileRun suffers from a remote SQL injection vulnerability that originates from the program's failure to validate the metafie...

Lokomedia CMS Remote SQL Injection Vulnerability

Lokomedia CMS is a content management system. Lokomedia CMS suffers from a remote SQL injection vulnerability. An attacker could use this vulnerability to take control of the application, access or modify data, or exploit potential vulnerabilities in the underlying database...

ICZ MATCHA INVOICE SQL Injection Vulnerability

ICZ MATCHA INVOICE is a Web-based billing management software from ICZ Japan. A SQL injection vulnerability exists in ICZ MATCHA INVOICE 2.5.6 and earlier versions. A remote attacker can exploit this vulnerability to execute arbitrary SQL commands...

AlienVault OSSIM Plugin ID SQL Injection Vulnerability

AlienVault OSSIM or Open Source Security Information Management is a popular open source security management system. AlienVault OSSIM handles NBE Plugin DI with a SQL injection vulnerability that allows remote attackers to exploit the vulnerability by submitting specially crafted SQL queries to...

CVE-2008-4605

SQL injection vulnerability in CafeEngine allows remote attackers to execute arbitrary SQL commands via the id parameter to 1 dish.php and 2 menu.php...

PT-2005-2863 · Unknown · Livingmailing

Name of the Vulnerable Software and Affected Versions: livingmailing version 1.3 Description: The issue allows remote attackers to execute arbitrary SQL commands via the password in the login.asp file. There is little public information available about the product and its vendor. Recommendations:...

DEBIAN-CVE-2005-1810

SQL injection vulnerability in template-functions-category.php in WordPress 1.5.1 allows remote attackers to execute arbitrary SQL commands via the $catID variable, as demonstrated using the cat parameter to index.php...