CWE-89

HMS v1.0 was discovered to contain a SQL injection vulnerability via adminlogin.php.

HMS v1.0 was discovered to contain a SQL injection vulnerability via doctorlogin.php.

HMS v1.0 was discovered to contain a SQL injection vulnerability via patientlogin.php.

Emlog v6.0 was discovered to contain a SQL injection vulnerability via the $TagID parameter of getblogidsfromtagid().

There is a SQL injection vulnerability in the background of taocms 3.0.2 in parameter id:action=admin&id=2&ctrl=edit.

An issue was discovered in taocms 3.0.2. This is a SQL blind injection that can obtain database data through the Comment Update field.