CVE-2020-22223

Stivasoft Phpjabbers Fundraising Script v1.0 was discovered to contain a SQL injection vulnerability via the pjActionLoad function...

Hitachi Vantara Pentaho SQL注入漏洞

Hitachi Vantara Pentaho is a service from Hitachi, Japan, for storing and managing data in big data environments. Hitachi Vantara Pentaho suffers from a SQL injection vulnerability that could allow an unauthenticated user to execute arbitrary SQL queries on a Pentaho data source to retrieve data...

Online Student Admission System SQL注入漏洞

Online Student Admission System is an online student admission system. It is used to computerize all pre- and post-admission activities of an institution. A security vulnerability exists in Online Student Admission System version 1.0, which stems from the software's lack of effective restrictions...

CVE-2021-38481

The scheduler service running on a specific TCP port enables the user to start and stop jobs. There is no sanitation of the supplied JOB ID provided to the function. An attacker may send a malicious payload that can enable the user to execute another SQL expression by sending a specific string...

POC-EXP

It is an offensive tool for vulnerability exploitation. The repository contains a collection of exploits and proof-of-concept PoC code for various vulnerabilities. No specific CVE or GHSA IDs are mentioned, but the repository is likely focused on demonstrating exploitation techniques rather than...

SAP Business One SQL注入漏洞

SAP Business One is a suite of enterprise management software from SAP, a German company. SAP Business One version 10.0 has a SQL injection vulnerability that stems from the lack of effective validation and escaping of SQL statements, which can be exploited by an attacker with business privileges...

Delta Electronics DIAEnergie SQL注入漏洞

A SQL blind injection vulnerability exists in the /DataHandler/HandlerEnergyType.ashx endpoint in DIAEnergie 1.7.5 and earlier versions. The vulnerability stems from the application not properly validating the value provided by the user via the parameter egyid before using the value as part of a...

thinkphp-zcms SQL注入漏洞

thinkphp-zcms is open source based on thinkphp3.2 development of a cms system , more comprehensive features . thinkphp-zcms There is a SQL injection vulnerability , an attacker can use the vulnerability through index.php?m=home&c=message&a=add to execute arbitrary SQL commands...

CVE-2021-24550

The Broken Link Manager WordPress plugin through 0.6.5 does not sanitise, validate or escape the url GET parameter before using it in a SQL statement when retrieving an URL to edit, leading to an authenticated SQL injection issue...

Vulnerabilities fixed in IBM Db2

IBM has fixed vulnerabilities in Db2. A malicious party could vulnerabilities potentially exploit them to cause a denial-of-service cause. To do this, a rogue database query on the database server to be executed. IBM has released updates to fix the vulnerabilities. For more information, see:...

CASAP Automated Enrollment SQL注入漏洞

CASAP Automated Enrollment is an automated enrollment system for the CASAP organization. The goal of this project is to provide CASAP with an automated enrollment system to streamline the school's processes and make them more effective, efficient and easily retrievable. SourceCodester Alumni...

Metinfo MetInfo SQL注入漏洞

Metinfo MetInfo is a content management system CMS developed by China Metinfo using PHP and Mysql. A SQL injection vulnerability exists in MetInfo, which originates from the product's admin/?n=language&c=languageweb&a=doAddLanguage does not securely validate user input data, and can be exploited ...

CVE-2020-4902

IBM Datacap Taskmaster Capture IBM Datacap Navigator 9.1.7 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 191045...

PT-2021-10735 · Unknown · Phpgurukul Hospital Management System

Name of the Vulnerable Software and Affected Versions: PHPGurukul Hospital Management System version 4.0 Description: The issue concerns a SQL injection vulnerability located in the hmsget doctor.php file. This vulnerability can be exploited by remote unauthenticated users to obtain sensitive...

WordPress 插件SQL注入漏洞

WordPress Plugin is an open source application plugin for WordPress. WP Statistics suffers from a SQL injection vulnerability that can be exploited by attackers to obtain sensitive information about a database...

PT-2021-3413

Name of the Vulnerable Software and Affected Versions Spam protection, AntiSpam, FireWall by CleanTalk WordPress Plugin versions prior to 5.153.4 Description The issue is related to the update log function in the lib/Cleantalk/ApbctWP/Firewall/SFW.php module, which does not properly protect the S...

Django SQL注入漏洞

Django is the Django Foundation's set of open source Web application framework based on the Python language . The framework includes an object-oriented mapper, view system, template system, and more. An SQL injection vulnerability exists in Django Debug Toolbar, which can be exploited by an...

CVE-2020-7929

Removed by vendor...

Soar Cloud System SQL注入漏洞

Soar Cloud System is a HR system solution system developed by Soar. The Soar Cloud System HR portal suffers from a SQL injection vulnerability that stems from not filtering SQL injection statements, which allows a remote attacker to inject SQL syntax and obtain all data in the database without...

LibreNMS SQL注入漏洞

Librenms is an open source network monitoring system based on PHP and MySQL from the Librenms community. The system features customizable alerts, auto-discovery of the network environment and automatic updates. A SQL injection vulnerability exists in LibreNMS versions prior to 21.1.0, which...