CVE-2023-28662

The Gift Cards Gift Vouchers and Packages WordPress Plugin, version = 4.3.1, is affected by an unauthenticated SQL injection vulnerability in the template parameter in the wpgvdoajaxvoucherpdfsavefunc action...

CVE-2023-27570

The eotags package before 1.4.19 for PrestaShop allows SQL injection via a crafted ga cookie...

CVE-2023-27871

IBM Aspera Faspex 4.4.2 could allow a remote attacker to obtain sensitive credential information for an external user, using a specially crafted SQL query. IBM X-Force ID: 249613...

PT-2023-2219 · Sourcecodester · Sourcecodester E-Commerce System

Name of the Vulnerable Software and Affected Versions: SourceCodester E-Commerce System version 1.0 Description: A critical issue has been found in the processing of the file /ecommerce/admin/settings/setDiscount.php, which is related to a lack of protection of the SQL query structure. This issue...

CVE-2023-1499

A vulnerability classified as critical was found in code-projects Simple Art Gallery 1.0. Affected by this vulnerability is an unknown functionality of the file adminHome.php. The manipulation of the argument reachcity leads to sql injection. The attack can be launched remotely. The exploit has...

RockOA 代码问题漏洞

RockOA Xinhuo is an open source office OA system . RockOA 2.3.2 version of the code problem vulnerability , the vulnerability stems from the file acloudCosAction.php.SQL function runAction has problems with the operation of the parameter fileid will lead to unrestricted uploads...

Canteen Management System SQL注入漏洞

Canteen Management System is a cafeteria management system by Mayuri K. Individual developer. A SQL injection vulnerability exists in SourceCodester Canteen Management System version 1.0, which stems from the presence of an unknown function in changeUsername.php that leads to SQL injection via th...

Simple Customer Relationship Management SQL注入漏洞

Simple Customer Relationship Management Simple CRM is a simple customer relationship management system by Carlo Montero Personal Developer. A security vulnerability exists in Simple Customer Relationship Management System v1.0, which originates from a SQL injection vulnerability in the address...

PT-2023-20196 · Sap · Sap Aba

Name of the Vulnerable Software and Affected Versions: SAP ABAP versions 751, 753, 754, 756, 757, 791 Description: The issue is caused by insufficient input sanitization, allowing an authenticated high privileged user to alter the current session of the user by injecting malicious database querie...

PT-2023-16893 · Lmxcms · Lmxcms

Name of the Vulnerable Software and Affected Versions: lmxcms version 1.41 Description: A critical issue has been found in the function update of the file AcquisiAction.class.php. The manipulation of the argument id with specific input leads to SQL injection. The attack can be launched remotely...

UBUNTU-CVE-2021-36393

In Moodle, an SQL injection risk was identified in the library fetching a user's recent courses...

WordPress Plugin Correos Oficial SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A SQL injection vulnerability exists in...

ZoneMinder SQL注入漏洞

ZoneMinder is an open source video surveillance software system. The system supports IP, USB, and analog cameras, among others. A security vulnerability exists in ZoneMinder versions prior to 1.36.33 and prior to 1.37.33 that stems from the presence of a SQL injection vulnerability, which can be...

SUSE CVE-2005-2148

Cacti 0.8.6e and earlier does not perform proper input validation to protect against common attacks, which allows remote attackers to execute arbitrary commands or SQL by sending a legitimate value in a POST request or cookie, then specifying the attack string in the URL, which causes the...

PbootCMS SQL注入漏洞

PbootCMS is an open source enterprise building content management system CMS using PHP language developed by PbootCMS individual developers. A security vulnerability exists in PbootCMS version 3.0.5. An attacker can exploit the vulnerability to execute arbitrary SQL commands via a specially craft...

PT-2023-14768 · WordPress · Learnpress

Name of the Vulnerable Software and Affected Versions: LearnPress – WordPress LMS Plugin versions prior to 4.1.7.3.2 Description: A SQL Injection SQLi issue has been identified. This type of issue generally involves the manipulation of database queries, potentially allowing unauthorized access or...

CVE-2022-4547

The Conditional Payment Methods for WooCommerce WordPress plugin through 1.0 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin|users with a role as low as admin...

VulnCheck KEV: CVE-2021-24183

The tutorquizbuildergetquestionform AJAX action from the Tutor LMS – eLearning and online course solution WordPress plugin before 1.8.3 was vulnerable to UNION based SQL injection that could be exploited by students...

MediaWiki 安全漏洞

MediaWiki is a suite of free and freely available web-based Wiki engines from the MediaWiki Foundation. The product can be used to deploy internal knowledge management and content management systems. MediaWiki has a security vulnerability that stems from a very slow database query, which can be...

PT-2023-10142 · Unknown · Cherishsin Klattr

Name of the Vulnerable Software and Affected Versions: CherishSin klattr affected versions not specified Description: A critical vulnerability has been found in CherishSin klattr, affecting an unknown part, which leads to sql injection. Recommendations: At the moment, there is no information abou...