PT-2022-18694 · Unknown · Mysql Server +1

Name of the Vulnerable Software and Affected Versions: Microfinance Management System version 1.0 Description: A SQL injection issue exists when MySQL is used as the application database. An attacker can issue SQL commands to the MySQL database through the vulnerable course code and/or customer...

CVE-2022-0627

The Amelia WordPress plugin before 1.0.47 does not sanitize and escape the code parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting...

CVE-2022-26169

Air Cargo Management System v1.0 was discovered to contain a SQL injection vulnerability via the refcode parameter...

GHSA-VH2R-X97C-2VPR SQL Injection in Jeecg-boot

Jeecg-boot v3.0 was discovered to contain a SQL injection vulnerability via the code parameter in /jeecg-boot/sys/user/queryUserByDepId...

CVE-2022-22881

Jeecg-boot v3.0 was discovered to contain a SQL injection vulnerability via the code parameter in /sys/user/queryUserComponentData...

CVE-2022-22881

Jeecg-boot v3.0 was discovered to contain a SQL injection vulnerability via the code parameter in /sys/user/queryUserComponentData...

CVE-2022-22880

Jeecg-boot v3.0 was discovered to contain a SQL injection vulnerability via the code parameter in /jeecg-boot/sys/user/queryUserByDepId...

Sql injection

Jeecg-boot v3.0 was discovered to contain a SQL injection vulnerability via the code parameter in /jeecg-boot/sys/user/queryUserByDepId...

CVE-2022-22880

Jeecg-boot v3.0 is affected by an SQL injection in the code path /jeecg-boot/sys/user/queryUserByDepId, exploitable via the code parameter (also cited via queryUserByDepId with id/realname in some reports). The vulnerability stems from improper handling of user-supplied input in that function, en...

CVE-2022-22881

Jeecg-boot v3.0 was discovered to contain a SQL injection vulnerability via the code parameter in /sys/user/queryUserComponentData...

CVE-2022-22880

Jeecg-boot v3.0 was discovered to contain a SQL injection vulnerability via the code parameter in /jeecg-boot/sys/user/queryUserByDepId...

Jeecg-Boot SQL注入漏洞

Jeecg-Boot is a low-code platform based on the code generator from the JeecgBoot community. Jeecg-boot is vulnerable to SQL injection, which stems from a code parameter in /sys/user/queryUserComponentData that was found to be vulnerable to SQL injection. No detailed vulnerability details are...

CVE-2021-46061

An SQL Injection vulnerability exists in Sourcecodester Computer and Mobile Repair Shop Management system RSMS 1.0 via the code parameter in /rsms/ node app...

Computer And Mobile Repair Shop Management 1.0 SQL Injection

Title: Computer and Mobile Repair Shop Management-1.0 SQL - Injections Author: nu11secur1ty Date: 12.28.2021 Vendor: https://www.sourcecodester.com/users/tips23 Software: https://www.sourcecodester.com/php/15108/computer-and-mobile-repair-shop-management-system-using-phpoop-free-source-code.html...

CVE-2020-19118

Cross Site Scripting XSS vulnerabiity in YzmCMS 5.2 via the sitecode parameter in admin/index/init.html...

CVE-2020-27238

An exploitable SQL injection vulnerability exists in ‘getAssets.jsp’ page of OpenClinic GA 5.173.3. The code parameter in the getAssets.jsp page is vulnerable to unauthenticated SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability...

CVE-2020-27237

An exploitable SQL injection vulnerability exists in ‘getAssets.jsp’ page of OpenClinic GA 5.173.3. The code parameter in the The nomenclature parameter in the getAssets.jsp page is vulnerable to unauthenticated SQL injection. An attacker can make an authenticated HTTP request to trigger this...

CVE-2020-27238

An exploitable SQL injection vulnerability exists in ‘getAssets.jsp’ page of OpenClinic GA 5.173.3. The code parameter in the getAssets.jsp page is vulnerable to unauthenticated SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability...

CVE-2021-27695

Multiple stored cross-site scripting XSS vulnerabilities in openMAINT 2.1-3.3-b allow remote attackers to inject arbitrary web script or HTML via any "Add" sections, such as Add Card Building & Floor, or others in the Name and Code Parameters...

CVE-2020-29143

A SQL injection vulnerability in interface/reports/nonreported.php in OpenEMR before 5.0.2.5 allows a remote authenticated attacker to execute arbitrary SQL commands via the formcode parameter...