PT-2023-27750 · Qsige · Qsige

Name of the Vulnerable Software and Affected Versions: QSige affected versions not specified Description: The QSige statistics are affected by a remote SQL injection vulnerability. The web application does not correctly filter input parameters, allowing SQL injections, Denial of Service DoS, or...

DedeBIZ SQL Injection Vulnerability

DedeBIZ is a content management system from China Muyun Intelligent Technology DedeBIZ company. A SQL injection vulnerability exists in DedeBIZ version 6.2, which stems from the fact that incorrect manipulation of the parameter ids can lead to sql injection...

CVE-2023-44047

Sourcecodester Toll Tax Management System v1 is vulnerable to SQL Injection...

PT-2023-31400 · Infinitietech · Infinitietech Taskhub

Name of the Vulnerable Software and Affected Versions: infinitietech taskhub version 2.8.7 Description: A critical issue has been found in the GET Parameter Handler component, specifically affecting the /home/get tasks list file. The manipulation of the project/status/user id/sort/search argument...

SUSE CVE-2023-39361

Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a SQL injection discovered in graphview.php. Since guest users can access graphview.php without authentication by default, if guest users are being utilized in an enabled state, there...

Aruba Networks EdgeConnect SD-WAN Orchestrator SQL注入漏洞

Aruba Networks EdgeConnect is an edge connectivity management platform from Aruba Networks, USA. A security vulnerability exists in the Aruba Networks EdgeConnect SD-WAN Orchestrator that stems from an SQL injection vulnerability in the web-based management interface...

BA Gallery SQL Injection Vulnerability in Joomla!

Joomla! is a set of forum components used in the Joomla! content management system. A security vulnerability exists in Joomla! BA Gallery that stems from improper neutralization of special elements, which can lead to SQL injection...

The vulnerability of the PHP platform pimcore, related to the lack of measures taken to protect the SQL query structure, allows attackers to carry out attacks based on SQL injections.

The vulnerability of the PHP platform pimcore is related to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to carry out attacks based on SQL injections...

Biltay Technology Scienta SQL注入漏洞

Biltay Technology Scienta is a mobile application from Biltay Technology designed for enterprise management. Biltay Technology Scienta suffers from a SQL injection vulnerability that stems from not properly neutralizing special elements. An attacker can exploit this vulnerability to inject...

Campcodes Beauty Salon Management System SQL注入漏洞

Campcodes Beauty Salon Management System is a beauty salon management system from Campcodes. A SQL injection vulnerability exists in Campcodes Beauty Salon Management System version 1.0, which originates from an unknown function in the file /admin/admin-profile.php that can lead to SQL injection...

CVE-2023-3793

A vulnerability was found in Weaver e-cology. It has been rated as critical. This issue affects some unknown processing of the file filelFileDownloadForOutDoc.class of the component HTTP POST Request Handler. The manipulation of the argument fileid with the input 1+WAITFOR+DELAY leads to sql...

Bylancer QuickOrder SQL注入漏洞

Bylancer QuickOrder is a WhatsApp food ordering plugin from Bylancer. A SQL injection vulnerability exists in Bylancer QuickOrder version 6.3.7, which stems from the presence of an unknown function in the blog in the component GET Parameter Handler, which leads to sql injection via parameter s. T...

The vulnerability of the GLPI system’s handling of requests and incidents lies in the improper cancellation of input during the generation of web pages, allowing a malicious user to execute arbitrary SQL queries in the database.

The vulnerability of the GLPI system for handling requests and incidents is related to insufficient cleaning of user data on search pages. A malicious actor can trick a victim into clicking on a specially created link, allowing arbitrary HTML code and scripts to be executed in the user’s browser...

PT-2023-11557 · Unknown · Joyplus-Cms

Name of the Vulnerable Software and Affected Versions: Joyplus-cms version 1.6.0 Description: A SQL injection issue allows a remote attacker to access sensitive information via the id parameter of the goodbad function. This enables unauthorized access to sensitive data. Recommendations: For...

JeecgBoot SQL注入漏洞

JeecgBoot is a Chinese Java low-code platform for enterprise web applications. A security vulnerability exists in JeecgBoot 3.5.1 and earlier versions, which stems from a SQL injection vulnerability in the component queryFilterTableDictInfo...

Agro-School Management System SQL注入漏洞

Agro-School Management System is an agricultural school management system. A SQL injection vulnerability exists in Agro-School Management System version 1.0, which stems from a problem with the file loaddata.php, where manipulation of the subject/course parameter can result in sql injection...

PT-2023-24185 · Code Projects · Agro-School Management System

Name of the Vulnerable Software and Affected Versions: code-projects Agro-School Management System version 1.0 Description: A critical issue has been found in the Agro-School Management System, affecting some unknown functionality of the file loaddata.php. The manipulation of the subject/course...

WordPress plugin Portfolio Gallery SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A SQL injection vulnerability exists in...

CVE-2023-0600

The WP Visitor Statistics Real Time Traffic WordPress plugin before 6.9 does not escape user input which is concatenated to an SQL query, allowing unauthenticated visitors to conduct SQL Injection attacks...

Medical System Medisys Weblab Products SQL注入漏洞

Medical System Medisys Weblab Products is a client module for Medical System's LIS. It is a tool that allows laboratory clients to log in their own samples and subsequently view the results. A security vulnerability exists in Medical System Medisys Weblab Products version v19.4.03 that stems from...