Art Gallery Management System SQL Injection Vulnerability

Art Gallery Management System is an art gallery management system. Art Gallery Management System has a SQL injection vulnerability, the vulnerability stems from improper operation of the parameter arttype in the file /admin/add-art-type.php, which can be exploited by an attacker to query a string...

Siemens OZW672和Siemens OZW772 SQL注入漏洞

The OZW device web server is used for remote monitoring of building controller devices, e.g. for monitoring heating control or air conditioning status. A code execution and SQL injection vulnerability exists in the Siemens OZW672 and OZW772 web servers, which can be exploited by an attacker to...

Rail Pass Management System /admin/search-pass.php File SQL Injection Vulnerability

Rail Pass Management System is a rail pass management system. The Rail Pass Management System suffers from a SQL injection vulnerability that occurs when the searchdata parameter in the /admin/search-pass.php file is not properly filtered. An attacker can exploit this vulnerability to obtain...

SourceCodester Online Eyewear Shop 注入漏洞

SourceCodester Online Eyewear Shop is a SourceCodester open source online eyewear store website project developed using PHP and MySQL, which provides an online shopping and ordering platform for the eyewear business and its potential customers. An injection vulnerability exists in SourceCodester...

Vulnerabilities fixed in Siemens TeleControl Server

Siemens has fixed vulnerabilities in TeleControl Server Basic. The vulnerabilities are in how the TeleControl Server Basic allows SQL injection through various methods, such as 'CreateTrace,' 'VerifyUser,' 'Authenticate,' and many others. These vulnerabilities allow unauthenticated and...

PT-2025-16854 · Unknown · Telecontrol Server Basic

Name of the Vulnerable Software and Affected Versions: TeleControl Server Basic versions prior to 3.1.2.2 Description: The issue allows an authenticated remote attacker to bypass authorization controls, read from and write to the application's database, and execute code with "NT...

Siemens TeleControl Server Basic SQL注入漏洞

Siemens TeleControl Server Basic is an industrial remote controller from Siemens, Germany. Siemens TeleControl Server Basic suffers from a SQL injection vulnerability that originates from a SQL injection in the internal method UnlockGeneralSettings, which can be exploited by an attacker to bypass...

Siemens TeleControl Server Basic SQL注入漏洞

Siemens TeleControl Server Basic is an industrial remote controller from Siemens, Germany. Siemens TeleControl Server Basic suffers from a SQL injection vulnerability that can be exploited by an attacker to bypass authorization controls and execute arbitrary code...

CVE-2025-3265

A vulnerability classified as critical was found in PHPGurukul e-Diary Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /add-category.php. The manipulation of the argument Category leads to sql injection. The attack can be launched remotely. The exploi...

vipshop Saturn SQL注入漏洞

vipshop Saturn is a platform that provides distributed, fault-tolerant, and highly available job scheduling services from China's Vipshop vipshop company. A security vulnerability exists in vipshop Saturn 3.5.1 and earlier versions, which stems from a SQL injection in the zkClusterKey component...

SourceCodester Online Tutor Portal 注入漏洞

SourceCodester Online Tutor Portal is a SourceCodester open source online tutor portal. An injection vulnerability exists in SourceCodester Online Tutor Portal version 1.0, which stems from the fact that incorrect manipulation of a parameter ID can lead to SQL injection...

PT-2025-14380 · Unknown · Clinic'S Patient Management System

Name of the Vulnerable Software and Affected Versions: Clinic’s Patient Management System version 2.0 Description: The issue is related to a SQL injection vulnerability in the login page. Recommendations: For Clinic’s Patient Management System version 2.0, update to a version that fixes the SQL...

PHPGurukul e-Diary Management System 安全漏洞

The e-Diary Management System is an electronic diary management system. The e-Diary Management System suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the Category parameter of the edit-category.php?id=8 file. An attacker ca...

WordPress plugin Advanced Google reCAPTCHA SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A SQL injection vulnerability exists in WordPress...

PHPGurukul Art Gallery Management System 注入漏洞

Art Gallery Management System is an art gallery management system. Art Gallery Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter Search of /search.php. An attacker can exploit this...

CVE-2024-10835

In eosphoros-ai/db-gpt version v0.6.0, the web API POST /api/v1/editor/sql/run allows execution of arbitrary SQL queries without any access control. This vulnerability can be exploited by attackers to perform Arbitrary File Write using DuckDB SQL, enabling them to write arbitrary files to the...

CVE-2019-25222

The Thumbnail carousel slider plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter in all versions up to, and including, 1.0.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

LogicalDOC SQL注入漏洞

LogicalDOC is the United States LogicalDOC company a set of document management system developed using Java technology. The system has features such as Lucene full-text search indexing and automatic import. A security vulnerability exists in LogicalDOC that originates from a blind SQL injection,...

Apartment Visitors Management System contactno Parameter SQL Injection Vulnerability

Apartment Visitors Management System is an apartment visitor management system. The Apartment Visitors Management System suffers from a SQL injection vulnerability that stems from a lack of validation of the contactno parameter against externally entered SQL statements. An attacker can use this...

Online Shopping Portal product-details.php file SQL Injection Vulnerability

Online Shopping Portal is an online store. Online Shopping Portal suffers from a SQL injection vulnerability that stems from a lack of validation of externally entered SQL statements in the product-details.php file. An attacker can exploit this vulnerability to execute illegal SQL commands to ste...