#sql

Theme Volty CMS Blog up to version v4.0.1 was discovered to contain a SQL injection vulnerability via the id parameter at /tvcmsblog/single.

An issue in Pagekit pagekit v.1.0.18 alows a remote attacker to execute arbitrary code via thedownloadAction and updateAction functions in UpdateController.php

theme volty tvcmsvideotab up to v4.0.0 was discovered to contain a SQL injection vulnerability via the component TvcmsVideoTabConfirmDeleteModuleFrontController::run().

ECTouch v2 was discovered to contain a SQL injection vulnerability via the $arr['id'] parameter at \default\helpers\insert.php.

SPA-Cart eCommerce CMS version 1.9.0.3 suffers from a remote SQL injection vulnerability.

SPA-Cart eCommerce CMS version 1.9.0.3 suffers from a cross site scripting vulnerability.

HighPlus CMS version 0.1.3 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

Hospital HMS version 2.7 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

Hospital HMS version 2 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

Hasan MWB version 1 suffers from a cross site scripting vulnerability.