RuvarOA 安全漏洞

RuvarOA is an office automation system of Ruvar China. A SQL injection vulnerability exists in RuvarOA v6.01 and v12.01, which originates from the id parameter of the /AddressBook/addresspublicnew.aspx file that lacks validation of externally entered SQL statements. An attacker can exploit this...

Online Book System index.php File SQL Injection Vulnerability

Online Book System is an online booking system. A SQL injection vulnerability exists in version 1.0 of Online Book System, which originates from a lack of validation of externally entered SQL statements in the username/password/loginusername/loginpassword parameters of the /index.php file. An...

Sentrifugo bunitname parameter SQL injection vulnerability

Sentrifugo is a human resource management system. The system includes functions for human resources management, performance appraisal, recruitment management and asset management. A SQL injection vulnerability exists in Sentrifugo version 3.2, which originates from the lack of validation of...

CVE-2024-2723 SQL injection vulnerability in the CIGESv2 system

SQL injection vulnerability in the CIGESv2 system, through /ajaxSubServicios.php, in the 'idServicio' parameter. The exploitation of this vulnerability could allow a remote user to retrieve all data stored in the database by sending a specially crafted SQL query...

JFinalCMS SQL Injection Vulnerability (CNVD-2024-15735)

JFinalCMS is a content management system. JFinalCMS version 5.0.0 suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the file /admin/divdata/delete. An attacker can exploit this vulnerability to execute illegal SQL comman...

CVE-2024-25654

Insecure permissions for log files of AVSystem Unified Management Platform UMP 23.07.0.16567LTS allow members with local access to the UMP application server to access credentials to authenticate to all services, and to decrypt sensitive data stored in the database...

CVE-2024-2586

Vulnerability in AMSS++ version 4.31 that allows SQL injection through /amssplus/index.php, in the 'username' parameter. This vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all the information stored in the DB...

Scholars Tracking System SQL Injection Vulnerability (CNVD-2024-14047)

Scholars Tracking System is a scholars tracking system by the individual developer Fabian Ros. A SQL injection vulnerability exists in Scholars Tracking System version 1.0, which stems from a lack of validation of externally entered SQL statements when updating employment status information, and...

Customer Support System SQL Injection Vulnerability (CNVD-2024-14034)

Customer Support System is a customer support system by oretnom23 Personal Developer that helps a particular business or company to provide customer support after a customer has purchased a product from them. Customer Support System suffers from a SQL injection vulnerability that stems from a lac...

Customer Support System SQL Injection Vulnerability (CNVD-2024-14030)

Customer Support System is a customer support system by oretnom23 Personal Developer that helps a particular business or company to provide customer support after a customer has purchased a product from them. Customer Support System suffers from a SQL injection vulnerability that originates from...

AiLux imx6 Security Vulnerability

AiLux imx6 is a computing module from AiLux. A security vulnerability exists in versions prior to AiLux imx6 bundle imx61.0.7-2, which stems from the use of hard-coded credentials that allow an unauthenticated, remote attacker to access the database and all contained data...

Comarch ERP XL Security Vulnerability

Comarch ERP XL is an enterprise resource planning ERP software from Comarch Poland. A security vulnerability exists in Comarch ERP XL versions 2020.2.2 through 2023.2, which stems from the use of hard-coded passwords that could allow an attacker to retrieve embedded sensitive data stored in the...

Dell EMC Secure Connect Gateway SQL注入漏洞

The Dell Secure Connect Gateway Application is a secure connectivity gateway from Dell, USA. The Dell Secure Connect Gateway Application suffers from a SQL injection vulnerability that can be exploited by an attacker to inject malicious content into the filters of the IP range Rest API, resulting...

Art Gallery Management System SQL Injection Vulnerability (CNVD-2024-05631)

Art Gallery Management System is an art gallery management system. Art Gallery Management System v1.1 suffers from a SQL injection vulnerability that originates from the application's lack of validation of externally entered SQL statements. An attacker can exploit this vulnerability to execute...

Hospital Management System login.php File SQL Injection Vulnerability

A Hospital Management System HMS is a computerized system that helps manage healthcare-related information and helps healthcare providers do their jobs effectively. A SQL injection vulnerability exists in Hospital Management System version 1.0, which stems from a lack of validation of externally...

Kashipara Food Management System SQL Injection Vulnerability (CNVD-2024-13489)

Kashipara Food Management System is a food management system from Kashipara. A SQL injection vulnerability exists in version 1.0 of the Kashipara Food Management System, which is caused by a lack of validation of externally-entered SQL statements in the itemtype parameter of the stockedit.php fil...

Kashipara Food Management System SQL Injection Vulnerability (CNVD-2024-13480)

Kashipara Food Management System is a food management system from Kashipara. A SQL injection vulnerability exists in Kashipara Food Management System version 1.0, which is caused by the lack of validation of the parameter itemype in the stockentrysubmit.php file for externally entered SQL...

Kashipara Food Management System SQL Injection Vulnerability (CNVD-2024-13475)

Kashipara Food Management System is a food management system from Kashipara. A SQL injection vulnerability exists in Kashipara Food Management System version 1.0, which is caused by the lack of validation of the partyname parameter of the partysubmit.php file against external SQL input, and can b...

Kashipara Food Management System SQL Injection Vulnerability (CNVD-2024-13473)

Kashipara Food Management System is a food management system from Kashipara. A SQL injection vulnerability exists in version 1.0 of the Kashipara Food Management System, which is caused by a lack of validation of externally entered SQL statements in the password parameter of the loginCheck.php...

Kashipara Food Management System SQL Injection Vulnerability (CNVD-2024-13471)

Kashipara Food Management System is a food management system from Kashipara. A SQL injection vulnerability exists in Kashipara Food Management System version 1.0, which is caused by the lack of validation of the typename parameter of the itemtypesubmit.php file against externally-entered SQL...