Vulnerabilities > Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

DATE CVE VULNERABILITY TITLE RISK
2024-02-09 CVE-2024-25314 SQL Injection vulnerability in Hotel Management System Project Hotel Management System 1.0
Code-projects Hotel Managment System 1.0, allows SQL Injection via the 'sid' parameter in Hotel/admin/show.php?sid=2.
network
low complexity
hotel-management-system-project CWE-89
critical
 9.8
9.8
2024-02-09 CVE-2024-25315 SQL Injection vulnerability in Hotel Management System Project Hotel Management System 1.0
Code-projects Hotel Managment System 1.0, allows SQL Injection via the 'rid' parameter in Hotel/admin/roombook.php?rid=2.
network
low complexity
hotel-management-system-project CWE-89
critical
 9.8
9.8
2024-02-09 CVE-2024-25316 SQL Injection vulnerability in Hotel Management System Project Hotel Management System 1.0
Code-projects Hotel Managment System 1.0 allows SQL Injection via the 'eid' parameter in Hotel/admin/usersettingdel.php?eid=2.
network
low complexity
hotel-management-system-project CWE-89
critical
 9.8
9.8
2024-02-09 CVE-2024-25318 SQL Injection vulnerability in Hotel Management System Project Hotel Management System 1.0
Code-projects Hotel Managment System 1.0 allows SQL Injection via the 'pid' parameter in Hotel/admin/print.php?pid=2.
network
low complexity
hotel-management-system-project CWE-89
8.8
8.8
2024-02-09 CVE-2024-25304 SQL Injection vulnerability in Code-Projects Simple School Management System 1.0
Code-projects Simple School Managment System 1.0 allows SQL Injection via the 'apass' parameter at "School/index.php."
network
low complexity
code-projects CWE-89
8.8
8.8
2024-02-09 CVE-2024-25305 SQL Injection vulnerability in Code-Projects Simple School Management System 1.0
Code-projects Simple School Managment System 1.0 allows Authentication Bypass via the username and password parameters at School/index.php.
network
low complexity
code-projects CWE-89
8.8
8.8
2024-02-09 CVE-2024-25306 SQL Injection vulnerability in Code-Projects Simple School Management System 1.0
Code-projects Simple School Managment System 1.0 allows SQL Injection via the 'aname' parameter at "School/index.php".
network
low complexity
code-projects CWE-89
8.8
8.8
2024-02-09 CVE-2024-25308 SQL Injection vulnerability in Code-Projects Simple School Management System 1.0
Code-projects Simple School Managment System 1.0 allows SQL Injection via the 'name' parameter at School/teacher_login.php.
network
low complexity
code-projects CWE-89
8.8
8.8
2024-02-09 CVE-2024-25309 SQL Injection vulnerability in Code-Projects Simple School Management System 1.0
Code-projects Simple School Managment System 1.0 allows SQL Injection via the 'pass' parameter at School/teacher_login.php.
network
low complexity
code-projects CWE-89
8.8
8.8
2024-02-09 CVE-2024-25312 SQL Injection vulnerability in Code-Projects Simple School Management System 1.0
Code-projects Simple School Managment System 1.0 allows SQL Injection via the 'id' parameter at "School/sub_delete.php?id=5."
network
low complexity
code-projects CWE-89
8.8
8.8