CWE-89

MyBatis PageHelper v1.x.x-v3.7.0 v4.0.0-v5.0.0,v5.1.0-v5.3.0 was discovered to contain a time-blind SQL injection vulnerability via the orderBy parameter.

Online Sports Complex Booking v1.0 was discovered to contain a SQL injection vulnerability via the id parameter.

Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter.

A vulnerability classified as critical was found in SourceCodester Guest Management System. This vulnerability affects unknown code of the file index.php. The manipulation of the argument username/pass leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-206398 is the identifier assigned to this vulnerability.

In Brocade SANnav before Brocade SANnav 2.2.0, multiple endpoints associated with Zone management are susceptible to SQL injection, allowing an attacker to run arbitrary SQL commands.

Attendance and Payroll System v1.0 was discovered to contain a SQL injection vulnerability via the component admindeduction_edit.php.