| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| FUEL CMS 1.4.11 allows SQL Injection via parameter 'name' in /fuel/permissions/create/. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. |
| An issue was discovered in Hoosk CMS v1.8.0. There is a SQL injection vulnerability in install/index.php |
| WebsiteBaker 2.12.2 allows SQL Injection via parameter 'display_name' in /websitebaker/admin/preferences/save.php. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. |
| An SQL Injection vulnerabilty exists in Sourcecodester Mobile Shop System in PHP MySQL 1.0 via the email parameter in (1) login.php or (2) LoginAsAdmin.php. |
| Online Bus Booking System Project Using PHP/MySQL version 1.0 has SQL injection via the login page. By placing SQL injection payload on the login page attackers can bypass the authentication and can gain the admin privilege. |
| NetIQ Identity Manager 4.8 prior to version 4.8 SP2 HF1 are affected by an injection vulnerability. This vulnerability is fixed in NetIQ IdM 4.8 SP2 HF1. |
| An issue was discovered in SourceCodester Seat Reservation System 1.0. The file admin_class.php does not perform input validation on the username and password parameters. An attacker can send malicious input in the post request to /admin/ajax.php?action=login and bypass authentication, extract sensitive information etc. |
| The paGO Commerce plugin 2.5.9.0 for Joomla! allows SQL Injection via the administrator/index.php?option=com_pago&view=comments filter_published parameter. |
| The Reset Password add-on before 1.2.0 for Alfresco suffers from CMIS-SQL Injection, which allows a malicious user to inject a query within the email input field. |
| In moodle, some database module web services allowed students to add entries within groups they did not belong to. Versions affected: 3.9 to 3.9.2, 3.8 to 3.8.5, 3.7 to 3.7.8, 3.5 to 3.5.14 and earlier unsupported versions. This is fixed in moodle 3.8.6, 3.7.9, 3.5.15, and 3.10. |
| A flaw was found in PostgreSQL versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. An attacker having permission to create non-temporary objects in at least one schema can execute arbitrary SQL functions under the identity of a superuser. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. |
| The SAS portal of Mitel MiCollab before 9.2 could allow an attacker to access user credentials due to improper input validation, aka SQL Injection. |
| Sourcecodester Simple Library Management System 1.0 is affected by Incorrect Access Control via the Login Panel, http://<site>/lms/admin.php. |
| PHPGURUKUL Zoo Management System Using PHP and MySQL version 1.0 is affected by: SQL Injection via zms/animal-detail.php. |
| SimplePHPscripts News Script PHP Pro 2.3 is affected by a SQL Injection via the id parameter in an editNews action. |
| Projectsworlds College Management System Php 1.0 is vulnerable to SQL injection issues over multiple parameters. |
| Wordpress Plugin Store / Mike Rooijackers Recall Products V0.8 fails to sanitize input from the 'Manufacturer[]' parameter which allows an authenticated attacker to inject a malicious SQL query. |
| The id paramater in Online Shopping Alphaware 1.0 has been discovered to be vulnerable to an Error-Based blind SQL injection in the /alphaware/details.php path. This allows an attacker to retrieve all databases. |
| In SourceCodester Online Bus Booking System 1.0, there is Authentication bypass on the Admin Login screen in admin.php via username or password SQL injection. |
| An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. It allows SQL injection, as demonstrated by TestConnection_LocalOrLinkedServer, CreateFilterFriendlyView, or AddWorkViewLinkedServer. |
