The Joomla Component Soccer Bet 4.1.5 is vulnerable to SQL Injection. The 'cat' parameter is vulnerable to SQL Injection when passed via the URL. An attacker can inject malicious SQL queries to gain access to sensitive information from the database.
Vik Booking 1.7 is vulnerable to SQL Injection. The room_ids[0] parameter is vulnerable to SQL Injection when passed as a GET parameter in the URL. This can be exploited to gain access to the underlying database and potentially execute arbitrary code.
The wallid parameter of the Joomla Component Sponsor Wall 7.0 is vulnerable to SQL Injection. An attacker can exploit this vulnerability by sending a malicious SQL query to the wallid parameter of the application. This can allow the attacker to gain access to sensitive information stored in the database.
The tag parameter of the Joomla Component onisMusic 2 is vulnerable to SQL Injection. An attacker can exploit this vulnerability by sending a malicious SQL query to the tag parameter of the application. This can allow the attacker to access sensitive information from the database.
The tag parameter of the Joomla Component onisQuotes 2.5 is vulnerable to SQL Injection. An attacker can inject malicious SQL queries into the parameter and gain access to the database.
The tag parameter of the Joomla Component onisPetitions 2.5 is vulnerable to SQL Injection. An attacker can exploit this vulnerability by sending malicious SQL queries to the vulnerable parameter.
The application suffers from an unquoted search path issue impacting the service 'bacstac' (bacstac-gtw.exe) for Windows deployed as part of BACstac routing service solution. This could potentially allow an authorized but non-privileged local user to execute arbitrary code with elevated privileges on the system. A successful attempt would require the local user to be able to insert their code in the system root path undetected by the OS or other security applications where it could potentially be executed during application startup or reboot. If successful, the local user’s code would execute with the elevated privileges of the application.
Login as regular user and inject malicious SQL code in the URL parameters 'list.php?entries=' and 'edit.php?entries='
Login as student user and inject malicious SQL code in the URL parameters 'uisd' of the following URLs: http://localhost/[PATH]/index.php/sclass/ownClassRoutin?uisd=[SQL] and http://localhost/[PATH]/index.php/suggestion/own_suggestion?uisd=[SQL]
An attacker can exploit a SQL injection vulnerability in the Viavi Product Review application to execute arbitrary SQL commands on the underlying database. The vulnerability exists due to insufficient sanitization of user-supplied input in the 'id' parameter of the 'category.php' script.
Services By CQR