A SQL injection vulnerability exists in mysiteforme versions prior to 2025.01.1.
MSFM before 2025.01.01 was discovered to contain a SQL injection vulnerability via the s_name parameter at table/list.
EngineerCMS v1.02 through v2.0.5 has a SQL injection vulnerability in the /project/addproject interface.
EngineerCMS v1.02 through v.2.0.5 has a SQL injection vulnerability in the /project/addprojtemplet interface.
A vulnerability was found in code-projects Online Class and Exam Scheduling System 1.0 in /Scheduling/pages/profile_update.php. Manipulating the parameter username will cause SQL injection attacks.
SQL injection vulnerability have been found in 101news affecting version 1.0 through the "searchtitle" parameter in search.php.
SQL injection vulnerability have been found in 101news affecting version 1.0 through the "sadminusername" parameter in admin/add-subadmins.php.
qiwen-file v1.4.0 was discovered to contain a SQL injection vulnerability via the component /mapper/NoticeMapper.xml.
my-springsecurity-plus before v2024.07.03 was discovered to contain a SQL injection vulnerability via the dataScope parameter at /api/user.
SQL injection vulnerability have been found in 101news affecting version 1.0 through the "username" parameter in admin/check_avalability.php.
A SQL injection vulnerability in login portal in AnteeoWMS before v4.7.34 allows unauthenticated attackers to execute arbitrary SQL commands via the username parameter and disclosure of some data in t
LyLme Spage <=1.6.0 is vulnerable to SQL Injection via /admin/group.php.
A vulnerability has been found in code-projects Library System 1.0. This affects an unknown function of the file /index.php of the component Login. The manipulation of the argument Username leads to s
SQL Injection vulnerability in remote-sessions in Devolutions Server.This issue affects Devolutions Server 2025.3.1 through 2025.3.12
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in OpenText Advanced Authentication. This issue affects Advanced Authentication versions before 6.5
SQL Injection vulnerability in the Structure for Admin authenticated user
my-springsecurity-plus before v2024.07.03 was discovered to contain a SQL injection vulnerability via the dataScope parameter at /api/dept.
An unauthenticated SQL injection vulnerability exists in the GetLyfsByParams endpoint of Bian Que Feijiu Intelligent Emergency and Quality Control System, accessible via the /AppService/BQMedical/WebS
SQL injection vulnerability in AzureSoft MyHorus 4.3.5 allows authenticated users to execute arbitrary SQL commands via unspecified vectors.
A SQL injection in Articles Calendar extension 1.0.0 - 1.0.1.0007 for Joomla allows attackers to execute arbitrary SQL commands.
Page 1+ Next →