| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| The Tubigan "Welcome to our Resort" 1.0 software allows SQL Injection via index.php?p=accomodation&q=[SQL], index.php?p=rooms&q=[SQL], or admin/login.php. |
| Attendance Monitoring System 1.0 has SQL Injection via the 'id' parameter to student/index.php?view=view, event/index.php?view=view, and user/index.php?view=view. |
| Library Management System 1.0 has SQL Injection via the "Search for Books" screen. |
| School Event Management System 1.0 has SQL Injection via the student/index.php or event/index.php id parameter. |
| An issue was discovered in zzcms 8.3. SQL Injection exists in zs/zs_list.php via a pxzs cookie. |
| An issue was discovered in zzcms 8.3. SQL Injection exists in zs/search.php via a pxzs cookie. |
| An issue was discovered in zzcms 8.3. SQL Injection exists in admin/special_add.php via a zxbigclassid cookie. (This needs an admin user login.) |
| An issue was discovered in zzcms 8.3. SQL Injection exists in zt/top.php via a Host HTTP header to zt/news.php. |
| An issue was discovered in zzcms 8.3. SQL Injection exists in admin/classmanage.php via the tablename parameter. (This needs an admin user login.) |
| An issue was discovered in zzcms 8.3. SQL Injection exists in zs/zs.php via a pxzs cookie. |
| An issue was discovered in zzcms 8.3. SQL Injection exists in ajax/zs.php via a pxzs cookie. |
| An issue was discovered in zzcms 8.3. SQL Injection exists in zs/subzs.php with a zzcmscpid cookie to zs/search.php. |
| An issue was discovered in zzcms 8.3. SQL Injection exists in admin/tagmanage.php via the tabletag parameter. (This needs an admin user login.) |
| SaltOS 3.1 r8126 allows action=ajax&query=numbers&page=usuarios&action2=[SQL] SQL Injection. |
| SaltOS 3.1 r8126 allows action=login&querystring=&user=[SQL] SQL Injection. |
| Open Faculty Evaluation System 7 for PHP 7 allows submit_feedback.php SQL Injection, a different vulnerability than CVE-2018-18757. |
| Open Faculty Evaluation System 5.6 for PHP 5.6 allows submit_feedback.php SQL Injection, a different vulnerability than CVE-2018-18758. |
| K-iwi Framework 1775 has SQL Injection via the admin/user/group/update user_group_id parameter or the admin/user/user/update user_id parameter. |
| PhpTpoint hospital management system suffers from multiple SQL injection vulnerabilities via the index.php user parameter associated with LOGIN.php, or the rno parameter to ALIST.php, DUNDEL.php, PDEL.php, or PUNDEL.php. |
| PhpTpoint Pharmacy Management System suffers from a SQL injection vulnerability in the index.php username parameter. |
