CVE-2024-5605

The Media Library Assistant plugin for WordPress is vulnerable to time-based SQL Injection via the ‘order’ parameter within the mlatagcloud Shortcode in all versions up to, and including, 3.16 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...

WordPress plugin Youzify security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

CVE-2024-5329

The Unlimited Elements For Elementor Free Widgets, Addons, Templates plugin for WordPress is vulnerable to blind SQL Injection via the ‘dataaddonID’ parameter in all versions up to, and including, 1.5.109 due to insufficient escaping on the user supplied parameter and lack of sufficient preparati...

Campcodes Complete Web-Based School Management System 安全漏洞

Campcodes Complete Web-Based School Management System is a Web-based school management system from Campcodes, Inc. A security vulnerability exists in Complete Web-Based School Management System version 1.0. An attacker can exploit this vulnerability to execute arbitrary SQL commands via the id...

CVE-2024-35475

A Cross-Site Request Forgery CSRF vulnerability was discovered in OpenKM Community Edition on or before version 6.3.12. The vulnerability exists in /admin/DatabaseQuery, which allows an attacker to manipulate a victim with administrative privileges to execute arbitrary SQL commands...

Santesoft Sante PACS Server 安全漏洞

Santesoft Sante PACS Server is a DICOM 3.0 compliant PACS server, Modality Worklist server, HTTP Web server for DICOM files, and CD/DVD burning and printing server from Santesoft Cyprus. Used to store, archive, manage, view and burn medical images. A security vulnerability exists in Santesoft San...

CVE-2024-4287

In mintplex-labs/anything-llm, a vulnerability exists due to improper input validation in the workspace update process. Specifically, the application fails to validate or format JSON data sent in an HTTP POST request to /api/workspace/:workspace-slug/update, allowing it to be executed as part of ...

CVE-2024-4287

In mintplex-labs/anything-llm, a vulnerability exists due to improper input validation in the workspace update process. Specifically, the application fails to validate or format JSON data sent in an HTTP POST request to /api/workspace/:workspace-slug/update, allowing it to be executed as part of ...

CVE-2024-4287 Improper Input Validation in mintplex-labs/anything-llm

In mintplex-labs/anything-llm, a vulnerability exists due to improper input validation in the workspace update process. Specifically, the application fails to validate or format JSON data sent in an HTTP POST request to /api/workspace/:workspace-slug/update, allowing it to be executed as part of ...

CVE-2024-4287

In mintplex-labs/anything-llm, a vulnerability exists due to improper input validation in the workspace update flow. The flaw occurs when JSON data sent via HTTP POST to /api/workspace/:workspace-slug/update is not properly validated/formatted, allowing the payload to be executed as part of a dat...

PT-2024-34538 · Unknown · Campcodes Complete Web-Based School Management System

Name of the Vulnerable Software and Affected Versions: Campcodes Complete Web-Based School Management System version 1.0 Description: A critical issue was found in the system, affecting an unknown functionality of the file /view/teacher profile.php. The manipulation of the index argument leads to...

Event Registration System SQL注入漏洞

Event Registration System is a QR code based event registration system by Carlo Montero, an individual developer. An SQL injection vulnerability exists in Event Registration System version 1.0, which originates from an unknown function in Portal.php that causes SQL injection via the...

Multiple vulnerabilities in Field Logic DataCube

Overview DataCube provided by Field Logic Inc. contains multiple vulnerabilities listed below. Direct Request 'Forced Browsing' CWE-425 - CVE-2024-25830 Reflected cross-site scripting CWE-79 - CVE-2024-25831 Unrestricted upload of file with dangerous type CWE-434 - CVE-2024-25832 SQL injection...

PT-2024-5502 · Umi Cms · Umi Cms

Name of the Vulnerable Software and Affected Versions: UMI CMS affected versions not specified Description: The issue is related to the lack of protection against SQL query structure exploitation in UMI CMS, a multi-site content management system. This could allow a remote attacker to execute...

RuvarOA 安全漏洞

RuvarOA is an office automation system of Ruvar China. A SQL injection vulnerability exists in RuvarOA v6.01 and v12.01, which is caused by a lack of validation of the idlist parameter of the /WorkFlow/wfworkprint.aspx file against externally entered SQL statements. An attacker can exploit this...

RuvarOA 安全漏洞

RuvarOA is an office automation system of Ruvar China. A SQL injection vulnerability exists in RuvarOA v6.01 and v12.01, which is caused by the lack of validation of the officemissiveid parameter in the /WorkFlow/wfworkformsave.aspx file against external SQL input. An attacker can exploit this...

CVE-2024-33164

J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sqlfilter parameter in the authUserList function...

PT-2024-25133 · J2Eefast · J2Eefast

Name of the Vulnerable Software and Affected Versions: J2EEFAST version 2.7.0 Description: The issue is related to a SQL injection vulnerability. It occurs via the sql filter parameter in the myProcessList function. Recommendations: For J2EEFAST version 2.7.0, consider restricting access to the...

Campcodes Complete Web-Based School Management System 安全漏洞

Campcodes Complete Web-Based School Management System is a Web-based school management system from Campcodes, Inc. A security vulnerability exists in version 1.0 of the Campcodes Complete Web-Based School Management System, which originates from an SQL injection vulnerability in the myindex...

BlueNet Technology Clinical Browsing System SQL注入漏洞

BlueNet Technology Clinical Browsing System is a clinical browsing system from BlueNet Technology USA. A SQL injection vulnerability exists in BlueNet Technology Clinical Browsing System version 1.2.1, which stems from the parameter documentUniqueId in the file /xds/deleteStudy.php that can lead ...