#sql

Online Lab Diagnostic Management version 1.0 suffers from a remote SQL injection vulnerability.

CoolAdmin version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

City Variety LMS version 2.2 suffers from a cross site scripting vulnerability.

Online Shopping Portal Project v3.1 was discovered to contain a SQL injection vulnerability via the Email parameter at /shopping/login.php.

BMC Control-M Software v9.0.20.200 was discovered to contain a SQL injection vulnerability via the report-id parameter at /report/deleteReport.

An authenticated SQL injection vulnerability exists in Advantech iView versions prior to v5.7.4 build 6752. An authenticated remote attacker can bypass checks in com.imc.iview.utils.CUtils.checkSQLInjection() to perform blind SQL injection.

This Metasploit module exploits a SQL injection vulnerability in RudderStack's rudder-server, an open source Customer Data Platform (CDP). The vulnerability exists in versions of rudder-server prior to 1.3.0-rc.1. By exploiting this flaw, an attacker can execute arbitrary SQL commands, which may lead to remote code execution due to the rudder role in PostgreSQL having superuser permissions by default.

Art Gallery Management System v1.0 contains a SQL injection vulnerability via the cid parameter at /agms/product.php.

Joomla iProperty Real Estate extension version 4.1.1 suffers from a cross site scripting vulnerability.

CMVC SHOP LMS version 2.1.0 suffers from a remote SQL injection vulnerability.