CVE-2024-10440

Affected product: Sunnet eHDR CTMS. Vulnerability: SQL Injection allowing unauthenticated remote attackers to inject arbitrary SQL to read, modify, and delete database contents. Impact: High on confidentiality, integrity, and availability (CVSS v3.1 base score 9.8). References: TWCERT entries. Ex...

CVE-2024-9980

CVE-2024-9980 affects FormosaSoft ee-class. The vulnerability is an SQL injection caused by insufficient validation of a specific page parameter, enabling remote attackers with regular privileges to read, modify, and delete database contents. Documents consistently identify the affected software ...

CVE-2024-9980 FormosaSoft ee-class - SQL Injection

The ee-class from FormosaSoft does not properly validate a specific page parameter, allowing remote attackers with regular privileges to inject arbitrary SQL commands to read, modify and delete database contents...

CVE-2024-9972

Property Management System from ChanGate has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents...

CVE-2024-9972

The CVE entry CVE-2024-9972 concerns the ChanGate Property Management System, which has a SQL Injection vulnerability allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents. The related documents identify the affected product and t...

CVE-2024-9971

The CVE-2024-9971 issue affects NewType’s FlowMaster BPM Plus. A flaw in the product’s specific query function fails to properly restrict user input, allowing SQL injection. This enables remote attackers with regular privileges to read, modify, or delete database contents. Documents cite a high-s...

CVE-2024-9921

The CVE-2024-9921 entry corresponds to an SQL injection in Team+ from TEAMPLUS TECHNOLOGY caused by improper validation of a specific page parameter. Affected software/function: Team+ (TEAMPLUS TECHNOLOGY). Root cause: failure to validate the page parameter allows unauthenticated remote attackers...

PT-2024-39970 · Changate · Cge Property Management System

Name of the Vulnerable Software and Affected Versions: Property Management System from ChanGate affected versions not specified Description: The Property Management System from ChanGate has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands t...

CVE-2024-9465

An SQL injection vulnerability in Palo Alto Networks Expedition allows an unauthenticated attacker to reveal Expedition database contents, such as password hashes, usernames, device configurations, and device API keys. With this, attackers can also create and read arbitrary files on the Expeditio...

CVE-2024-9465 Expedition: SQL Injection Leads to Firewall Admin Credential Disclosure

An SQL injection vulnerability in Palo Alto Networks Expedition allows an unauthenticated attacker to reveal Expedition database contents, such as password hashes, usernames, device configurations, and device API keys. With this, attackers can also create and read arbitrary files on the Expeditio...

PT-2024-6717

Name of the Vulnerable Software and Affected Versions: Palo Alto Networks Expedition affected versions not specified Description: The issue is related to an SQL injection vulnerability in Palo Alto Networks Expedition. This vulnerability allows an unauthenticated attacker to reveal Expedition...

CVE-2024-9465

An SQL injection vulnerability in Palo Alto Networks Expedition allows an unauthenticated attacker to reveal Expedition database contents, such as password hashes, usernames, device configurations, and device API keys. With this, attackers can also create and read arbitrary files on the Expeditio...

CVE-2024-8329 Gether Technology 6SHR System - SQL Injection

6SHR system from Gether Technology does not properly validate the specific page parameter, allowing remote attackers with regular privilege to inject SQL command to read, modify, and delete database contents...

CVE-2024-8329 Gether Technology 6SHR System - SQL Injection

6SHR system from Gether Technology does not properly validate the specific page parameter, allowing remote attackers with regular privilege to inject SQL command to read, modify, and delete database contents...

CVE-2024-7732

Dr.ID Access Control System from SECOM does not properly validate a specific page parameter, allowing unauthenticated remote attackers to inject SQL commands to read, modify, and delete database contents...

CVE-2024-7731

Dr.ID Access Control System from SECOM does not properly validate a specific page parameter, allowing unauthenticated remote attackers to inject SQL commands to read, modify, and delete database contents...

CVE-2024-7732 SECOM Dr.ID Attendance system - Unrestricted File Upload

Dr.ID Access Control System from SECOM does not properly validate a specific page parameter, allowing unauthenticated remote attackers to inject SQL commands to read, modify, and delete database contents...

CVE-2024-7731 SECOM Dr.ID Access control system - SQL injection

Dr.ID Access Control System from SECOM does not properly validate a specific page parameter, allowing unauthenticated remote attackers to inject SQL commands to read, modify, and delete database contents...

CVE-2024-7202 Simopro Technology WinMatrix3 Web package - SQL Injection

The query functionality of WinMatrix3 Web package from Simopro Technology lacks proper validation of user input, allowing unauthenticated remote attackers to inject SQL commands to read, modify, and delete database contents...

CVE-2024-6743 AguardNet Space Management System - SQL injection

AguardNet's Space Management System does not properly validate user input, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents...