Lucene search
+L

63 matches found

cnnvd
cnnvd
added 2025/04/16 12:0 a.m.6 views

Symfonia Ready_ SQL注入漏洞

Symfonia Ready is an operating system from Symfonia that builds programs for companies to use off-the-shelf modules and business applications. Symfonia Ready has an SQL injection vulnerability that stems from improper input cleanup in the Invoices module file search function, which could lead to ...

9.4CVSS7.6AI score0.00915EPSS
Exploits0References3
nvd
nvd
added 2025/03/20 10:15 a.m.4 views

CVE-2024-8183

A CORS Cross-Origin Resource Sharing misconfiguration in prefecthq/prefect version 2.20.2 allows unauthorized domains to access sensitive data. This vulnerability can lead to unauthorized access to the database, resulting in potential data leaks, loss of confidentiality, service disruption, and...

7.6CVSS0.00168EPSS
Exploits0References2
redhatcve
redhatcve
added 2025/03/10 6:47 a.m.18 views

CVE-2024-13844

The Post SMTP plugin for WordPress is vulnerable to generic SQL Injection via the ‘columns’ parameter in all versions up to, and including, 3.1.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

4.9CVSS7.6AI score0.00368EPSS
Exploits0References1
bdu_fstec
bdu_fstec
added 2025/02/18 12:0 a.m.8 views

The vulnerability of the ‘c_only_fields’ parameter in the REST API endpoint /wp-json/learnpress/v1/courses of the LearnPress plugin for the WordPress content management system allows a hacker to execute arbitrary SQL code.

The vulnerability of the ‘conlyfields’ parameter in the REST API endpoint /wp-json/learnpress/v1/courses of the LearnPress plugin for the WordPress content management system is related to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability could allow a...

10CVSS8.2AI score0.63134EPSS
Exploits6References3Affected Software1
osv
osv
added 2025/01/14 7:21 p.m.14 views

BIT-PHP-MIN-2023-0567 password_verify() always returns true for some invalid hashes

In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, passwordverify function may accept some invalid Blowfish hashes as valid. If such invalid hash ever ends up in the password database, it may lead to an application allowing any password for this entry as valid...

8.1CVSS6.8AI score0.00944EPSS
Exploits1References4
redhat
redhat
added 2024/12/12 8:0 p.m.4 views

quarkus-core: Leak of local configuration properties into Quarkus applications

A vulnerability was found in the quarkus-core component. Quarkus captures local environment variables from the Quarkus namespace during the application's build, therefore, running the resulting application inherits the values captured at build time. Some local environment variables may have been...

7CVSS7.1AI score0.00286EPSS
Exploits0References4
cnnvd
cnnvd
added 2024/12/12 12:0 a.m.4 views

PHPGurukul Park Ticketing Management System 安全漏洞

Park Ticketing Management System is a park ticketing management system. Park Ticketing Management System suffers from a SQL injection vulnerability that stems from the application's lack of validation of externally entered SQL statements. The vulnerability can be exploited to execute arbitrary SQ...

9.8CVSS8.5AI score0.00613EPSS
Exploits1References1
cnnvd
cnnvd
added 2024/10/11 12:0 a.m.4 views

TaskMatic 安全漏洞

TaskMatic is an automation assistant from TaskMatic. TaskMatic version 1.0 suffers from a SQL injection vulnerability that stems from the application's lack of validation of externally entered SQL statements. An attacker can exploit this vulnerability to execute illegal SQL commands to steal...

8.8CVSS8.2AI score0.0065EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2024/06/06 12:0 a.m.7 views

PT-2024-26889 · WordPress · Music Store

Name of the Vulnerable Software and Affected Versions: Music Store - WordPress eCommerce versions prior to 1.1.14 Description: A SQL injection issue allows a remote authenticated attacker with administrative privileges to execute arbitrary SQL commands, potentially obtaining or altering informati...

6.5CVSS8.1AI score0.00519EPSS
Exploits0References9
osv
osv
added 2024/05/14 4:16 p.m.3 views

CVE-2024-27941

A vulnerability has been identified in RUGGEDCOM CROSSBOW All versions V5.5. The affected client systems do not properly sanitize input data before sending it to the SQL server. An attacker could use this vulnerability to compromise the whole database...

