27 matches found
CVE-2021-27319
Blind SQL injection in contactus.php in Doctor Appointment System 1.0 allows an unauthenticated attacker to insert malicious SQL queries via email parameter...
CVE-2024-57328
A SQL Injection vulnerability exists in the login form of Online Food Ordering System v1.0. The vulnerability arises because the input fields username and password are not properly sanitized, allowing attackers to inject malicious SQL queries to bypass authentication and gain unauthorized access...
SQL Injection
funadmin/funadmin is vulnerable to SQL injection. The vulnerability is due to improper input handling in the /curd/table/fieldlist endpoint, allowing attackers to inject malicious SQL queries...
CVE-2024-36673
CVE-2024-36673 affects Sourcecodester Pharmacy/Medical Store Point of Sale System 1.0. The vulnerability is an SQL Injection in login.php caused by inadequate validation of the email and password inputs, enabling injection of malicious SQL queries. Documented impact is high for confidentiality, i...
SQL Injection
trytond is vulnerable to SQL Injection. The vulnerability is due to improper SQL sanitization in modelsql.py, allowing an authenticated attacker to inject and execute malicious SQL queries into the system when reading fields without an SQL type...
SQL Injection
jeecg-boot-base-core is vulnerable to SQL Injection. The vulnerability is due to improper SQL sanitization in the building block report component, allowing an authenticated attacker to inject and execute malicious SQL queries, leading to Sensitive Information Disclosure...
Sql injection
SQL injection in School Management System 1.0 allows remote attackers to modify or delete data, causing persistent changes to the application's content or behavior by using malicious SQL queries...
SQL Injection
jeecg-boot-base-core is vulnerable to sql injection. The vulnerability exists because the filterContent function of SqlInjectionUtil.java does not properly replace the value parameter, allowing an attacker to inject and execute malicious SQL queries...
CVE-2021-27828
SQL injection in In4Suite ERP 3.2.74.1370 allows attackers to modify or delete data, causing persistent changes to the application's content or behavior by using malicious SQL queries...
In4Suit ERP 3.2.74.1370 - (txtLoginId) SQL injection Vulnerability
Exploit Title: In4Suit ERP 3.2.74.1370 - 'txtLoginId' SQL injection Exploit Author: Gulab Mondal Vendor Homepage: https://www.in4velocity.com/in4suite-erp.html Version: In4Suite ERP 3.2.74.1370 Tested on: Windows ----------------------------------------- SQL injection in In4Suite ERP 3.2.74.1370...
In4Suit ERP 3.2.74.1370 SQL Injection
Exploit Title: In4Suit ERP 3.2.74.1370 - 'txtLoginId' SQL injection Date: 18/05/2021 Exploit Author: Gulab Mondal Vendor Homepage: https://www.in4velocity.com/in4suite-erp.html Version: In4Suite ERP 3.2.74.1370 Tested on: Windows ----------------------------------------- SQL injection in In4Suite...
In4Suit ERP 3.2.74.1370 - 'txtLoginId' SQL injection
Exploit Title: In4Suit ERP 3.2.74.1370 - 'txtLoginId' SQL injection Date: 18/05/2021 Exploit Author: Gulab Mondal Vendor Homepage: https://www.in4velocity.com/in4suite-erp.html Version: In4Suite ERP 3.2.74.1370 Tested on: Windows CVE: CVE-2021-27828 ----------------------------------------- SQL...
Doctor Appointment System SQL Injection Vulnerability (CNVD-2021-22960)
Doctor Appointment System is a PHP/MySQLi based doctor appointment system. A SQL blind injection vulnerability exists in contactus.php in Doctor Appointment System 1.0. An attacker can exploit this vulnerability to insert malicious SQL queries via the firstname parameter...
Sql injection
Blind SQL injection in contactus.php in doctor appointment system 1.0 allows an unauthenticated attacker to insert malicious SQL queries via lastname parameter...
Sql injection
Blind SQL injection in contactus.php in Doctor Appointment System 1.0 allows an unauthenticated attacker to insert malicious SQL queries via email parameter...
CVE-2021-27319
Blind SQL injection in contactus.php in Doctor Appointment System 1.0 allows an unauthenticated attacker to insert malicious SQL queries via email parameter...
CVE-2021-27316
Blind SQL injection in contactus.php in doctor appointment system 1.0 allows an unauthenticated attacker to insert malicious SQL queries via lastname parameter...
CVE-2021-27315
Blind SQL injection in contactus.php in Doctor Appointment System 1.0 allows an unauthenticated attacker to insert malicious SQL queries via the comment parameter...
CVE-2021-27314
SQL injection in admin.php in doctor appointment system 1.0 allows an unauthenticated attacker to insert malicious SQL queries via username parameter at login page...
Sql injection
SQL injection in admin.php in doctor appointment system 1.0 allows an unauthenticated attacker to insert malicious SQL queries via username parameter at login page...