CVE-2025-23220 WeGIA has a SQL Injection endpoint 'adicionar_raca.php' parameter 'raca'

WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A SQL Injection vulnerability was identified in the WeGIA application, specifically in the adicionarraca.php endpoint. This vulnerability allows attackers to execute arbitrary SQL commands in...

CVE-2024-34472

An issue was discovered in HSC Mailinspector 5.2.17-3 through v.5.2.18. An authenticated blind SQL injection vulnerability exists in the mliRealtimeEmails.php file. The ordemGrid parameter in a POST request to /mailinspector/mliRealtimeEmails.php does not properly sanitize input, allowing an...

CVE-2024-3025

mintplex-labs/anything-llm is vulnerable to path traversal attacks due to insufficient validation of user-supplied input in the logo filename functionality. Attackers can exploit this vulnerability by manipulating the logo filename to reference files outside of the restricted directory. This can...

CVE-2024-3025 Path Traversal in mintplex-labs/anything-llm

mintplex-labs/anything-llm is vulnerable to path traversal attacks due to insufficient validation of user-supplied input in the logo filename functionality. Attackers can exploit this vulnerability by manipulating the logo filename to reference files outside of the restricted directory. This can...

CVE-2024-25656

Improper input validation in AVSystem Unified Management Platform UMP 23.07.0.16567LTS can result in unauthenticated CPE Customer Premises Equipment devices storing arbitrarily large amounts of data during registration. This can potentially lead to DDoS attacks on the application database and,...

PT-2024-21071 · Avsystem · Avsystem Unified Management Platform

Name of the Vulnerable Software and Affected Versions: AVSystem Unified Management Platform UMP version 23.07.0.16567LTS Description: The issue concerns the insecure storage of LDAP passwords in the authentication functionality. This allows members with read access to the application database to...

Adobe RoboHelp Server GetNewUserId SQL Injection Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe RoboHelp Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the GetNewUserId method. The issue results from the lack of proper...

Sql injection

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in SonicWall GMS and Analytics allows an unauthenticated attacker to extract sensitive information from the application database. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics:...

SonicWALL Analytics和GMS SQL注入漏洞

SonicWALL Analytics and SonicWALL GMS are both products of SonicWALL, Inc. of the U.S. SonicWALL Analytics is a high-performance management and reporting engine for the Web.SonicWALL GMS is a global management system. A powerful and intuitive solution for organizations, distributed enterprises an...

GHSA-7MMC-22G7-3XQ2 Moodle SQL Injection vulnerability

The vulnerability was found Moodle which exists due to insufficient sanitization of user-supplied data in external Wiki method for listing pages. A remote attacker can send a specially crafted request to the affected application and execute limited SQL commands within the application database...

CVE-2023-30944

The vulnerability was found Moodle which exists due to insufficient sanitization of user-supplied data in external Wiki method for listing pages. A remote attacker can send a specially crafted request to the affected application and execute limited SQL commands within the application database...

Sql injection

The vulnerability was found Moodle which exists due to insufficient sanitization of user-supplied data in external Wiki method for listing pages. A remote attacker can send a specially crafted request to the affected application and execute limited SQL commands within the application database...

CVE-2023-30944

The vulnerability was found Moodle which exists due to insufficient sanitization of user-supplied data in external Wiki method for listing pages. A remote attacker can send a specially crafted request to the affected application and execute limited SQL commands within the application database...

The vulnerability of the Javautils sub-component of Oracle Application DBA systems, which is used in Oracle E-Business Suite, allows attackers to modify, add, or delete protected data.

The vulnerability of the Javautils sub-component of Oracle Application DBA systems, which is part of the Oracle E-Business Suite, is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to gain access to modify, add, or delete protected data...

Sewio Real-Time Location System (RTLS) Studio 信任管理问题漏洞

Sewio Real-Time Location System RTLS Studio is a real-time location system from Sewio, Inc. A security vulnerability exists in Sewio Real-Time Location System RTLS Studio versions 2.0.0 through 2.6.2, which originates from hard-coded passwords containing selected users in the application database...

EGavilan Media User-Registration-and-Login-System-With-Admin-Panel SQL Injection Vulnerability

EGavilan Media User-Registration-and-Login-System-With-Admin-Panel is a user registration and login system with an administrative panel from EGavilan Media. EGavilan Media User-Registration -and-Login-System-With-Admin-Panel version 1.0 contains a SQL injection vulnerability, which stems from...

CVE-2021-44096

EGavilan Media User-Registration-and-Login-System-With-Admin-Panel 1.0 is vulnerable to SQL Injection via profileaction - updateuser. This allows a remote attacker to compromise Application SQL database...

Fortinet FortiNAC SQL Injection Vulnerability

Fortinet FortiNAC is a network access control solution from Fortinet, Inc. Fortinet FortiNAC versions 8.3.7 through 9.2.2 are vulnerable to SQL injection, a vulnerability that originates when user-provided data is not sufficiently cleaned and can be exploited to send ad-hoc requests to affected...

TYPO3 Seminar Manager SQL Injection Vulnerability

TYPO3 is a content management system framework CMS/CMF from the Swiss TYPO3 Association.TYPO3 Seminar Manager 4.1.3 and earlier versions are vulnerable to SQL injection, which stems from inadequate cleaning of user-supplied data. A remote attacker could use this vulnerability to send a specially...

CVE-2022-27927

A SQL injection vulnerability exists in Microfinance Management System 1.0 when MySQL is being used as the application database. An attacker can issue SQL commands to the MySQL database through the vulnerable coursecode and/or customernumber parameter...