BA Gallery SQL Injection Vulnerability in Joomla!

Joomla! is a set of forum components used in the Joomla! content management system. A security vulnerability exists in Joomla! BA Gallery that stems from improper neutralization of special elements, which can lead to SQL injection...

CVE-2023-38684

Discourse (open source forum software) is vulnerable in versions prior to 3.0.6 (stable) and 3.1.0.beta7 (beta/tests-passed) where multiple controller actions accept limit parameters without an upper bound, potentially enabling arbitrary users to generate expensive DB queries and exhaust server r...

Biltay Technology Scienta SQL注入漏洞

Biltay Technology Scienta is a mobile application from Biltay Technology designed for enterprise management. Biltay Technology Scienta suffers from a SQL injection vulnerability that stems from not properly neutralizing special elements. An attacker can exploit this vulnerability to inject...

Campcodes Beauty Salon Management System SQL注入漏洞

Campcodes Beauty Salon Management System is a beauty salon management system from Campcodes. A SQL injection vulnerability exists in Campcodes Beauty Salon Management System version 1.0, which originates from an unknown function in the file /admin/admin-profile.php that can lead to SQL injection...

DedeBIZ 跨站脚本漏洞

DedeBIZ is a content management system from China Muyun Intelligent Technology DedeBIZ company. A cross-site scripting vulnerability exists in DedeBIZ version 6.2.10, which originates from the presence of an unknown function in the file /admin/syssqlquery.php, resulting in cross-site scripting...

CVE-2023-3793

A vulnerability was found in Weaver e-cology. It has been rated as critical. This issue affects some unknown processing of the file filelFileDownloadForOutDoc.class of the component HTTP POST Request Handler. The manipulation of the argument fileid with the input 1+WAITFOR+DELAY leads to sql...

Bylancer QuickOrder SQL注入漏洞

Bylancer QuickOrder is a WhatsApp food ordering plugin from Bylancer. A SQL injection vulnerability exists in Bylancer QuickOrder version 6.3.7, which stems from the presence of an unknown function in the blog in the component GET Parameter Handler, which leads to sql injection via parameter s. T...

CVE-2023-37303

An issue was discovered in the CheckUser extension for MediaWiki through 1.39.3. In certain situations, an attempt to block a user fails after a temporary browser hang and a DBQueryDisconnectedError error message...

UBUNTU-CVE-2023-37303

An issue was discovered in the CheckUser extension for MediaWiki through 1.39.3. In certain situations, an attempt to block a user fails after a temporary browser hang and a DBQueryDisconnectedError error message...

PT-2023-11557 · Unknown · Joyplus-Cms

Name of the Vulnerable Software and Affected Versions: Joyplus-cms version 1.6.0 Description: A SQL injection issue allows a remote attacker to access sensitive information via the id parameter of the goodbad function. This enables unauthorized access to sensitive data. Recommendations: For...

PHPOK SQL注入漏洞

PHPOK is an enterprise building system that supports expansion. PHPOK v.5.4 suffers from a SQL injection vulnerability that originates from allowing remote attackers to obtain sensitive information via the userlist function in the framerwork/phpokcall.php file. No detailed vulnerability details a...

CVE-2023-2221

The WP Custom Cursors WordPress plugin before 3.2 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as Admin...

JeecgBoot SQL注入漏洞

JeecgBoot is a Chinese Java low-code platform for enterprise web applications. A security vulnerability exists in JeecgBoot 3.5.1 and earlier versions, which stems from a SQL injection vulnerability in the component queryFilterTableDictInfo...

Agro-School Management System SQL注入漏洞

Agro-School Management System is an agricultural school management system. A SQL injection vulnerability exists in Agro-School Management System version 1.0, which stems from a problem with the file loaddata.php, where manipulation of the subject/course parameter can result in sql injection...

PT-2023-24185 · Code Projects · Agro-School Management System

Name of the Vulnerable Software and Affected Versions: code-projects Agro-School Management System version 1.0 Description: A critical issue has been found in the Agro-School Management System, affecting some unknown functionality of the file loaddata.php. The manipulation of the subject/course...

CVE-2023-2111

The Fast & Effective Popups & Lead-Generation for WordPress plugin before 2.1.4 concatenates user input into an SQL query without escaping it first in the plugin's report API endpoint, which could allow administrators in multi-site configuration to leak sensitive information from the site's...

PT-2023-17903 · WordPress · Fast & Effective Popups & Lead-Generation

Name of the Vulnerable Software and Affected Versions: Fast & Effective Popups & Lead-Generation for WordPress plugin versions prior to 2.1.4 Description: The issue concerns the concatenation of user input into an SQL query without proper escaping in the plugin's report API endpoint. This could...

WordPress plugin Portfolio Gallery SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A SQL injection vulnerability exists in...

CVE-2023-0600

The WP Visitor Statistics Real Time Traffic WordPress plugin before 6.9 does not escape user input which is concatenated to an SQL query, allowing unauthenticated visitors to conduct SQL Injection attacks...

PT-2023-23484 · Sourcecodester · Sourcecodester Faculty Evaluation System

Name of the Vulnerable Software and Affected Versions: Sourcecodester Faculty Evaluation System version 1.0 Description: The issue is related to SQL Injection, which can be exploited via the "/eval/admin/view faculty.php?id=" endpoint. This allows for potential manipulation of database queries...