CVE-2026-3151 itsourcecode College Management System login.php sql injection

A vulnerability was detected in itsourcecode College Management System 1.0. This vulnerability affects unknown code of the file /login/login.php. The manipulation of the argument email results in sql injection. The attack may be performed from remote. The exploit is now public and may be used...

CVE-2019-11399

An issue was discovered on TRENDnet TEW-651BR 2.04B1, TEW-652BRP 3.04b01, and TEW-652BRU 1.00b12 devices. OS command injection occurs through the getset.ccp lanHostCfgHostName1.1.1.0.0 parameter...

Code-Projects Patient Record Management System 注入漏洞

Patient Record Management System is a medical record management system. Patient Record Management System suffers from a SQL injection vulnerability that originates from the validation of externally entered SQL statements that are missing from parameter itrno in the birthingrecord.php file. An...

Project Worlds Online Doctor Appointment Booking System 注入漏洞

Project Worlds Online Doctor Appointment Booking System is an online doctor appointment booking system from Project Worlds, Inc. An injection vulnerability exists in Project Worlds Online Doctor Appointment Booking System version 1.0, which stems from an incorrect operation of the parameter ic th...

Kashipara E-learning Management System 安全漏洞

Kashipara E-learning Management System is a learning management system from Kashipara. A security vulnerability exists in Kashipara E-learning Management System version 1.0, which originates from an SQL injection in parameter d. The vulnerability is caused by the presence of an SQL injection in...

PT-2023-28945 · Unknown · Oscommerce

Name of the Vulnerable Software and Affected Versions: Os Commerce affected versions not specified Description: The issue is a Cross-Site Scripting XSS vulnerability that allows attackers to inject JavaScript through the orders products status name long1 parameter. This could potentially lead to...

AC Repair and Services System SQL注入漏洞

AC Repair and Services System is an air conditioning repair and services system by Carlo Montero Personal Developer. AC Repair and Services System version 1.0 suffers from a SQL injection vulnerability that originates in the parameter id of file /classes/Master.php?f=deleteinquiry which can lead ...

Command injection

TOTOLink A7100RU V7.4cu.2313B20191024 was discovered to contain a command injection vulnerability via the staticGw parameter at /setting/setWanIeCfg...

CVE-2023-25719

ConnectWise Control before 22.9.10032 formerly known as ScreenConnect fails to validate user-supplied parameters such as the Bin/ConnectWiseControl.Client.exe h parameter. This results in reflected data and injection of malicious code into a downloaded executable. The executable can be used to...

CVE-2022-36594

Mapper v4.0.0 to v4.2.0 was discovered to contain a SQL injection vulnerability via the ids parameter at the selectByIds function...

CVE-2022-30352

phpABook 0.9i is vulnerable to SQL Injection due to insufficient sanitization of user-supplied data in the "authuser" parameter in index.php script...

CVE-2022-30352

phpABook 0.9i is vulnerable to SQL Injection due to insufficient sanitization of user-supplied data in the "authuser" parameter in index.php script...

CVE-2022-28909

TOTOLink N600R V5.3c.7159B20190425 was discovered to contain a command injection vulnerability via the webwlanidx parameter in /setting/setWebWlanIdx...

Sql injection

Ovidentia CMS 6.x contains a SQL injection vulnerability in the "id" parameter of index.php. The "checkbox" property into "text" data can be extracted and displayed in the text region or in source code...

Pharmacy/Medical Store & Sale Point 1.0 - 'email' SQL Injection

Exploit Title: Pharmacy/Medical Store & Sale Point 1.0 - 'email' SQL Injection Date: 2020-08-23 Exploit Author: @naivenom Vendor Homepage: https://www.sourcecodester.com/php/14398/pharmacymedical-store-sale-point-using-phpmysql-bootstrap-framework.html Software Link:...

CVE-2020-25147

An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to SQL Injection due to the fact that it is possible to inject malicious SQL statements in malformed parameter types. This can occur via username0 to the default URI, because of...

SQL injection vulnerability in the i*** parameter of the pr***.php page of the website building system of Suzhou Ernst Network Technology Co.

Suzhou Ernst Network Technology Co., Ltd. is a network company that provides website construction and website optimization rental/sale. Suzhou Ernst Network Technology Co., Ltd. building system pr.php page i parameters exist SQL injection vulnerability, an attacker can use the vulnerability to...

CVE-2019-10708

S-CMS PHP v1.0 has SQL injection via the 4/js/scms.php?action=unlike id parameter...

Micro Focus Novell Access Manager iManager Cross-Site Scripting Vulnerability

Micro Focus Novell Access Manager is a comprehensive Web access management solution from Micro Focus UK. iManager is one of the Web-based applications that can manage and configure eDirectory objects using wireless devices. A cross-site scripting vulnerability exists in Micro Focus Novell Access...

CVE-2017-18024

AvantFAX 3.3.3 has XSS via an arbitrary parameter name to the default URI, as demonstrated by a parameter whose name contains a SCRIPT element and whose value is 1...