63 matches found
Symfonia Ready_ SQL注入漏洞
Symfonia Ready is an operating system from Symfonia that builds programs for companies to use off-the-shelf modules and business applications. Symfonia Ready has an SQL injection vulnerability that stems from improper input cleanup in the Invoices module file search function, which could lead to ...
CVE-2024-8183
A CORS Cross-Origin Resource Sharing misconfiguration in prefecthq/prefect version 2.20.2 allows unauthorized domains to access sensitive data. This vulnerability can lead to unauthorized access to the database, resulting in potential data leaks, loss of confidentiality, service disruption, and...
CVE-2024-13844
The Post SMTP plugin for WordPress is vulnerable to generic SQL Injection via the ‘columns’ parameter in all versions up to, and including, 3.1.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...
The vulnerability of the ‘c_only_fields’ parameter in the REST API endpoint /wp-json/learnpress/v1/courses of the LearnPress plugin for the WordPress content management system allows a hacker to execute arbitrary SQL code.
The vulnerability of the ‘conlyfields’ parameter in the REST API endpoint /wp-json/learnpress/v1/courses of the LearnPress plugin for the WordPress content management system is related to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability could allow a...
BIT-PHP-MIN-2023-0567 password_verify() always returns true for some invalid hashes
In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, passwordverify function may accept some invalid Blowfish hashes as valid. If such invalid hash ever ends up in the password database, it may lead to an application allowing any password for this entry as valid...
quarkus-core: Leak of local configuration properties into Quarkus applications
A vulnerability was found in the quarkus-core component. Quarkus captures local environment variables from the Quarkus namespace during the application's build, therefore, running the resulting application inherits the values captured at build time. Some local environment variables may have been...
PHPGurukul Park Ticketing Management System 安全漏洞
Park Ticketing Management System is a park ticketing management system. Park Ticketing Management System suffers from a SQL injection vulnerability that stems from the application's lack of validation of externally entered SQL statements. The vulnerability can be exploited to execute arbitrary SQ...
TaskMatic 安全漏洞
TaskMatic is an automation assistant from TaskMatic. TaskMatic version 1.0 suffers from a SQL injection vulnerability that stems from the application's lack of validation of externally entered SQL statements. An attacker can exploit this vulnerability to execute illegal SQL commands to steal...
PT-2024-26889 · WordPress · Music Store
Name of the Vulnerable Software and Affected Versions: Music Store - WordPress eCommerce versions prior to 1.1.14 Description: A SQL injection issue allows a remote authenticated attacker with administrative privileges to execute arbitrary SQL commands, potentially obtaining or altering informati...
CVE-2024-27941
A vulnerability has been identified in RUGGEDCOM CROSSBOW All versions V5.5. The affected client systems do not properly sanitize input data before sending it to the SQL server. An attacker could use this vulnerability to compromise the whole database...
PT-2024-25245
Name of the Vulnerable Software and Affected Versions The Timetable and Event Schedule by MotoPress plugin for WordPress versions up to, and including, 2.4.11 Description The issue arises from insufficient escaping on the user-supplied events attribute of the mp-timetable shortcode and lack of...
Form Tools SQL注入漏洞
Form Tools is an open source codebase for Form Tools scripts, modules, themes and APIs. A SQL injection vulnerability exists in Form Tools version 3.1.1, which originates from allowing an attacker to run arbitrary SQL commands via keyword while searching for clients...
Low: redis6
Issue Overview: Redis is an in-memory database that persists on disk. On startup, Redis begins listening on a Unix socket before adjusting its permissions to the user-provided configuration. If a permissive umask2 is used, this creates a race condition that enables, during a short period of time,...
EasyEASM - Zero-dollar Attack Surface Management Tool
Zero-dollar attack surface management tool featured at Black Hat Arsenal 2023 and Recon Village @ DEF CON 2023. Description Easy EASM is just that... the easiest to set-up tool to give your organization visibility into its external facing assets. The industry is dominated by $30k vendors selling...
PT-2023-29425 · Unknown · Online Examination System
Name of the Vulnerable Software and Affected Versions: Online Examination System version 1.0 Description: The issue concerns an Authenticated SQL Injection vulnerability. Specifically, the total parameter of the "update.php" resource does not validate the characters received, and they are sent...
Projectworlds Leave Management System Project SQL Injection Vulnerability
Projectworlds Leave Management System Project is a leave management system project by Projectworlds India. A SQL injection vulnerability exists in Projectworlds Leave Management System Project v1.0, which stems from the "setearnleave" parameter of admin/setleaves.php not validating incoming...
PT-2023-28093 · Unknown · Pandora Fms
Name of the Vulnerable Software and Affected Versions: Pandora FMS versions 700 through 773 Description: The issue is related to an Uncontrolled Search Path Element vulnerability, which allows for Leveraging/Manipulating Configuration File Search Paths. This vulnerability enables access to the...
PT-2023-29518 · Unknown · Online Food Ordering System
Name of the Vulnerable Software and Affected Versions: Online Food Ordering System version 1.0 Description: The Online Food Ordering System is affected by multiple Unauthenticated SQL Injection vulnerabilities. The issue arises from the phone parameter of the "routers/register-router.php" resourc...
CVE-2023-43739
The 'bookisbn' parameter of the cart.php resource does not validate the characters received and they are sent unfiltered to the database...
PT-2023-29134 · Online Movie Ticket Booking System +1 · Online Movie Ticket Booking System
Name of the Vulnerable Software and Affected Versions: process login.php affected versions not specified Description: The issue is related to the 'Email' parameter of the process login.php resource, which does not validate the characters received, sending them unfiltered to the database...