A vulnerability, which was classified as critical, has been found in Project Worlds Online Lawyer Management System 1.0. This issue affects some unknown processing of the file /lawyer_booking.php. The
Unauthenticated PHP Object Injection in Kapee < 1.7.0 versions.
A SQL injection vulnerability in login portal in AnteeoWMS before v4.7.34 allows unauthenticated attackers to execute arbitrary SQL commands via the username parameter and disclosure of some data in t
Unauthenticated SQL Injection in WPJobster <= 6.3.5 versions.
Unauthenticated PHP Object Injection in OttoKit <= 1.1.27 versions.
An unauthenticated SQL injection vulnerability exists in Kimai version 0.9.2.x via the db_restore.php endpoint. The flaw allows attackers to inject arbitrary SQL queries into the dates[] POST paramete
Zohocorp ManageEngine Analytics Plus versions 6170 and below are vulnerable to Unauthenticated SQL Injection due to the improper filter configuration.
Unauthenticated PHP Object Injection in Konsept <= 1.9 versions.
A vulnerability has been found in ghostxbh uzy-ssm-mall 1.0.0 and classified as critical. This vulnerability affects the function ForeProductListController of the file /mall/product/0/20. The manipula
Unauthenticated SQL Injection in JetSearch <= 3.5.17 versions.
A SQL injection vulnerability in printtool.php of Itsourcecode Construction Management System 1.0 allows remote attackers to execute arbitrary SQL commands via the borrow_id parameter.
Organizr v1.90 was discovered to contain a SQL injection vulnerability via chat/setlike.php.
Unauthenticated SQL Injection in WP Photo Album Plus <= 9.1.08.001 versions.
SQL Injection vulnerability in BerriAI LiteLLM before 1.81.0 allows attackers to execute arbitrary commands via the key parameter to the "/key/block" and "/key/unblock" API endpoints.
Unauthenticated SQL Injection in Simply Schedule Appointments <= 1.6.9.27 versions.
An unauthenticated SQL injection vulnerability exists in the Kloxo web hosting control panel (developed by LXCenter) prior to version 6.1.12. The flaw resides in the login-name parameter passed to lbi
Unauthenticated PHP Object Injection in Valiance <= 1.2 versions.
SourceCodester Simple Barangay Management System v1.0 has a SQL injection vulnerability in /barangay_management/admin/?page=view_clearance.
Sourcecodester Basic Library System v1.0 is vulnerable to SQL Injection in /librarysystem/load_admin.php.
Unauthenticated PHP Object Injection in Eldon <= 1.4.1 versions.