CVE-2022-4547

The Conditional Payment Methods for WooCommerce WordPress plugin through 1.0 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin|users with a role as low as admin...

PT-2023-10142 · Unknown · Cherishsin Klattr

Name of the Vulnerable Software and Affected Versions: CherishSin klattr affected versions not specified Description: A critical vulnerability has been found in CherishSin klattr, affecting an unknown part, which leads to sql injection. Recommendations: At the moment, there is no information abou...

CVE-2022-4372

The Web Invoice WordPress plugin through 2.1.3 does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL Injection exploitable by high privilege users such as admin by default. However, depending on the plugin configuration, other users, such as...

WordPress Plugin Contest Gallery SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

Stock Management System SQL注入漏洞

Sourcecodester Stock Management System is an inventory management system. A security vulnerability exists in Stock Management System, which is caused by an incorrect manipulation of the parameter user/password leading to sql injection...

AeroCMS SQL注入漏洞

AeroCMS is a content management system from AeroCMS Inc. in the United States. AeroCMS version v0.0.1 suffers from a security vulnerability that stems from the Category parameter of its category.php component that allows an attacker to implement SQL injection resulting in access to database...

AeroCMS SQL注入漏洞

AeroCMS is a content management system from AeroCMS, Inc. A security vulnerability exists in AeroCMS v0.0.1, which stems from the id parameter of its adminpostcomments.php component allowing an attacker to implement SQL injection resulting in access to database information. No detailed...

CVE-2022-3481

The WooCommerce Dropshipping WordPress plugin before 4.4 does not properly sanitise and escape a parameter before using it in a SQL statement via a REST endpoint available to unauthenticated users, leading to a SQL injection...

SEMCMS SQL注入漏洞

SEMCMS is a multilingual content management system CMS for foreign trade websites. A SQL injection vulnerability exists in SEMCMS SHOP version 1.1, which stems from a SQL injection issue in AntMenu.php...

Best Student Result Management System SQL注入漏洞

Best Student Result Management System is a student result management system by Mayuri K. Individual developer. A security vulnerability exists in version 1.0 of Best Student Result Management System, which stems from an SQL injection issue in the /upresult/upresult/notice-details.php?nid= locatio...

PT-2022-24886 · Ree6 · Ree6

Name of the Vulnerable Software and Affected Versions: Ree6 versions prior to 1.7.0 Description: This issue allows manipulation of SQL queries. The estimated number of potentially affected devices is not provided. There are no reported real-world incidents where this issue was exploited. The issu...

PT-2022-26431 · Centreon · Centreon

Name of the Vulnerable Software and Affected Versions: Centreon affected versions not specified Description: This issue allows remote attackers to escalate privileges on affected installations. Authentication is required to exploit this issue. The specific flaw exists within the handling of...

JFinal SQL注入漏洞

JFinal is a Java-based language WEB ORM open source framework. JFinal CMS version 5.1.0 SQL injection vulnerability , the vulnerability stems from its several interfaces do not use the same components , and did not apply filters , and each interface uses its own SQL connection method , an attacke...

CVE-2022-37203

JFinal CMS 5.1.0 is vulnerable to SQL Injection. These interfaces do not use the same component, nor do they have filters, but each uses its own SQL concatenation method, resulting in SQL injection...

CVE-2022-38304

Online Leave Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /maintenance/manageleavetype.php...

CVE-2021-44835

An issue was discovered in Active Intelligent Visualization 5. The Vdc header is used in a SQL query without being sanitized. This causes SQL injection...

CVE-2022-36732

Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /librarian/dele.php...

PT-2022-21709 · Wwbn · Avideo

Name of the Vulnerable Software and Affected Versions: WWBN AVideo versions 11.6 Description: A SQL injection issue exists in the ObjectYPT functionality, allowing an attacker to inject SQL by manipulating the videoDownloadedLink or duration parameter in the aVideoEncoder functionality, which can...

Online Admission System SQL注入漏洞

Online Admission System is an online admission system by the individual developer RASHMI KUMARI. The Online Admission System suffers from a SQL injection vulnerability that stems from an unknown function in its GET parameter handling component that operates on the parameter eid, which could lead ...

CVE-2022-29709

CommuniLink Internet Limited CLink Office v2.0 was discovered to contain multiple SQL injection vulnerabilities via the username and password parameters...