FreeBSD : kanboard -- Insufficient session invalidation (94b2d58a-c1e9-11ef-aa3f-dcfe074bd614)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 94b2d58a-c1e9-11ef-aa3f-dcfe074bd614 advisory. [email protected] reports: Kanboard is project management software that focuses on the...

PT-2024-17411 · WordPress · Advanced Floating Content

Name of the Vulnerable Software and Affected Versions: Advanced Floating Content plugin for WordPress versions up to, and including, 3.8.2 Description: The issue arises from insufficient escaping on the user-supplied parameter and lack of sufficient preparation on the existing SQL query in the...

PT-2024-10193 · Amazon · Amazon Redshift Jdbc Driver

Name of the Vulnerable Software and Affected Versions: Amazon Redshift JDBC Driver version 2.1.0.31 Description: A SQL injection issue in the Amazon Redshift JDBC Driver allows a user to gain escalated privileges via the getSchemas, getTables, or getColumns Metadata APIs. This issue can be...

WordPress plugin LaunchPage.app Importer SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A SQL injection...

CVE-2024-11713

The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to SQL Injection via the 'pageid' parameter of the wpjobportaldeactivate function in all versions up to, and including, 2.2.2 due to insufficient escaping on the user supplied...

CVE-2024-11713

CVE-2024-11713 affects WordPress plugin WP Job Portal (versions up to 2.2.2). It is an authenticated SQL Injection via wpjobportal_deactivate() with insufficient escaping and unsafe SQL construction, exploitable by Administrators or higher. Impact: potential exposure of DB content. Remediation: u...

UBUNTU-CVE-2024-21543

Versions of the package djoser before 2.3.0 are vulnerable to Authentication Bypass when the authenticate function fails. This is because the system falls back to querying the database directly, granting access to users with valid credentials, and eventually bypassing custom authentication checks...

PlexTrac 安全漏洞

PlexTrac is a penetration test reporting and management platform from PlexTrac Inc. in the United States. A security vulnerability exists in PlexTrac versions prior to 1.61.3 through 2.8.1 that stems from improper neutralization of special elements used in N1QL commands, resulting in N1QL injecti...

djoser 安全漏洞

djoser is a REST implementation of the Django authentication system open-sourced by Sunscrapers. A security vulnerability exists in djoser versions prior to 2.3.0, which stems from the system directly querying the database to grant access to users with valid credentials, making it susceptible to ...

PT-2024-17220 · WordPress · Bp Profile Shortcodes Extra

Name of the Vulnerable Software and Affected Versions: BP Profile Shortcodes Extra plugin for WordPress versions up to, and including, 2.6.0 Description: The issue is related to time-based SQL Injection via the tab parameter due to insufficient escaping on the user-supplied parameter and lack of...

WordPress Revy plugin <= 1.18 - Unauthenticated SQL Injection vulnerability

Unauthenticated SQL Injection vulnerability discovered by Dave Jong Patchstack in WordPress Plugin Revy versions = 1.18...

CVE-2024-11964

A vulnerability, which was classified as critical, was found in PHPGurukul Complaint Management system 1.0. This affects an unknown part of the file /user/index.php. The manipulation of the argument emailid leads to sql injection. It is possible to initiate the attack remotely. The exploit has be...

Zabbix SQL注入漏洞

Zabbix is an open source monitoring system from Zabbix. The system supports network monitoring, server monitoring, cloud monitoring and application monitoring. A SQL injection vulnerability exists in Zabbix versions 6.0.0 through 6.0.31, 6.4.0 through 6.4.16, and 7.0.0. The vulnerability stems fr...

CVE-2023-52335

Advantech iView ConfigurationServlet SQL Injection Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability. The specific flaw exist...

SourceCodester Best Employee Management System 安全漏洞

SourceCodester Best Employee Management System is a SourceCodester open source employee management system. A security vulnerability exists in SourceCodester Best Employee Management System version 1.0, which originates from an SQL injection vulnerability in the id parameter of the...

PT-2024-16683 · Sourcecodester · Sourcecodester Online Veterinary Appointment System

Name of the Vulnerable Software and Affected Versions: SourceCodester Online Veterinary Appointment System version 1.0 Description: A critical vulnerability was found in the SourceCodester Online Veterinary Appointment System. This issue affects the file /admin/services/view service.php, where th...

WordPress WP EIS plugin <= 1.3.3 - SQL Injection vulnerability

SQL Injection vulnerability discovered by LVT-tholv2k Patchstack Alliance in WordPress Plugin WP EIS versions = 1.3.3...

PT-2024-33055 · Wavelog · Wavelog

Name of the Vulnerable Software and Affected Versions: Wavelog version 1.8.5 Description: The issue allows SQL injection via the band, sat, propagation, or mode variables in the get band confirmed function of Gridmap model.php. This can potentially lead to unauthorized access or manipulation of...

CVE-2024-9156

The TI WooCommerce Wishlist WordPress plugin through 2.8.2 is vulnerable to SQL Injection due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries...

CVE-2024-42417

Delta Electronics DIAEnergie is vulnerable to an SQL injection in the script HandlerCFG.ashx. An authenticated attacker may be able to exploit this issue to cause delay in the targeted product...