8.8CVSS5.8AI score0.00781EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2024/04/27 12:0 a.m.10 views

PT-2024-25245

Name of the Vulnerable Software and Affected Versions The Timetable and Event Schedule by MotoPress plugin for WordPress versions up to, and including, 2.4.11 Description The issue arises from insufficient escaping on the user-supplied events attribute of the mp-timetable shortcode and lack of...

9.9CVSS6.8AI score0.00561EPSS
Exploits0References5
cnnvd
cnnvd
added 2024/04/11 12:0 a.m.7 views

Form Tools SQL注入漏洞

Form Tools is an open source codebase for Form Tools scripts, modules, themes and APIs. A SQL injection vulnerability exists in Form Tools version 3.1.1, which originates from allowing an attacker to run arbitrary SQL commands via keyword while searching for clients...

8.1CVSS8.2AI score0.00541EPSS
Exploits1References2
amazon
amazon
added 2024/02/06 12:0 a.m.5 views

Low: redis6

Issue Overview: Redis is an in-memory database that persists on disk. On startup, Redis begins listening on a Unix socket before adjusting its permissions to the user-provided configuration. If a permissive umask2 is used, this creates a race condition that enables, during a short period of time,...

3.6CVSS8AI score0.00444EPSS
Exploits0
kitploit
kitploit
added 2024/01/14 11:30 a.m.48 views

EasyEASM - Zero-dollar Attack Surface Management Tool

Zero-dollar attack surface management tool featured at Black Hat Arsenal 2023 and Recon Village @ DEF CON 2023. Description Easy EASM is just that... the easiest to set-up tool to give your organization visibility into its external facing assets. The industry is dominated by $30k vendors selling...

7AI score
Exploits0References2
ptsecurity
ptsecurity
added 2023/12/28 12:0 a.m.6 views

PT-2023-29425 · Unknown · Online Examination System

Name of the Vulnerable Software and Affected Versions: Online Examination System version 1.0 Description: The issue concerns an Authenticated SQL Injection vulnerability. Specifically, the total parameter of the "update.php" resource does not validate the characters received, and they are sent...

8AI score
Exploits0References3
cnnvd
cnnvd
added 2023/12/21 12:0 a.m.4 views

Projectworlds Leave Management System Project SQL Injection Vulnerability

Projectworlds Leave Management System Project is a leave management system project by Projectworlds India. A SQL injection vulnerability exists in Projectworlds Leave Management System Project v1.0, which stems from the "setearnleave" parameter of admin/setleaves.php not validating incoming...

8.8CVSS7.9AI score0.00646EPSS
Exploits1References3
ptsecurity
ptsecurity
added 2023/11/23 12:0 a.m.6 views

PT-2023-28093 · Unknown · Pandora Fms

Name of the Vulnerable Software and Affected Versions: Pandora FMS versions 700 through 773 Description: The issue is related to an Uncontrolled Search Path Element vulnerability, which allows for Leveraging/Manipulating Configuration File Search Paths. This vulnerability enables access to the...

9.8CVSS9AI score0.00573EPSS
Exploits0References5
ptsecurity
ptsecurity
added 2023/11/02 12:0 a.m.4 views

PT-2023-29518 · Unknown · Online Food Ordering System

Name of the Vulnerable Software and Affected Versions: Online Food Ordering System version 1.0 Description: The Online Food Ordering System is affected by multiple Unauthenticated SQL Injection vulnerabilities. The issue arises from the phone parameter of the "routers/register-router.php" resourc...

9.8CVSS9.7AI score0.007EPSS
Exploits1References7
osv
osv
added 2023/09/28 10:15 p.m.2 views

CVE-2023-43739

The 'bookisbn' parameter of the cart.php resource does not validate the characters received and they are sent unfiltered to the database...

9.8CVSS5.8AI score0.00805EPSS
Exploits1References2
ptsecurity
ptsecurity
added 2023/09/28 12:0 a.m.4 views

PT-2023-29134 · Online Movie Ticket Booking System +1 · Online Movie Ticket Booking System

Name of the Vulnerable Software and Affected Versions: process login.php affected versions not specified Description: The issue is related to the 'Email' parameter of the process login.php resource, which does not validate the characters received, sending them unfiltered to the database...

9.8CVSS9.2AI score0.00805EPSS
Exploits1References8
Rows per page
Query Builder