CVE-2024-24140

Sourcecodester Daily Habit Tracker App 1.0 allows SQL Injection via the parameter 'tracker.'...

CVE-2023-27859

IBM Db2 10.1, 10.5, and 11.1 could allow a remote user to execute arbitrary code caused by installing like named jar files across multiple databases. A user could exploit this by installing a malicious jar file that overwrites the existing like named jar file in another database. IBM X-Force ID:...

CVE-2023-6567 LearnPress <= 4.2.5.7 - Unauthenticated SQL Injection via order_by

The LearnPress plugin for WordPress is vulnerable to time-based SQL Injection via the ‘orderby’ parameter in all versions up to, and including, 4.2.5.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible...

Online Food Ordering System SQL Injection Vulnerability

Online Food Ordering System is an online food ordering system by Carlo Montero, a personal developer. A SQL injection vulnerability exists in Online Food Ordering System v1.0, which is caused by insufficient filtering of the deleted parameter on the routers/user-router.php page, resulting in a SQ...

Database Ransomware: From Attack to Recovery

Introduction In recent years, ransomware attacks have risen sharply, due to their profitability, ease of access with ransomware-as-a-service RaaS tools, and an increasing attack surface. Ransomware is a type of attack in which the attacker locks and encrypts a victim’s data and then demands a...

SourceCodester Simple Book Catalog App SQL Injection Vulnerability

Simple Book Catalog App is a simple book catalog application by the individual developer Remy Andrade. A SQL injection vulnerability exists in SourceCodester Simple Book Catalog App version 1.0, which stems from an unknown function in the file deletebook.php that causes a sql injection via the...

Aruba Networks EdgeConnect SD-WAN Orchestrator SQL注入漏洞

Aruba Networks EdgeConnect is an edge connectivity management platform from Aruba Networks, USA. A security vulnerability exists in the Aruba Networks EdgeConnect SD-WAN Orchestrator that stems from an SQL injection vulnerability in the web-based management interface...

Tution Management System SQL注入漏洞

Tution Management System is the tuition management system. A security vulnerability exists in tanujpatra228 Tution Management System TMS that stems from the discovery of an email parameter via processes/studentlogin.process.php that contains a SQL injection vulnerability...

ToN-MasterServer SQL注入漏洞

A SQL injection vulnerability exists in ToN-MasterServer. An attacker could exploit this vulnerability to perform a sql injection attack...

CVE-2022-3850 Find and Replace All <= 1.3 - Arbitrary Replacement via CSRF

The Find and Replace All WordPress plugin before 1.3 does not have CSRF check when replacing string, which could allow attackers to make a logged admin replace arbitrary string in database tables via a CSRF attack...

Wodat - Windows Oracle Database Attack Toolkit

Simple port of the popular Oracle Database Attack Tool ODAT https://github.com/quentinhardy/odat to C .Net Framework. Credit to https://github.com/quentinhardy/odat as lots of the functionality are ported from his code. Perform password based attacks e.g. username as password, username list again...

Library Management System SQL注入漏洞

Library Management System is a library management system with QR code attendance and automatic library card generation by King Albaracin Personal Developer. A security vulnerability exists in the v1.0 version of Library Management System due to an SQL injection issue in the ok parameter of the...

Project-nexus SQL注入漏洞

Project-nexus is a generalized blog site by the individual developer Vineeth B V in India. Project-nexus suffers from an SQL injection vulnerability that stems from its insensitivity to user input...

Online Car Wash Booking System SQL注入漏洞

Online Car Wash Booking System is an online car wash booking system from Carlo Montero's personal developer. version v1.0 of Online Car Wash Booking System is vulnerable to SQL injection, which originates from /ocwbs/admin/?page=bookings /viewdetails&id=page lacks validation of external input SQL...

Wedding Management System SQL注入漏洞

Wedding Management System is a wedding planning management system by John Paul Lim Gabule. v1.0 of Wedding Management System is vulnerable to SQL injection, which originates from /Wedding-Management/admin/ blogeventsedit.php?id=31 page lacks validation of external input SQL statements, which can ...

CVE-2022-29687

CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/user/leveldel...

CVE-2022-30054

In Covid 19 Travel Pass Management 1.0, the code parameter is vulnerable to SQL injection attacks...

CVE-2022-30415

Covid-19 Travel Pass Management System v1.0 is vulnerable to SQL Injection via /ctpms/admin/applications/updatestatus.php?id=...

WordPress SQL注入漏洞

WordPress is the WordPress Foundation's suite of blogging platforms developed using the PHP language. A SQL injection vulnerability exists in the Wordpress Orange Form Plugin 1.0 and earlier versions, which originates in the product admin/orange-form-email.php file in the processbulkaction functi...

CVE-2021-45252

CVE-2021-45252 affects Simple Forum-Discussion System 1.0 with SQL injection vulnerabilities in the manage_topic.php, manage_user.php, and ajax.php components. Root cause: lack of input validation allowing arbitrary SQL execution, enabling an attacker to retrieve potentially all database data. Im...