CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\get_doctor.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information. |
PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\appointment-history.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information. |
PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\change-emaild.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information. |
PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\forgot-password.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information. |
PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\user-login.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information. |
PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\check_availability.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information. |
A SQL injection vulnerability in /oa.php?c=Staff&a=read of Find a Place LJCMS v 1.3 allows attackers to access sensitive database information via a crafted POST request. |
SQL Injection vulnerability in NukeViet CMS module Shops 4.0.29 and 4.3 via the (1) listid parameter in detail.php and the (2) group_price or groupid parameters in search_result.php. |
SQL Injection vulnerability in NukeViet CMS 4.0.10 - 4.3.07 via:the topicsid parameter in modules/news/admin/addtotopics.php. |
SQL Injection Vulnerability in ECTouch v2 via the shop page in index.php.. |
OpenSNS v6.1.0 contains a blind SQL injection vulnerability in /Controller/ChinaCityController.class.php via the cid parameter. |
OpenSNS v6.1.0 contains a blind SQL injection vulnerability in /Controller/ChinaCityController.class.php via the pid parameter. |
In fastadmin-tp6 v1.0, in the file app/admin/controller/Ajax.php the 'table' parameter passed is not filtered so a malicious parameter can be passed for SQL injection. |
In fastadmin V1.0.0.20191212_beta, when a user with administrator rights has logged in, a malicious parameter can be passed for SQL injection in URL /admin/ajax/weigh. |
SQL injection vulnerability in yunyecms 2.0.2 allows remote attackers to run arbitrary SQL commands via XFF. |
SQL Injection vulnerability in Zhong Bang Technology Co., Ltd CRMEB mall system V2.60 and V3.1 via the tablename parameter in SystemDatabackup.php. |
SQL injection vulnerability in SeaCMS 10.1 (2020.02.08) via the id parameter in an edit action to admin_members_group.php. |
SQL injection vulnerability in yunyecms V2.0.1 via the selcart parameter. |
CSZ CMS v1.2.4 was discovered to contain an arbitrary file upload vulnerability in the component /core/MY_Security.php. |
Sql injection vulnerability in koa2-blog 1.0.0 allows remote attackers to Injecting a malicious SQL statement via the name parameter to the signup page. |