CVE-2023-49688 Job Portal v1.0 - Multiple Unauthenticated SQL Injections (SQLi)

Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'txtUser' parameter of the login.php resource does not validate the characters received and they are sent unfiltered to the database...

CVE-2023-49686

CVE-2023-49686 is withdrawn per the initial description, but connected sources describe a separate issue affecting Job Portal 1.0. The vulnerability is an Unauthenticated SQL Injection in the Job Portal’s Employer/InsertWalkin.php where the txtTotal parameter is sent unfiltered to the database. T...

CVE-2023-49681

CVE-2023-49681 affects Job Portal v1.0, with multiple unauthenticated SQL Injection vulnerabilities in the parameter cmbQual of the resource Employer/InsertWalkin.php . The input is not validated and is sent unfiltered to the database, enabling potential data exposure or modification. According t...

CVE-2023-49681 Job Portal v1.0 - Multiple Unauthenticated SQL Injections (SQLi)

Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'cmbQual' parameter of the Employer/InsertWalkin.php resource does not validate the characters received and they are sent unfiltered to the database...

CVE-2023-49678

CVE-2023-49678 is linked to a disclosed issue described in PT-2023-31286: Job Portal version 1.0 contains an unauthenticated SQL Injection vulnerability. The vulnerable component is the Employer/InsertJob.php resource, where the txtDesc parameter is not validated and its data is sent unfiltered t...

CVE-2023-49677 Job Portal v1.0 - Multiple Unauthenticated SQL Injections (SQLi)

Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'cmbQual' parameter of the Employer/InsertJob.php resource does not validate the characters received and they are sent unfiltered to the database...

CVE-2023-49677

CVE-2023-49677 affects Job Portal v1.0. The vulnerability is multiple unauthenticated SQL injection in the Employer/InsertJob.php resource, caused by lack of validation/filtering of the cmbQual parameter, which is sent unfiltered to the database. Impact is high (per CVSS 3.1: Critical, with Confi...

CVE-2023-48722

Student Result Management System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'classname' parameter of the addresults.php resource does not validate the characters received and they are sent unfiltered to the database...

CVE-2023-48689

Railway Reservation System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'byname' parameter of the train.php resource does not validate the characters received and they are sent unfiltered to the database...

Sql injection

Student Result Management System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'password' parameter of the login.php resource does not validate the characters received and they are sent unfiltered to the database...

CVE-2023-48722

CVE-2023-48722 affects the “Student Result Management System v1.0.” The vulnerability is described as multiple unauthenticated SQL injection flaws in the add_results.php resource, caused by failure to validate the characters in the class_name parameter, which is sent unfiltered to the database. D...

CVE-2023-48718

The CVE-2023-48718 entry affects Student Result Management System v1.0, with unauthenticated SQL Injection via the add_students.php resource where the class_name parameter is not validated before sending to the database. Root cause: unsanitized user input reaching SQL queries. Impact: high (per C...

CVE-2023-48689 Railway Reservation System v1.0 - Multiple Unauthenticated SQL Injections (SQLi)

Railway Reservation System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'byname' parameter of the train.php resource does not validate the characters received and they are sent unfiltered to the database...

CVE-2023-48685

CVE-2023-48685 affects Railway Reservation System v1.0. The vulnerability is an unauthenticated SQL Injection in the login.php resource, triggered by the unvalidated psd parameter sent to the database. The issue is confirmed across multiple sources (NVD/NVD-Centric records and third-party advisor...

PT-2023-30921 · Unknown · Student Result Management System

Name of the Vulnerable Software and Affected Versions: Student Result Management System version 1.0 Description: The issue concerns multiple Unauthenticated SQL Injection vulnerabilities. The class name parameter of the "add students.php" resource does not validate the characters received, and th...

PT-2023-31290 · Unknown · Job Portal

Name of the Vulnerable Software and Affected Versions: Job Portal version 1.0 Description: The issue concerns multiple Unauthenticated SQL Injection vulnerabilities. Specifically, the cmbQual parameter of the "Employer/InsertWalkin.php" resource does not validate the characters received, and they...

PT-2023-30924 · Unknown · Student Result Management System

Name of the Vulnerable Software and Affected Versions: Student Result Management System version 1.0 Description: The issue concerns multiple Unauthenticated SQL Injection vulnerabilities. The password parameter of the "login.php" resource does not validate the characters received, and they are se...

CVE-2023-48433 Online Voting System Project v1.0 - Multiple Unauthenticated SQL Injections (SQLi)

Online Voting System Project v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'username' parameter of the loginaction.php resource does not validate the characters received and they are sent unfiltered to the database...

VulnCheck KEV: CVE-2022-1768

The RSVPMaker plugin for WordPress is vulnerable to unauthenticated SQL Injection due to insufficient escaping and parameterization on user supplied data passed to multiple SQL queries in the /rsvpmaker-email.php file. This makes it possible for unauthenticated attackers to steal sensitive...

PT-2023-7555 · WordPress · Wordpress Calendar Plugin

Name of the Vulnerable Software and Affected Versions: My Calendar WordPress Plugin version 3.4.22 Description: The issue is related to an unauthenticated SQL injection vulnerability. This vulnerability is present in the from and to parameters in the "/my-calendar/v1/events" rest route. It allows...