Orangescrum 1.8.0 contains an authenticated SQL injection vulnerability that allows authorized users to manipulate database queries through multiple vulnerable parameters. Attackers can inject malicio
CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Unauthenticated SQL Injection in Feed KuantoKusta for WooCommerce – Free <= 5.3 versions.
A SQL Injection vulnerability exists in the login.php of PuneethReddyHC Online Shopping System Advanced 1.0 due to improper sanitization of user-supplied input in the keyword POST parameter.
A vulnerability was found in codeprojects Online Restaurant Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/member_update.php. The m
A SQL Injection vulnerability was found in /bpms/index.php in Source Code and Project Beauty Parlour Management System V1.1, which allows remote attackers to execute arbitrary code via the name POST r
The Product Table and List Builder for WooCommerce Lite plugin for WordPress is vulnerable to time-based SQL Injection via the 'search' parameter in all versions up to, and including, 4.6.2 due to ins
Library CMS 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to bypass authentication by injecting SQL code through the username parameter. Attackers can send POST req
Unauthenticated SQL Injection in GeekyBot <= 1.2.0 versions.
A vulnerability was detected in SourceCodester Pizzafy E-Commerce System 1.0. Affected by this vulnerability is the function Login of the file /admin/admin_class_novo.php of the component Administrati
A vulnerability has been found in Campcodes Advanced Online Voting Management System 1.0. The impacted element is an unknown function of the file /admin/login.php. Such manipulation of the argument Us
A SQL injection vulnerability was found in 'ajax.php' of Sourcecodester Simple Library Management System 1.0. This vulnerability stems from insufficient user input validation of the 'username' paramet
A SQL Injection vulnerability exists in SourceCodester Online Food Ordering System v1.0 in the Actions.php file (specifically the save_customer action). The application fails to properly sanitize user
A security flaw has been discovered in Portabilis i-Educar up to 2.10. This issue affects some unknown processing of the file /module/AreaConhecimento/edit of the component Listagem de áreas de conhec
A vulnerability was identified in code-projects Simple Cafe Ordering System 1.0. Affected by this issue is some unknown functionality of the file /login.php. Such manipulation of the argument Username
An SQL injection vulnerability exists in the Dahua Smart Cloud Gateway Registration Management Platform via the username parameter in the /index.php/User/doLogin endpoint. The application fails to pro
Veritas / Arctera Data Insight before 7.1.1 allows Application Administrators to conduct SQL injection attacks.
A weakness has been identified in Campcodes Online Learning Management System 1.0. This issue affects some unknown processing of the file /login.php. This manipulation of the argument Username causes
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Paid Memberships Pro.This issue affects Paid Memberships Pro: from n/a through 3.0.5.
RapidCMS v1.3.1 was discovered to contain a SQL injection vulnerability via the username parameter at /resource/runlogin.php.