WordPress和WordPress plugin SQL注入漏洞

WordPress is a blogging platform developed by the Wordpress Foundation using the PHP language. A SQL injection vulnerability exists in versions of the WordPress Futurio Extra plugin prior to 1.6.3, which stems from a lack of filtering and escaping of SQL data submitted by users. A highly privileg...

CVE-2022-22055

The Le-yan dental management system contains an SQL-injection vulnerability. An unauthenticated remote attacker can inject SQL commands into the input field of the login page to acquire administrator’s privilege and perform arbitrary operations on the system or disrupt service...

CVE-2021-43157

Projectsworlds Online Shopping System PHP 1.0 is vulnerable to SQL injection via the id parameter in cartremove.php...

Projectworlds Hospital Management System SQL注入漏洞

Projectworlds Hospital Management System is a hospital management system from Projectworlds Austria. version 1.0 of Projectworlds Hospital Management System is vulnerable to SQL injection, which can be exploited by attackers to compromise database system and in some cases use this vulnerability t...

PayPal Free Source Code SQL注入漏洞

PayPal Free Source Code is an online registration management system. A security vulnerability exists in PayPal Free Source Code 1.0 online registration management system, which allows attackers to obtain sensitive information and execute arbitrary SQL commands via the IDNO parameter...

Esri Arcgis Server SQL注入漏洞

Esri Arcgis Server is a Web-oriented, enterprise-class software platform that can be used to provide geolocation services from Esri, Inc. Esri ArcGIS Server suffers from a SQL injection vulnerability that stems from a lack of validation of externally entered SQL statements in database-based...

WordPress 插件 SQL注入漏洞

WordPress Plugin is an open source application plugin for WordPress. The WordPress plugin suffers from a SQL injection vulnerability that stems from the hmwp get user ip function attempting to retrieve an ip address from multiple headers, including ip address headers that the user can spoof, such...

Roundcube Webmail SQL注入漏洞

Roundcube Webmail is an open source browser-based IMAP client that supports address book management, message searching, spell checking, and more. A SQL injection vulnerability exists in Roundcube Webmail, which can be exploited to perform SQL injection via "search" or "searchparams". The followin...

CVE-2021-24772

The Stream WordPress plugin before 3.8.2 does not sanitise and validate the order GET parameter from the Stream Records admin dashboard before using it in a SQL statement, leading to an SQL injection issue...

USN-5145-1 postgresql-10, postgresql-12, postgresql-13 vulnerabilities

Jacob Champion discovered that PostgreSQL incorrectly handled SSL certificate verification and encryption. A remote attacker could possibly use this issue to inject arbitrary SQL queries when a connection is first established...

CVE-2020-22223

Stivasoft Phpjabbers Fundraising Script v1.0 was discovered to contain a SQL injection vulnerability via the pjActionLoad function...

Online Student Admission System SQL注入漏洞

Online Student Admission System is an online student admission system. It is used to computerize all pre- and post-admission activities of an institution. A security vulnerability exists in Online Student Admission System version 1.0, which stems from the software's lack of effective restrictions...

POC-EXP

It is an offensive tool for vulnerability exploitation. The repository contains a collection of exploits and proof-of-concept PoC code for various vulnerabilities. No specific CVE or GHSA IDs are mentioned, but the repository is likely focused on demonstrating exploitation techniques rather than...

SAP Business One SQL注入漏洞

SAP Business One is a suite of enterprise management software from SAP, a German company. SAP Business One version 10.0 has a SQL injection vulnerability that stems from the lack of effective validation and escaping of SQL statements, which can be exploited by an attacker with business privileges...

Delta Electronics DIAEnergie SQL注入漏洞

A SQL blind injection vulnerability exists in the /DataHandler/HandlerEnergyType.ashx endpoint in DIAEnergie 1.7.5 and earlier versions. The vulnerability stems from the application not properly validating the value provided by the user via the parameter egyid before using the value as part of a...

thinkphp-zcms SQL注入漏洞

thinkphp-zcms is open source based on thinkphp3.2 development of a cms system , more comprehensive features . thinkphp-zcms There is a SQL injection vulnerability , an attacker can use the vulnerability through index.php?m=home&c=message&a=add to execute arbitrary SQL commands...

CVE-2021-24550

The Broken Link Manager WordPress plugin through 0.6.5 does not sanitise, validate or escape the url GET parameter before using it in a SQL statement when retrieving an URL to edit, leading to an authenticated SQL injection issue...

CASAP Automated Enrollment SQL注入漏洞

CASAP Automated Enrollment is an automated enrollment system for the CASAP organization. The goal of this project is to provide CASAP with an automated enrollment system to streamline the school's processes and make them more effective, efficient and easily retrievable. SourceCodester Alumni...

Metinfo MetInfo SQL注入漏洞

Metinfo MetInfo is a content management system CMS developed by China Metinfo using PHP and Mysql. A SQL injection vulnerability exists in MetInfo, which originates from the product's admin/?n=language&c=languageweb&a=doAddLanguage does not securely validate user input data, and can be exploited ...

CVE-2020-4902

IBM Datacap Taskmaster Capture IBM Datacap Navigator 9.1.7 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 191045...