#sql

theme volty tvcmsvideotab up to v4.0.0 was discovered to contain a SQL injection vulnerability via the component TvcmsVideoTabConfirmDeleteModuleFrontController::run().

ECTouch v2 was discovered to contain a SQL injection vulnerability via the $arr['id'] parameter at \default\helpers\insert.php.

SPA-Cart eCommerce CMS version 1.9.0.3 suffers from a remote SQL injection vulnerability.

SPA-Cart eCommerce CMS version 1.9.0.3 suffers from a cross site scripting vulnerability.

HighPlus CMS version 0.1.3 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

Hospital HMS version 2.7 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

Hospital HMS version 2 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

Hasan MWB version 1 suffers from a cross site scripting vulnerability.

A stored cross-site scripting (XSS) vulnerability in Free and Open Source Inventory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Add New parameter under the New Buy section.

User enumeration is found in PHP Jabbers Hotel Booking System v4.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users.