PT-2021-10735 · Unknown · Phpgurukul Hospital Management System

Name of the Vulnerable Software and Affected Versions: PHPGurukul Hospital Management System version 4.0 Description: The issue concerns a SQL injection vulnerability located in the hmsget doctor.php file. This vulnerability can be exploited by remote unauthenticated users to obtain sensitive...

WordPress 插件SQL注入漏洞

WordPress Plugin is an open source application plugin for WordPress. WP Statistics suffers from a SQL injection vulnerability that can be exploited by attackers to obtain sensitive information about a database...

PT-2021-3413

Name of the Vulnerable Software and Affected Versions Spam protection, AntiSpam, FireWall by CleanTalk WordPress Plugin versions prior to 5.153.4 Description The issue is related to the update log function in the lib/Cleantalk/ApbctWP/Firewall/SFW.php module, which does not properly protect the S...

Django SQL注入漏洞

Django is the Django Foundation's set of open source Web application framework based on the Python language . The framework includes an object-oriented mapper, view system, template system, and more. An SQL injection vulnerability exists in Django Debug Toolbar, which can be exploited by an...

Soar Cloud System SQL注入漏洞

Soar Cloud System is a HR system solution system developed by Soar. The Soar Cloud System HR portal suffers from a SQL injection vulnerability that stems from not filtering SQL injection statements, which allows a remote attacker to inject SQL syntax and obtain all data in the database without...

LibreNMS SQL注入漏洞

Librenms is an open source network monitoring system based on PHP and MySQL from the Librenms community. The system features customizable alerts, auto-discovery of the network environment and automatic updates. A SQL injection vulnerability exists in LibreNMS versions prior to 21.1.0, which...

OpenAsset Digital Asset Management SQL Injection Vulnerability

Openasset is a digital asset management software for the website building industry from Openasset UK. OpenAsset Digital Asset Management suffers from a SQL injection vulnerability that originates from a blind remote SQL injection via authentication, which can be exploited by an attacker to gain...

SQL Injection Vulnerability in Kaixin Worklog System worklog

Kaixin Worklog Worklog system is a software system based on B/S to build the collaborative office within the enterprise. The system uses ASP.NET language development. Worklog system worklog star SQL injection vulnerability , attackers can use the vulnerability to obtain sensitive information...

Siemens XHQ SQL Injection Vulnerability

Siemens XHQ is a software platform that aggregates plant or pipeline operational data, processes it in a goal-oriented manner, and then makes decisions in real time to effectively improve plant or pipeline operational performance. A SQL injection vulnerability exists in Siemens XHQ versions prior...

CVE-2020-29284

The file view-chair-list.php in Multi Restaurant Table Reservation System 1.0 does not perform input validation on the tableid parameter which allows unauthenticated SQL Injection. An attacker can send malicious input in the GET request to /dashboard/view-chair-list.php?tableid= to trigger the...

SQL injection vulnerability in ad***.cl***.php file in the backend of MTCEO repository system

MTCEO library system using php + mysql, built by thinkphp underlying , Baidu library template style for the basic style . MTCEO library system background ad.cl.php file SQL injection vulnerability. Attackers can use the vulnerability to obtain database sensitive information...

SQL Injection Vulnerability in JfinalOA

JfinalOA is a set of open source office OA system development framework. JfinalOA SQL injection vulnerability , an attacker can exploit the vulnerability to obtain sensitive database information...

CVE-2020-8887

Telestream Tektronix Medius before 10.7.5 and Sentry before 10.7.5 have a SQL injection vulnerability allowing an unauthenticated attacker to dump database contents via the page parameter in a page=login request to index.php aka the server login page...

ZZCMS 2020 Frontend SQL Injection Vulnerability

ZZCMS is a content management system for Webmaster Merchants. A SQL injection vulnerability exists in the ZZCMS 2020 frontend, which can be exploited by attackers to obtain sensitive information from the database...

CVE-2020-14068

An issue was discovered in MK-AUTH 19.01. The web login functionality allows an attacker to bypass authentication and gain client privileges via SQL injection in central/executarlogin.php...

SQL Injection Vulnerability in the Frontend of waychar Enrollment System

Waychar Enrollment System is a PHP/MYSQL based enrollment system. A SQL injection vulnerability exists in the frontend of waychar enrollment system. An attacker can exploit this vulnerability to obtain sensitive information from the database...

SQL Injection Vulnerability in BEESCMS Backend ad***_bo***.php Page

BEESCMS is a scalable content management system CMS based on PHP and MySQL. A SQL injection vulnerability exists in the adbo.php page in the BEESCMS backend. An attacker can exploit the vulnerability to obtain sensitive database information...

PT-2020-17812 · Unknown · Ultralog Express

Name of the Vulnerable Software and Affected Versions: UltraLog Express affected versions not specified Description: The issue concerns the UltraLog Express device management interface, which fails to properly filter user-inputted strings in specific parameters. This allows attackers to inject...

Kodak Multimedia Recording and Playback System has SQL Injection Vulnerability

Ltd. is a provider of video and security products and solutions, dedicated to video conferencing, video surveillance and video application solutions to help various government and enterprise customers to solve visual communication and management challenges. A SQL injection vulnerability exists in...

Simplejobscript.com SJS SQL Injection Vulnerability

Simplejobscript.com SJS is a WEB based recruitment application service program. A SQL injection vulnerability exists in Simplejobscript.com SJS, which stems from a lack of validation of externally entered SQL statements in database-based applications and can be exploited by an attacker to execute...