Online Shopping Portal v3.1 was discovered to contain multiple time-based SQL injection vulnerabilities via the email and contactno parameters.
CWE-89
CVE-2021-46024
Projectworlds online-shopping-webvsite-in-php 1.0 suffers from a SQL Injection vulnerability via the “id” parameter in cart_add.php, No login is required.
CVE-2021-46061
An SQL Injection vulnerability exists in Sourcecodester Computer and Mobile Repair Shop Management system (RSMS) 1.0 via the code parameter in /rsms/ node app.
CVE-2021-45814
Nettmp NNT 5.1 is affected by a SQL injection vulnerability. An attacker can bypass authentication and access the panel with an administrative account.
CVE-2021-45821
A blind SQL injection vulnerability exists in Xbtit 3.1 via the sid parameter in ajaxchat/getHistoryChatData.php file that is accessible by a registered user. As a result, a malicious user can extract sensitive data such as usernames and passwords and in some cases use this vulnerability in order to get a remote code execution on the remote web server.
CVE-2021-45788
Time-based SQL Injection vulnerabilities were found in Metersphere v1.15.4 via the “orders” parameter.
