CWE-89

The attacker could get access to the database. The SQL injection is in the username parameter at the login panel: username: admin’–

attacker needs to craft a SQL payload. the vulnerable parameter is “agentid” must be authenticated to the admin panel.

PhpIPAM v1.4.4 allows an authenticated admin user to inject SQL sentences in the “subnet” parameter while searching a subnet via app/admin/routing/edit-bgp-mapping-search.php

A vulnerability has been found in SourceCodester Clinics Patient Management System 2.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /pms/index.php of the component Login Page. The manipulation of the argument user_name with the input admin’ or ‘1’=’1 leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Jeecg-boot v3.0 was discovered to contain a SQL injection vulnerability via the code parameter in /jeecg-boot/sys/user/queryUserByDepId.

Jeecg-boot v3.0 was discovered to contain a SQL injection vulnerability via the code parameter in /sys/user/queryUserComponentData.