DEBIAN-CVE-2024-23833

OpenRefine is a free, open source power tool for working with messy data and improving it. A jdbc attack vulnerability exists in OpenRefineversion=3.7.7 where an attacker may construct a JDBC query which may read files on the host filesystem. Due to the newer MySQL driver library in the latest...

CVE-2024-1207

The WP Booking Calendar plugin for WordPress is vulnerable to SQL Injection via the 'calendarrequestparamsdatesddmmyycsv' parameter in all versions up to, and including, 9.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query...

Novel-Plus SQL Injection Vulnerability

Novel-Plus is an online social reading and writing platform from Novel-Plus, Inc. A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and earlier versions, which stems from a SQL injection vulnerability in the path /system/dataPerm/list...

jshERP SQL Injection Vulnerability

jshERP Huaxia ERP is a homegrown ERP system developed by a Chinese individual developer, Ji Sheng Hua. A SQL injection vulnerability exists in jshERP v3.3, which is caused by insufficient filtering of the "column" and "order" parameters...

Novel-Plus SQL Injection Vulnerability

Novel-Plus is an online social reading and writing platform from Novel-Plus, Inc. An SQL injection vulnerability exists in Novel-Plus version 4.3.0-RC1, which stems from the fact that incorrect manipulation of the parameter sort can lead to sql injection...

CVE-2024-0883

A vulnerability was found in SourceCodester Online Tours & Travels Management System 1.0. It has been declared as critical. This vulnerability affects the function prepare of the file admin/pay.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely...

CVE-2024-0705

The Stripe Payment Plugin for WooCommerce plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter in all versions up to, and including, 3.7.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...

CVE-2023-5041

The Track The Click WordPress plugin before 0.3.12 does not properly sanitize query parameters to the stats REST endpoint before using them in a database query, allowing a logged in user with an author role or higher to perform time based blind SQLi attacks on the database...

Design/Logic Flaw

The Track The Click WordPress plugin before 0.3.12 does not properly sanitize query parameters to the stats REST endpoint before using them in a database query, allowing a logged in user with an author role or higher to perform time based blind SQLi attacks on the database...

PT-2024-13531 · WordPress · Newsletters

Name of the Vulnerable Software and Affected Versions: The Newsletters WordPress plugin versions prior to 4.9.3 Description: The issue arises from the plugin's failure to properly escape user-controlled parameters when they are appended to SQL queries and shell commands. This could enable an...

PT-2024-15604 · Code Projects · Code-Projects Fighting Cock Information System

Name of the Vulnerable Software and Affected Versions: code-projects Fighting Cock Information System version 1.0 Description: A critical issue was found in the system, affecting some unknown functionality of the file /admin/action/delete-vaccine.php. The manipulation of the ref argument leads to...

CVE-2024-0460

A vulnerability was found in code-projects Faculty Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/pages/student-print.php. The manipulation leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed...

PT-2024-1493 · Nexo-Os · Nexo-Os

Name of the Vulnerable Software and Affected Versions: NEXO-OS affected versions not specified Description: The issue allows a remote unauthenticated attacker to read arbitrary content of the results database via a crafted HTTP request. This is related to a lack of protection for the SQL query...

PT-2024-14467 · Unknown · Ptypeconverter

Name of the Vulnerable Software and Affected Versions: pTypeConverter versions 0.2.8.1 and earlier Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for potential exploitation by injecting...

PT-2024-15409 · Unknown · Codeastro Online Food Ordering System

Name of the Vulnerable Software and Affected Versions: CodeAstro Online Food Ordering System version 1.0 Description: A critical vulnerability was found in the Admin Panel component of the CodeAstro Online Food Ordering System. The manipulation of the Username argument leads to SQL injection. The...

CVE-2023-50862

Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'hotelIDHidden' parameter of the booking.php resource does not validate the characters received and they are sent unfiltered to the database...

CVE-2023-49624

Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'cancelid' parameter of the materialbill.php resource does not validate the characters received and they are sent unfiltered to the database...

WordPress Plugin GEO my WordPress SQL Injection Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress Plugin GEO my...

PT-2023-32847 · Byzoro +1 · Byzoro S210 +1

Name of the Vulnerable Software and Affected Versions: Byzoro S210 up to 20231210 Beijing Baichuo S210 up to 20231210 Description: A critical issue has been discovered, affecting an unknown function of the file /importexport.php. The manipulation of the sql argument leads to injection. This issue...

CVE-2023-48050

SQL injection vulnerability in Cams Biometrics Zkteco, eSSL, Cams Biometrics Integration Module with HR Attendance aka odoo-biometric-attendance v. 13.0 through 16.0.1 allows a remote attacker to execute arbitrary code and to gain privileges via the db parameter in the controllers/controllers.py...