13181 matches found
CVE-2024-33404
A SQL injection vulnerability in /model/addstudentfirstpayment.php in campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the index parameter...
CVE-2024-33408
A SQL injection vulnerability in /model/getclassroom.php in campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the id parameter...
CVE-2024-33409
SQL injection vulnerability in index.php in campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the name parameter...
CVE-2024-33411
A SQL injection vulnerability in /model/getadminprofile.php in Campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the myindex parameter...
CVE-2024-33410
SQL injection vulnerability in /model/deleterangegrade.php in campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the id parameter...
CVE-2024-33406
SQL injection vulnerability in /model/deletestudentgradesubject.php in campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the index parameter...
CVE-2024-42782
A SQL injection vulnerability in "/music/ajax.php?action=findmusic" in Kashipara Music Management System v1.0 allows an attacker to execute arbitrary SQL commands via the "search" parameter...
CVE-2024-42786
A SQL injection vulnerability in "/music/viewuser.php" in Kashipara Music Management System v1.0 allows an attacker to execute arbitrary SQL commands via the "id" parameter of View User Profile Page...
CVE-2024-42781
A SQL injection vulnerability in "/music/ajax.php?action=login" of Kashipara Music Management System v1.0 allows remote attackers to execute arbitrary SQL commands and bypass Login via the email parameter...
CVE-2024-45265
A SQL injection vulnerability in the poll component in SkySystem Arfa-CMS before 5.1.3124 allows remote attackers to execute arbitrary SQL commands via the psid parameter...
CVE-2024-37870
SQL injection vulnerability in processscore.php in Learning Management System Project In PHP With Source Code 1.0 allows attackers to execute arbitrary SQL commands via the id parameter...
CVE-2024-37873
SQL injection vulnerability in viewpayslip.php in Itsourcecode Payroll Management System Project In PHP With Source Code 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter...
CVE-2024-53438
EventAttendance.php in ChurchCRM 5.7.0 is vulnerable to SQL injection. An attacker can exploit this vulnerability by manipulating the 'Event' parameter, which is directly interpolated into the SQL query without proper sanitization or validation, allowing attackers to execute arbitrary SQL command...
CVE-2024-54811
A SQL injection vulnerability in /index.php in PHPGurukul Park Ticketing Management System v1.0 allows an attacker to execute arbitrary SQL commands via the "login" parameter...
CVE-2024-50989
A SQL injection vulnerability in /omrs/admin/search.php in PHPGurukul Online Marriage Registration System v1.0 allows an attacker to execute arbitrary SQL commands via the "searchdata " parameter...
CVE-2024-44349
A SQL injection vulnerability in login portal in AnteeoWMS before v4.7.34 allows unauthenticated attackers to execute arbitrary SQL commands via the username parameter and disclosure of some data in the underlying DB...
CVE-2024-33276
SQL Injection vulnerability in FME Modules preorderandnotication v.3.1.0 and before allows a remote attacker to run arbitrary SQL commands via the PreorderModel::getIdProductAttributesByIdAttributes method...
CVE-2024-33268
SQL Injection vulnerability in Digincube mdgiftproduct before 1.4.1 allows an attacker to run arbitrary SQL commands via the MdGiftRule::addGiftToCart method...
CVE-2023-26453
Requests to cache an image could be abused to include SQL queries that would be executed unchecked. Exploiting this vulnerability requires at least access to adjacent networks of the imageconverter service, which is not exposed to public networks by default. Arbitrary SQL statements could be...
CVE-2023-37372
A vulnerability has been identified in RUGGEDCOM CROSSBOW All versions V5.4. The affected applications is vulnerable to SQL injection. This could allow an unauthenticated remote attackers to execute arbitrary SQL queries on the server database...