16790 matches found
CVE-2020-12104
The Import feature in the wp-advanced-search plugin 3.3.6 for WordPress is vulnerable to authenticated SQL injection via an uploaded .sql file. An attacker can use this to execute SQL commands without any validation...
CVE-2020-23978
SQL injection can occur in Soluzione Globale Ecommerce CMS v1 via the parameter " offerta.php"...
CVE-2020-23966
SQL Injection vulnerability in victor cms 1.0 allows attackers to execute arbitrary commands via the post parameter to /post.php in a crafted GET request...
CVE-2020-10617
There are multiple ways an unauthenticated attacker could perform SQL injection on WebAccess/NMS versions prior to 3.0.2 to gain access to sensitive information...
CVE-2020-10817
The custom-searchable-data-entry-system aka Custom Searchable Data Entry System plugin through 1.7.1 for WordPress allows SQL Injection. NOTE: this product is discontinued...
CVE-2020-10220
An issue was discovered in rConfig through 3.9.4. The web interface is prone to a SQL injection via the commands.inc.php searchColumn parameter...
CVE-2020-10243
An issue was discovered in Joomla! before 3.9.16. The lack of type casting of a variable in a SQL statement leads to a SQL injection vulnerability in the Featured Articles frontend menutype...
CVE-2020-10230
CentOS-WebPanel.com aka CWP CentOS Web Panel for CentOS 6 and 7 allows SQL Injection via the /cwpSESSIONHASH/admin/loaderajax.php term parameter...
CVE-2020-10106
PHPGurukul Daily Expense Tracker System 1.0 is vulnerable to SQL injection, as demonstrated by the email parameter in index.php or register.php. The SQL injection allows to dump the MySQL database and to bypass the login prompt...
CVE-2020-24315
Vinoj Cardoza WordPress Poll Plugin v36 and lower executes SQL statement passed in via the pollid POST parameter due to a lack of user input escaping. This allows users who craft specific SQL statements to dump the entire targets database...
CVE-2020-24000
SQL Injection vulnerability in eyoucms cms v1.4.7, allows attackers to execute arbitrary code and disclose sensitive information, via the tid parameter to index.php...
CVE-2024-34932
A SQL injection vulnerability in /model/updateexam.php in Campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the name parameter...
CVE-2024-34989
In the module RSI PDF/HTML catalog evolution prestapdf = 7.0.0 from RSI for PrestaShop, a guest can perform SQL injection via PrestaPDFProductListModuleFrontController::queryDb.'...
CVE-2024-34334
ORDAT FOSS-Online before v2.24.01 was discovered to contain a SQL injection vulnerability via the forgot password function...
CVE-2024-34936
A SQL injection vulnerability in /view/event1.php in Campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the month parameter...
CVE-2024-34933
A SQL injection vulnerability in /model/updategrade.php in Campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the admissionfee parameter...
CVE-2024-34533
A SQL injection vulnerability in ZI PT Solusi Usaha Mudah Analytic Data Query module aka izidata 11.0 through 17.x before 17.0.3 allows a remote attacker to gain privileges via a query to IZITools::querycheck, IZITools::queryfetch, or IZITools::queryexecute...
CVE-2024-34928
A SQL injection vulnerability in /model/updatesubjectrouting.php in Campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the grade parameter...
CVE-2024-34931
A SQL injection vulnerability in /model/updatesubject.php in Campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the name parameter...
CVE-2024-41512
A SQL Injection vulnerability in "ccHandler.aspx" in all versions of CADClick v.1.11.0 and before allows remote attackers to execute arbitrary SQL commands via the "bomid" parameter...