| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| A SQL injection vulnerability exists in Subrion CMS v4.2.1 in the visual-mode. |
| The Magic CMS MSVOD v10 video system has a SQL injection vulnerability. Attackers can use vulnerabilities to obtain sensitive information in the database. |
| A blind SQL injection vulnerability in search form in TeamMate+ Audit version 28.0.19.0 allows any authenticated user to create malicious SQL injections, which can result in complete database compromise, gaining information about other users, unauthorized access to audit data etc. |
| The Company's Recruitment Management System in id=2 of the parameter from view_vacancy app on-page appears to be vulnerable to SQL injection. The payloads 19424269' or '1309'='1309 and 39476597' or '2917'='2923 were each submitted in the id parameter. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way. |
| SQL injection in Sourcecodester Try My Recipe (Recipe Sharing Website - CMS) 1.0 by oretnom23, allows attackers to execute arbitrary code via the rid parameter to the view_recipe page. |
| webTareas version 2.4 and earlier allows an unauthenticated user to perform Time and Boolean-based blind SQL Injection on the endpoint /includes/library.php, via the sor_cible, sor_champs, and sor_ordre HTTP POST parameters. This allows an attacker to access all the data in the database and obtain access to the webTareas application. |
| A SQL injection issue was discovered in ThycoticCentrify Secret Server before 11.0.000007. The only affected versions are 10.9.000032 through 11.0.000006. |
| An authenticated SQL injection issue in the calendar search function of OpenEMR 6.0.0 before patch 3 allows an attacker to read data from all tables of the database via the parameter provider_id, as demonstrated by the /interface/main/calendar/index.php?module=PostCalendar&func=search URI. |
| A SQL injection issue in pages/edit_fields/9_ajax/add_keyword.php of ResourceSpace 9.5 and 9.6 < rev 18274 allows remote unauthenticated attackers to execute arbitrary SQL commands via the k parameter. This allows attackers to uncover the full contents of the ResourceSpace database, including user session cookies. An attacker who gets an admin user session cookie can use the session cookie to execute arbitrary code on the server. |
| dynamicMarkt <= 3.10 is affected by SQL injection in the kat parameter of index.php. |
| dynamicMarkt <= 3.10 is affected by SQL injection in the kat1 parameter of index.php. |
| dynamicMarkt <= 3.10 is affected by SQL injection in the parent parameter of index.php. |
| SQL Injection vulnerability exists in all versions of Yonyou TurboCRM.via the orgcode parameter in changepswd.php. Attackers can use the vulnerabilities to obtain sensitive database information. |
| An SQL Injection vulnerability exists in Premiumdatingscript 4.2.7.7 via the ip parameter in connect.php. . |
| A SQL injection vulnerability exists in version 8.0 of openSIS when MySQL or MariaDB is used as the application database. An attacker can then issue the SQL command through the /opensis/modules/grades/InputFinalGrades.php, period parameter. |
| A SQL injection vulnerability exists in version 8.0 of openSIS when MySQL or MariaDB is used as the application database. An attacker can then issue the SQL command through the /opensis/modules/users/Staff.php, staff{TITLE] parameter. |
| A SQL injection vulnerability exists in version 8.0 of openSIS when MySQL or MariaDB is used as the application database. An attacker can then issue the SQL command through the /opensis/functions/GetStuListFnc.php &Grade= parameter. |
| An SQL Injection vulnerabilty exists in the oretnom23 Pharmacy Point of Sale System 1.0 in the login function in actions.php. |
| An SQL Injection vulnerability exists in Sourcecodester E-Negosyo System 1.0 via the user_email parameter in /admin/login.php. |
| PEEL Shopping CMS 9.4.0 is vulnerable to authenticated SQL injection in utilisateurs.php. A user that belongs to the administrator group can inject a malicious SQL query in order to affect the execution logic of the application and retrive information from the database. |
