1308 matches found
CVE-2023-49363
Rockoa 2.3.3 is vulnerable to SQL Injection. The problem exists in the indexAction method in reimpAction.php...
CVE-2023-6035
The EazyDocs WordPress plugin before 2.3.4 does not properly sanitize and escape "data" parameter before using it in an SQL statement via an AJAX action, which could allow any authenticated users, such as subscribers, to perform SQL Injection attacks...
Packers and Movers Management System Security Vulnerability
Packers and Movers Management System is a Packers and Movers Management System by Carlo Montero Individual Developer. A security vulnerability exists in Packers and Movers Management System version v.1.0, which stems from the presence of a SQL injection vulnerability. The vulnerability can be...
VulnCheck KEV: CVE-2023-1454
A vulnerability classified as critical has been found in jeecg-boot 3.5.0. This affects an unknown part of the file jmreport/qurestSql. The manipulation of the argument apiSelectId leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public...
CVE-2023-5047
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in DRD Fleet Leasing DRDrive allows SQL Injection. This issue affects DRDrive: before 20231006...
Cross site request forgery (csrf)
The XWiki Admin Tools Application provides tools to help the administration of XWiki. Prior to version 4.5.1, a cross-site request forgery vulnerability in the query on XWiki tool allows executing arbitrary database queries on the database of the XWiki installation. Among other things, this allow...
CVE-2023-48293
The CVE refers to XWiki Admin Tools Application (pre-4.5.1) where a CSRF flaw in the Query on XWiki tool allows executing arbitrary database queries. This can modify or delete wiki data and potentially create an attacker account with elevated privileges, impacting confidentiality, integrity, and ...
WordPress Plugin WP Hotel Booking Security Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...
CVE-2023-47308
In the module "Newsletter Popup PRO with Voucher/Coupon code" newsletterpop before version 2.6.1 from Active Design for PrestaShop, a guest can perform SQL injection in affected versions. The method NewsletterpopsendVerificationModuleFrontController::checkEmailSubscription has sensitive SQL calls...
CVE-2023-46601
A vulnerability has been identified in COMOS All versions. The affected application lacks proper access controls in making the SQLServer connection. This could allow an attacker to query the database directly to access information that the user should not have access to...
Siemens Comos 安全漏洞
COMOS is a unified data platform for collaborative plant design, operations and management that supports the collection, processing, preservation and distribution of information throughout the plant lifecycle. An access control error vulnerability exists in Siemens COMOS, which could be exploited...
Online Matrimonial Project SQL Injection Vulnerability
Online Matrimonial Project is an online matrimonial program. A SQL injection vulnerability exists in Online Matrimonial Project v1.0 where certain parameters are not validated or escaped before they are used in a stitched SQL statement...
PT-2023-30214 · Unknown · Online Matrimonial Project
Name of the Vulnerable Software and Affected Versions: Online Matrimonial Project version 1.0 Description: The issue concerns Unauthenticated SQL Injection vulnerabilities. Specifically, the id parameter of the "partner preference.php" resource does not validate the characters received and they a...
Online Matrimonial Project SQL Injection Vulnerability
Online Matrimonial Project is an online matrimonial program. A SQL injection vulnerability exists in Online Matrimonial Project v1.0 where certain parameters are not validated or escaped before they are used in a stitched SQL statement...
PT-2023-21245 · WordPress · Wp Reroute Email
Name of the Vulnerable Software and Affected Versions: WP Reroute Email versions 1.4.6 and earlier Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL Injection attacks. Recommendations:...
CVE-2023-5918
A vulnerability, which was classified as critical, was found in SourceCodester Visitor Management System 1.0. Affected is an unknown function of the file manageuser.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The identifier of thi...
SUSE CVE-2023-46490
SQL Injection vulnerability in Cacti v1.2.25 allows a remote attacker to obtain sensitive information via the formactions function in the managers.php function...
PT-2023-32105 · WordPress · Vertical Marquee Plugin
Name of the Vulnerable Software and Affected Versions: Vertical marquee plugin for WordPress versions up to, and including, 7.1 Description: The issue arises from insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query in the plugin's...
CVE-2023-44480
Leave Management System Project v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'setcasualleave' parameter of the admin/setleaves.php resource does not validate the characters received and they are sent unfiltered to the database...
CVE-2023-43794 SQL Injection in nocodb
Nocodb is an open source Airtable alternative. Affected versions of nocodb contain a SQL injection vulnerability, that allows an authenticated attacker with creator access to query the underlying database. By supplying a specially crafted payload to the given an attacker can inject arbitrary SQL...