13184 matches found
CVE-2024-33402
A SQL injection vulnerability in /model/approvepettycash.php in campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the id parameter...
CVE-2024-33808
A SQL injection vulnerability in /model/gettimetable.php in campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the id parameter...
CVE-2024-33804
A SQL injection vulnerability in /model/getsubject.php in campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the id parameter...
CVE-2024-33802
A SQL injection vulnerability in /model/getstudentsubject.php in campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the index parameter...
CVE-2024-33801
A SQL injection vulnerability in /model/getsubjectrouting.php in campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the id parameter...
CVE-2024-33801
A SQL injection vulnerability in /model/getsubjectrouting.php in campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the id parameter...
CVE-2024-33799
A SQL injection vulnerability in /model/getteacher.php in campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the id parameter...
SQL Injection
mocodo is vulnerable to SQL Injection. The vulnerability is due to improper sanitization of the sqlcase input field in /web/generate.php, allowing remote attackers to execute arbitrary SQL commands and potentially command injection, leading to remote code execution RCE under certain conditions...
SQL Injection
PyMySQL is vulnerable to SQL Injection. The vulnerability is due to improper JSON sanitization within the escapedict function, which allows an attacker execute arbitrary SQL if an application handles untrusted JSON user input...
CVE-2024-34929
A SQL injection vulnerability in /view/findfriends.php in Campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the myindex parameter...
CVE-2024-34936
A SQL injection vulnerability in /view/event1.php in Campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the month parameter...
CVE-2024-34935
A SQL injection vulnerability in /view/conversationhistoryadmin.php in Campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the conversationid parameter...
CVE-2024-34935
A SQL injection vulnerability in /view/conversationhistoryadmin.php in Campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the conversationid parameter...
CVE-2024-34934
A SQL injection vulnerability in /view/emarksrangegradeupdateform.php in Campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the conversationid parameter...
CVE-2024-34934
A SQL injection vulnerability in /view/emarksrangegradeupdateform.php in Campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the conversationid parameter...
CVE-2024-34932
A SQL injection vulnerability in /model/updateexam.php in Campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the name parameter...
CVE-2024-34932
A SQL injection vulnerability in /model/updateexam.php in Campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the name parameter...
CVE-2024-34931
A SQL injection vulnerability in /model/updatesubject.php in Campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the name parameter...
CVE-2024-34930
A SQL injection vulnerability in /model/allevents1.php in Campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the month parameter...
CVE-2024-34929
A SQL injection vulnerability in /view/findfriends.php in Campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the myindex parameter...