#sql

SQL injection vulnerability in Vtiger CRM v.7.5.0 allows a remote authenticated attacker to escalate privileges via the getQueryColumnsList function in ReportRun.php.

SQL injection vulnerability in FIT2CLOUD RackShift v1.7.1 allows attackers to execute arbitrary code via the `sort` parameter to taskService.list(), bareMetalService.list(), and switchService.list().

SQL injection vulnerability in Super Store Finder PHP Script v.3.6 allows a remote attacker to execute arbitrary code via a crafted payload to the username parameter.

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Movus allows SQL Injection.This issue affects Movus: before 20230913.

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Aceka Company Management allows SQL Injection.This issue affects Company Management: before 3072 .

Lenosp 1.0.0-1.2.0 is vulnerable to SQL Injection via the log query module.

Ubuntu Security Notice 6366-1 - It was discovered that PostgreSQL incorrectly handled certain extension script substitutions. An attacker having database-level CREATE privileges can use this issue to execute arbitrary code as the bootstrap superuser.

ImgHosting version 1.3 suffers from a cross site scripting vulnerability.

PHP Shopping Cart version 4.2 suffers from a remote SQL injection vulnerability.

Fundraising Script version 1.0 suffers from a remote SQL injection vulnerability.