CVE-2023-48372

ITPison OMICARD EDM 's SMS-related function has insufficient validation for user input. An unauthenticated remote attacker can exploit this vulnerability to inject arbitrary SQL commands to access, modify and delete database...

Input validation

Imageconverter API endpoints provided methods that were not sufficiently validating and sanitizing client input, allowing to inject arbitrary SQL statements. An attacker with access to the adjacent network and potentially API credentials, could read and modify database content which is accessible...

CVE-2023-26572

Unauthenticated SQL injection in the GetExcursionList method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers...

CVE-2023-2306

Qognify NiceVision versions 3.1 and prior are vulnerable to exposing sensitive information using hard-coded credentials. With these credentials an attacker can retrieve information about the cameras, user information, and modify database records...

Qognify NiceVision

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION : Exploitable remotely/low attack complexity Vendor : Qognify Equipment : NiceVision Vulnerability : Use of Hard-coded Credentials 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to retrieve sensitive...

Qognify NiceVision Trust Management Issue Vulnerability

Qognify NiceVision is a comprehensive, open platform IP video surveillance solution from Qognify. providing surveillance coverage and control for security-conscious environments. Qognify NiceVision 3.1 and prior versions suffer from a trust management issue vulnerability that stems from the use o...

CVE-2023-40046

In WSFTP Server versions prior to 8.7.4 and 8.8.2, a SQL injection vulnerability exists in the WSFTP Server manager interface. An attacker may be able to infer information about the structure and contents of the database and execute SQL statements that alter or delete database elements...

PT-2023-5410 · Ipswitch · Moveit Transfer

Name of the Vulnerable Software and Affected Versions: MOVEit Transfer versions prior to 2021.1.8 13.1.8 MOVEit Transfer versions prior to 2022.0.8 14.0.8 MOVEit Transfer versions prior to 2022.1.9 14.1.9 MOVEit Transfer versions prior to 2023.0.6 15.0.6 Description: A SQL injection vulnerability...

ROS-20230911-07

A vulnerability in the Moodle virtual learning environment is related to insufficient validation of user input data. data, an attacker could send a specially crafted HTTP request and make the application initiate requests to arbitrary systems. Exploitation of the vulnerability could allow an...

Clcknshop 1.0.0 SQL Injection

Exploit Title: Clcknshop 1.0.0 - SQL Injection Exploit Author: CraCkEr Date: 16/08/2023 Vendor: Infosoftbd Solutions Vendor Homepage: https://infosoftbd.com/ Software Link: https://infosoftbd.com/multitenancy-e-commerce-solution/ Demo: https://kidszone.clckn.shop/ Tested on: Windows 10 Pro Impact...

CVE-2023-20211

A vulnerability in the web-based management interface of Cisco Unified Communications Manager Unified CM and Cisco Unified Communications Manager Session Management Edition Unified CM SME could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. This...

WordPress adivaha Travel Plugin 2.3 - SQL Injection

Exploit Title: WordPress adivaha Travel Plugin 2.3 - SQL Injection Exploit Author: CraCkEr Date: 29/07/2023 Vendor: adivaha - Travel Tech Company Vendor Homepage: https://www.adivaha.com/ Software Link: https://wordpress.org/plugins/adiaha-hotel/ Demo: https://www.adivaha.com/demo/adivaha-online/...

CVE-2023-36934

In Progress MOVEit Transfer before 2020.1.11 12.1.11, 2021.0.9 13.0.9, 2021.1.7 13.1.7, 2022.0.7 14.0.7, 2022.1.8 14.1.8, and 2023.0.4 15.0.4, a SQL injection vulnerability has been identified in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain unauthorized...

Sql injection

In Progress MOVEit Transfer before 2020.1.11 12.1.11, 2021.0.9 13.0.9, 2021.1.7 13.1.7, 2022.0.7 14.0.7, 2022.1.8 14.1.8, and 2023.0.4 15.0.4, multiple SQL injection vulnerabilities have been identified in the MOVEit Transfer web application that could allow an authenticated attacker to gain...

CVE-2023-32754

Thinking Software Efence login function has insufficient validation for user input. An unauthenticated remote attacker can exploit this vulnerability to inject arbitrary SQL commands to access, modify or delete database...

PT-2023-24002 · Thinking · Thinking Software Efence

Name of the Vulnerable Software and Affected Versions: Thinking Software Efence affected versions not specified Description: The issue is related to insufficient validation for user input in the login function, allowing an unauthenticated remote attacker to inject arbitrary SQL commands. This can...

CVE-2023-35036

MOVEit Transfer is affected by a SQL injection vulnerability in its web application. Connected sources confirm an unauthenticated attacker could modify and disclose MOVEit’s database content due to how SQL queries are constructed. Affected versions include pre-2021.0.7 (13.0.7), 2021.1.5 (13.1.5)...

CVE-2023-29724

CVE-2023-29724 affects the BT21 x BTS Wallpaper app (Android) v12. The vulnerability allows unauthorized apps to request permission to modify the database that stores a user’s personal preference data, which is loaded into memory when the app opens. An attacker could tamper with this data to achi...

CVE-2023-29722

The Glitter Unicorn Wallpaper app for Android 7.0 thru 8.0 allows unauthorized apps to actively request permission to modify data in the database that records information about a user's personal preferences and will be loaded into memory to be read and used when the app is opened. An attacker cou...

CVE-2023-29927

Versions of Sage 300 through 2022 implement role-based access controls that are only enforced client-side. Low-privileged Sage users, particularly those on a workstation setup in the "Windows Peer-to-Peer Network" or "Client Server Network" Sage 300 configurations, could recover the SQL connectio...