CodeIgniter SQL注入漏洞

CodeIgniter is an open source web framework written in PHP. A SQL injection vulnerability exists in CodeIgniter version 3.1.13 and earlier versions, which stems from a SQL injection problem in the where method of the systemdatabaseDBquerybuilder.php location...

CodeIgniter SQL注入漏洞

CodeIgniter is an open source web framework written in PHP. A SQL injection vulnerability exists in CodeIgniter version 3.1.13 and earlier versions, which stems from a SQL injection problem in the ornotlike method in the systemdatabaseDBquerybuilder.php location...

CVE-2022-39029

Smart eVision has inadequate authorization for the database query function. A remote attacker with general user privilege, who is not explicitly authorized to access the information, can access sensitive information...

Authorization

Smart eVision has inadequate authorization for the database query function. A remote attacker with general user privilege, who is not explicitly authorized to access the information, can access sensitive information...

CVE-2022-39029 Smart eVision - Exposure of Sensitive Information to an Unauthorized Actor -1

Smart eVision has inadequate authorization for the database query function. A remote attacker with general user privilege, who is not explicitly authorized to access the information, can access sensitive information...

CVE-2022-39029 Smart eVision - Exposure of Sensitive Information to an Unauthorized Actor -1

Smart eVision has inadequate authorization for the database query function. A remote attacker with general user privilege, who is not explicitly authorized to access the information, can access sensitive information...

Smart eVision 安全漏洞

Smart eVision Information Technology Smart eVision is a business intelligence platform of China Union Quan Information Technology Smart eVision Information Technology Company. Smart eVision is a business intelligence platform that combines business management rooms, dashboards, reports, and input...

PT-2022-24684 · Unknown · Smart Evision

Name of the Vulnerable Software and Affected Versions: Smart eVision affected versions not specified Description: The issue concerns inadequate authorization for the database query function. A remote attacker with general user privilege, who is not explicitly authorized to access the information,...

JFinal SQL注入漏洞

JFinal is a Java-based language WEB ORM open source framework. JFinal CMS version 5.1.0 SQL injection vulnerability , the vulnerability stems from its several interfaces do not use the same components , and did not apply filters , and each interface uses its own SQL connection method , an attacke...

Wedding Planner SQL注入漏洞

Wedding Planner is a wedding planner program. Designed to provide users with an easy way to plan their wedding through a web application while using real data. Wedding Planner v1.0 suffers from a SQL injection vulnerability that stems from a lack of validation of the id parameter in...

Rocket.Chat 信息泄露漏洞

Rocket.Chat is an open source team chat software. Rocket.Chat suffers from an information disclosure vulnerability that stems from the actionLinkHandler method allowing message ID enumeration using a Regex MongoDB query. An attacker can exploit the vulnerability to obtain sensitive information...

CVE-2022-37203

JFinal CMS 5.1.0 is vulnerable to SQL Injection. These interfaces do not use the same component, nor do they have filters, but each uses its own SQL concatenation method, resulting in SQL injection...

CVE-2022-38304

Online Leave Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /maintenance/manageleavetype.php...

CVE-2021-44835

An issue was discovered in Active Intelligent Visualization 5. The Vdc header is used in a SQL query without being sanitized. This causes SQL injection...

CVE-2022-36732

Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /librarian/dele.php...

CVE-2022-36696

Ingredients Stock Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=deletestockout...

PT-2022-21709 · Wwbn · Avideo

Name of the Vulnerable Software and Affected Versions: WWBN AVideo versions 11.6 Description: A SQL injection issue exists in the ObjectYPT functionality, allowing an attacker to inject SQL by manipulating the videoDownloadedLink or duration parameter in the aVideoEncoder functionality, which can...

Online Admission System SQL注入漏洞

Online Admission System is an online admission system by the individual developer RASHMI KUMARI. The Online Admission System suffers from a SQL injection vulnerability that stems from an unknown function in its GET parameter handling component that operates on the parameter eid, which could lead ...

CVE-2022-29709

CommuniLink Internet Limited CLink Office v2.0 was discovered to contain multiple SQL injection vulnerabilities via the username and password parameters...

Exploit for Expression Language Injection in Vmware Spring_Data_Mongodb

Springcve-2022-22980 spring data mongodb remote code executio...