Sql injection

Student Result Management System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'password' parameter of the login.php resource does not validate the characters received and they are sent unfiltered to the database...

CVE-2023-48722

CVE-2023-48722 affects the “Student Result Management System v1.0.” The vulnerability is described as multiple unauthenticated SQL injection flaws in the add_results.php resource, caused by failure to validate the characters in the class_name parameter, which is sent unfiltered to the database. D...

CVE-2023-48718

The CVE-2023-48718 entry affects Student Result Management System v1.0, with unauthenticated SQL Injection via the add_students.php resource where the class_name parameter is not validated before sending to the database. Root cause: unsanitized user input reaching SQL queries. Impact: high (per C...

CVE-2023-48689 Railway Reservation System v1.0 - Multiple Unauthenticated SQL Injections (SQLi)

Railway Reservation System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'byname' parameter of the train.php resource does not validate the characters received and they are sent unfiltered to the database...

CVE-2023-48685

CVE-2023-48685 affects Railway Reservation System v1.0. The vulnerability is an unauthenticated SQL Injection in the login.php resource, triggered by the unvalidated psd parameter sent to the database. The issue is confirmed across multiple sources (NVD/NVD-Centric records and third-party advisor...

PT-2023-30921 · Unknown · Student Result Management System

Name of the Vulnerable Software and Affected Versions: Student Result Management System version 1.0 Description: The issue concerns multiple Unauthenticated SQL Injection vulnerabilities. The class name parameter of the "add students.php" resource does not validate the characters received, and th...

PT-2023-30924 · Unknown · Student Result Management System

Name of the Vulnerable Software and Affected Versions: Student Result Management System version 1.0 Description: The issue concerns multiple Unauthenticated SQL Injection vulnerabilities. The password parameter of the "login.php" resource does not validate the characters received, and they are se...

PT-2023-31290 · Unknown · Job Portal

Name of the Vulnerable Software and Affected Versions: Job Portal version 1.0 Description: The issue concerns multiple Unauthenticated SQL Injection vulnerabilities. Specifically, the cmbQual parameter of the "Employer/InsertWalkin.php" resource does not validate the characters received, and they...

CVE-2023-48433 Online Voting System Project v1.0 - Multiple Unauthenticated SQL Injections (SQLi)

Online Voting System Project v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'username' parameter of the loginaction.php resource does not validate the characters received and they are sent unfiltered to the database...

VulnCheck KEV: CVE-2022-1768

The RSVPMaker plugin for WordPress is vulnerable to unauthenticated SQL Injection due to insufficient escaping and parameterization on user supplied data passed to multiple SQL queries in the /rsvpmaker-email.php file. This makes it possible for unauthenticated attackers to steal sensitive...

PT-2023-7555 · WordPress · Wordpress Calendar Plugin

Name of the Vulnerable Software and Affected Versions: My Calendar WordPress Plugin version 3.4.22 Description: The issue is related to an unauthenticated SQL injection vulnerability. This vulnerability is present in the from and to parameters in the "/my-calendar/v1/events" rest route. It allows...

VulnCheck KEV: CVE-2022-0747

The Infographic Maker WordPress plugin before 4.3.8 does not validate and escape the postid parameter before using it in a SQL statement via the qcldupvoteaction AJAX action available to unauthenticated and authenticated users, leading to an unauthenticated SQL Injection...

CVE-2023-5652

The WP Hotel Booking WordPress plugin before 2.0.8 does not have authorisation and CSRF checks, as well as does not escape user input before using it in a SQL statement of a function hooked to admininit, allowing unauthenticated users to perform SQL injections...

VulnCheck KEV: CVE-2020-10548

rConfig 3.9.4 and previous versions has unauthenticated devices.inc.php SQL injection. Because, by default, nodes' passwords are stored in cleartext, this vulnerability leads to lateral movement, granting an attacker access to monitored network devices...

Exploit for SQL Injection in Wpfastestcache Wp_Fastest_Cache

CVE-2023-6063 PoC Reference - Unauthenticated SQL Inject...

CVE-2023-46800

Online Matrimonial Project v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'id' parameter of the viewprofile.php resource does not validate the characters received and they are sent unfiltered to the database...

CVE-2023-46793

Online Matrimonial Project v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'day' parameter in the 'register' function of the functions.php resource does not validate the characters received and they are sent unfiltered to the database...

CVE-2023-46793

Online Matrimonial Project v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'day' parameter in the 'register' function of the functions.php resource does not validate the characters received and they are sent unfiltered to the database...

Sql injection

Online Matrimonial Project v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'id' parameter of the viewprofile.php resource does not validate the characters received and they are sent unfiltered to the database...

CVE-2023-46800 Online Matrimonial Project v1.0 - Multiple Unauthenticated SQL Injections (SQLi)

Online Matrimonial Project v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'id' parameter of the viewprofile.php resource does not validate the characters received and they are sent unfiltered to the database...