CVE-2024-0253 SQL Injection

ManageEngine ADAudit Plus versions 7270 and below are vulnerable to the Authenticated SQL injection in home Graph-Data...

Ivanti Addresses Critical Vulnerability in Endpoint Manager

Summary: Ivanti addressed a critical vulnerability CVE-2023-39336 in its Endpoint Management software, ensuring secure usage for its 40,000 worldwide customers. The flaw, resolved in version 2022 Service Update 5, posed a risk of pre-authenticated sql injection and possibly Remote Code Injection ...

CVE-2023-44482

Leave Management System Project v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'setsickleave' parameter of the admin/setleaves.php resource does not validate the characters received and they are sent unfiltered to the database...

CVE-2023-44482 Leave Management System Project v1.0 - Multiple Authenticated SQL Injections (SQLi)

Leave Management System Project v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'setsickleave' parameter of the admin/setleaves.php resource does not validate the characters received and they are sent unfiltered to the database...

CVE-2023-45127

This CVE entry is rejected/not used and does not represent an active vulnerability.

CVE-2023-45124

CVE-2023-45124 is rejected/not used; not an active vulnerability entry.

CVE-2023-45123

The CVE-2023-45123 entry has technical details in connected documents: Online Examination System v1.0 contains multiple authenticated SQL injection vulnerabilities in the update.php resource, caused by lack of validation of the right parameter which is sent unfiltered to the database. Impact: aut...

CVE-2023-45121

Online Examination System v1.0 is affected by multiple authenticated SQL Injection vulnerabilities. The root cause is unsanitized input in the desc parameter of /update.php?q=addquiz, which is sent unfiltered to the database. Impact is rated High for confidentiality, integrity, and availability (...

CVE-2023-45117

Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'eid' parameter of the /update.php?q=rmquiz resource does not validate the characters received and they are sent unfiltered to the database...

CVE-2023-45119

CVE-2023-45119 concerns Online Examination System v1.0. The vulnerability is an authenticated SQL Injection in the /update.php?q=quiz endpoint, where the value of the parameter n is not validated and is passed unfiltered to the database. This exposes the system to potentially arbitrary SQL execut...

CVE-2023-45118

CVE-2023-45118 affects Online Examination System v1.0, where the fdid parameter in /update.php is not validated and is sent unfiltered to the database, enabling multiple authenticated SQL injection vulnerabilities (impact described as High, CVSS 3.1). The issue stems from unsanitized input in the...

PT-2023-29420 · Unknown · Online Examination System

Name of the Vulnerable Software and Affected Versions: Online Examination System version 1.0 Description: The issue concerns multiple Authenticated SQL Injection vulnerabilities. The 'desc' parameter of the "/update.php?q=addquiz" resource does not validate the characters received, and they are...

PT-2023-29419 · Unknown · Online Examination System

Name of the Vulnerable Software and Affected Versions: Online Examination System version 1.0 Description: The issue concerns multiple Authenticated SQL Injection vulnerabilities. Specifically, the qid parameter of the "/update.php?q=quiz&step=2" resource does not validate the characters received,...

PT-2023-29417 · Unknown · Online Examination System

Name of the Vulnerable Software and Affected Versions: Online Examination System version 1.0 Description: The issue concerns multiple Authenticated SQL Injection vulnerabilities. Specifically, the fdid parameter of the "/update.php" resource does not validate the characters received, and they are...

PT-2023-29416 · Unknown · Online Examination System

Name of the Vulnerable Software and Affected Versions: Online Examination System version 1.0 Description: The issue concerns multiple Authenticated SQL Injection vulnerabilities. Specifically, the eid parameter of the "/update.php?q=rmquiz" resource does not validate the characters received, and...

PT-2023-29418 · Unknown · Online Examination System

Name of the Vulnerable Software and Affected Versions: Online Examination System version 1.0 Description: The issue concerns multiple Authenticated SQL Injection vulnerabilities. The 'n' parameter of the "/update.php?q=quiz" resource does not validate the characters received, and they are sent...

CVE-2023-44480

The CVE-2023-44480 entry concerns Leave Management System Project v1.0 with multiple Authenticated SQL Injection vulnerabilities. The root cause is lack of input validation for the setcasualleave parameter in admin/setleaves.php, with unfiltered data sent to the database. Affected software: Leave...

K000137368: Overview of F5 vulnerabilities (October 26, 2023)

Security Advisory Description On October 26, 2023, F5 announced the following security issues. This document is intended to serve as an overview of these vulnerabilities and security exposures to help determine the impact to your F5 devices. You can find the details of each issue in the associate...

CVE-2023-46748

An authenticated SQL injection vulnerability exists in the BIG-IP Configuration utility which may allow an authenticated attacker with network access to the Configuration utility through the BIG-IP management port and/or self IP addresses to execute arbitrary system commands. Note: Software...

CVE-2023-45826 Authenticated SQL Injection in leantime

Leantime is an open source project management system. A 'userId' variable in app/domain/files/repositories/class.files.php is not parameterized. An authenticated attacker can send a carefully crafted POST request to /api/jsonrpc to exploit an SQL injection vulnerability. Confidentiality is impact...