Smarts Smart Agent 安全漏洞

Smarts Smart Agent is a powerful, flexible and scalable tool from Smarts for monitoring wireless network performance and services from the end user's perspective. An SQL injection vulnerability exists in Smarts Smart Agent v1.1.0, which stems from a lack of validation of externally entered SQL...

Apache Traffic Control SQL Injection Vulnerability

Apache Traffic Control is the United States Apache Apache Foundation's set of distributed , scalable content delivery solutions. The product is mainly used to build large-scale content delivery network. Apache Traffic Control suffers from a SQL injection vulnerability that stems from a lack of...

Dell Avamar SQL Injection Vulnerability (CNVD-2024-49614)

Dell Avamar is a purpose-built backup application from Dell, Inc. It is designed to provide a conveniently sized, turnkey, affordable, deduplicated backup solution. Dell Avamar suffers from a SQL injection vulnerability that arises from an improper neutralization of special elements used in SQL...

JetBrains YouTrack Information Disclosure Vulnerability

JetBrains YouTrack is a project management tool developed by JetBrains that supports cloud hosting and local deployment. JetBrains YouTrack suffers from an information disclosure vulnerability that can be exploited by an attacker to obtain database data...

CVE-2024-51165

SQL injection vulnerability in JEPAAS7.2.8, via /je/rbac/rbac/loadLoginCount in the dateVal parameter, which could allow a remote user to submit a specially crafted query, allowing an attacker to retrieve all the information stored in the DB...

JEPaaS 安全漏洞

JEPaaS is a rapid development platform from China's Kate Weiye JEPaaS. A security vulnerability exists in JEPaaS version 7.2.8. An attacker exploiting the vulnerability can retrieve all information stored in the database...

JetBrains YouTrack 安全漏洞

JetBrains YouTrack is a project management tool developed by JetBrains that supports cloud hosting and local deployment. JetBrains YouTrack suffers from an information disclosure vulnerability that can be exploited by an attacker to obtain database data...

Code-Projects Responsive Hotel Site 注入漏洞

Responsive Hotel Site is a responsive hotel website. Responsive Hotel Site suffers from a SQL injection vulnerability that stems from a lack of validation of externally-entered SQL statements in the parameter troom of file /admin/room.php. An attacker can exploit this vulnerability to execute...

Devolutions Remote Desktop Manager 安全漏洞

Devolutions Remote Desktop Manager is an application from Devolutions Canada Inc. It provides remote desktop management functionality. A security vulnerability exists in Devolutions Remote Desktop Manager version 2024.3.17 and prior versions, which stems from incorrect authentication in SQL data...

Code-Projects Inventory Management System 注入漏洞

Inventory Management is an inventory management system. Inventory Management suffers from a SQL injection vulnerability that stems from a lack of validation of externally entered SQL statements in the id parameter of the /model/editProduct.php file. An attacker can exploit this vulnerability to...

Moodle SQL Injection Vulnerability (CNVD-2024-44850)

Moodle is Moodle open source set of free e-learning software platform, also known as course management system, learning management system or virtual learning environment. Moodle suffers from an SQL injection vulnerability that stems from a lack of validation of externally entered SQL statements i...

CVE-2024-42404

SQL injection vulnerability in Welcart e-Commerce prior to 2.11.2 allows an attacker who can login to the product to obtain or alter the information stored in the database...

PT-2024-38944 · Gether Technology · 6Shr System

Name of the Vulnerable Software and Affected Versions: 6SHR system from Gether Technology affected versions not specified Description: The 6SHR system from Gether Technology does not properly validate the specific page parameter, allowing remote attackers with regular privilege to inject SQL...

SportsNET SQL注入漏洞

SportsNET is a sports event network application from SportsNET, Inc. SportsNET suffers from a SQL injection vulnerability that can be exploited by an attacker to retrieve, update, and delete all information in the database via a specially crafted SQL query...

Kashipara Music Management System SQL Injection Vulnerability

Kashipara Music Management System is a music management system from Kashipara. A SQL injection vulnerability exists in Kashipara Music Management System v1.0, which originates from the lack of validation of the "id" parameter of /music/viewuser.php against external SQL input, and can be exploited...

Kashipara Music Management System SQL Injection Vulnerability (CNVD-2024-37435)

Kashipara Music Management System is a music management system from Kashipara. Kashipara Music Management System v1.0 suffers from a SQL injection vulnerability, which originates from the lack of validation of the search parameter of /music/ajax.php?action=findmusic against external SQL input,...

WordPress plugin Contact Form by Bit Form 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on servers running PHP and MySQL. WordPress plugin is an application plugin. A security vulnerability exists in t...

CVE-2024-38482

CloudLink, versions 7.1.x and 8.x, contain an Improper check or handling of Exceptional Conditions Vulnerability in Cluster Component. A highly privileged malicious user with remote access could potentially exploit this vulnerability, leading to execute unauthorized actions and retrieve sensitive...

Mini-Tmall SQL Injection Vulnerability

Mini-Tmall is a Spring Boot-based mini-Tmall mall , fast deployment run , suitable for use as a bijou template . SQL injection vulnerability exists in versions prior to Mini-Tmall v2024.07.03. The vulnerability stems from the application's lack of validation of externally entered SQL statements,...

Computer Laboratory Management System SQL Injection Vulnerability

Computer Laboratory Management System is a computerized laboratory management system. A SQL injection vulnerability exists in Computer Laboratory Management System version 1.0 due to a lack of validation of externally entered SQL statements in the parameter id. An attacker can exploit this...