Mitel MiCollab SQL注入漏洞

Mitel MiCollab is an enterprise-grade audio, web and video conferencing solution that provides efficient collaboration and communication capabilities. An SQL injection vulnerability exists in Mitel MiCollab, which can be exploited by an attacker to access non-sensitive user configuration...

Mitel MiCollab 安全漏洞

Mitel MiCollab is a mobile application that provides voice, video, messaging, audio conferencing, and team collaboration for employees from Mitel Canada. A security vulnerability exists in Mitel MiCollab version 9.8 SP1 FP2 9.8.1.201 and prior versions, which stems from insufficient filtering of...

PT-2024-30645 · Unknown · Easytest Online Test Platform

Name of the Vulnerable Software and Affected Versions: Easytest Online Test Platform versions 24E01 and earlier Description: The issue allows remote attackers to execute arbitrary SQL commands via the cstr parameter in the download class learning course function. This enables attackers to...

WordPress plugin Music Store security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PHPGurukul Online Fire Reporting System 安全漏洞

Online Fire Reporting System is an online fire reporting system. The Online Fire Reporting System suffers from a SQL injection vulnerability that originates from a lack of validation of external input SQL statements in ofrs/admin/index.php. The vulnerability can be exploited by an attacker to...

Complete Web-Based School Management System 安全漏洞

Campcodes Complete Web-Based School Management System is a Web-based school management system from Campcodes, Inc. A security vulnerability exists in Complete Web-Based School Management System version 1.0. An attacker can exploit this vulnerability to execute arbitrary SQL commands via the index...

Campcodes Complete Web-Based School Management System 安全漏洞

Campcodes Complete Web-Based School Management System is a Web-based school management system from Campcodes, Inc. A security vulnerability exists in Complete Web-Based School Management System version 1.0. An attacker can exploit this vulnerability to execute arbitrary SQL commands via the name...

CVE-2024-33009

SAP Global Label Management is vulnerable to SQL injection. On exploitation the attacker can use specially crafted inputs to modify database commands resulting in the retrieval of additional information persisted by the system. This could lead to low impact on Confidentiality and Integrity of the...

CVE-2024-33009 SQL injection vulnerability in SAP Global Label Management (GLM)

SAP Global Label Management is vulnerable to SQL injection. On exploitation the attacker can use specially crafted inputs to modify database commands resulting in the retrieval of additional information persisted by the system. This could lead to low impact on Confidentiality and Integrity of the...

crmeb_java 安全漏洞

Zhongbang CRMEB is an open source e-commerce management system from Zhongbang Networks Zhongbang in Xi'an, China. A security vulnerability exists in versions prior to crmebjava v1.3.4, which stems from the presence of a SQL injection vulnerability that allows an attacker to run arbitrary SQL...

PT-2024-22491 · Unknown · Employee Management System

Name of the Vulnerable Software and Affected Versions: Employee Management System version 1.0 Description: The issue allows attackers to run arbitrary SQL commands via the admin id parameter in "update-admin.php". This can potentially lead to unauthorized access and manipulation of database...

PT-2024-20066 · Gambio · Gambio

Name of the Vulnerable Software and Affected Versions: Gambio versions 4.9.2.0 and earlier Description: The issue allows attackers to run arbitrary SQL commands via a crafted GET request using the modifiersattribute parameter. This enables attackers to potentially extract or modify sensitive data...

CVE-2023-4675

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in GM Information Technologies MDO allows SQL Injection. This issue affects MDO: through 20231229. NOTE: The vendor was contacted early about this disclosure but did not respond in any way...

PT-2023-30168

Name of the Vulnerable Software and Affected Versions Talent Software ECOP versions prior to 32255 Description The issue is related to an Improper Neutralization of Special Elements used in an SQL Command, also known as 'SQL Injection', which allows Command Line Execution through SQL Injection...

The vulnerability of the GLPI system for managing requests, incidents, and inventory of computer equipment arises from the use of a field in the ITIL form for submitting requests, which allows an attacker to obtain the administrator’s account information.

The vulnerability of the GLPI system for managing requests, incidents, and inventory of computer equipment lies in the use of a input field for ITIL entities in the request form. Exploiting this vulnerability could allow a malicious actor to gain access to the administrator’s account by sending a...

The vulnerability of the GLPI system’s request, incident, and asset inventory management processes, related to the improper elimination of special elements used in SQL commands, allows a hacker to gain access to the administrator account.

The vulnerability of the GLPI system for requests, incidents, and inventory management is related to the improper elimination of special elements used in SQL commands. Exploiting this vulnerability can allow a malicious actor to gain control of the administrator’s account remotely...

CVE-2023-45830

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Online ADA Accessibility Suite by Online ADA allows SQL Injection.This issue affects Accessibility Suite by Online ADA: from n/a through 4.12...

PT-2023-24930 · Prestashop +1 · Opartsavecart +1

Name of the Vulnerable Software and Affected Versions: PrestaShop opartsavecart versions through 2.0.7 Description: The issue allows remote attackers to run arbitrary SQL commands via OpartSaveCartDefaultModuleFrontController::initContent and...

Nagios XI SQL Injection Vulnerability

Nagios XI is a suite of IT infrastructure monitoring solutions from the US-based Nagios. The solution supports monitoring and alerting of applications, services, operating systems, and more. A security vulnerability exists in Nagios XI version 5.11.1 and earlier, which originated from a...

CVE-2022-46898

An issue was discovered in Vocera Report Server and Voice Server 5.x through 5.8. There is Path Traversal via the "restore SQL data" filename. The Vocera Report Console contains a websocket function that allows for the restoration of the database from a ZIP archive that expects a SQL import file...