Lucene search
K

38 matches found

EUVD
EUVD
added 2026/05/30 2:55 p.m.9 views

EUVD-2018-21932

SIM-PKH 2.4.1 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Attackers can send GET requests to /admin/media.php with module=pengurus and act=editpengurus parameters containing SQ...

7.1CVSS6.2AI score0.00221EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/29 2:46 p.m.13 views

EUVD-2018-21917

Kados R10 GreenBee contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the featureid parameter of boardsbuttons/updatefeature.php. The featureid value is concatenated directly into SQL statements withou...

8.8CVSS6.1AI score0.00334EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/04/05 8:45 p.m.2 views

CVE-2019-25690

Kados R10 GreenBee contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting SQL code through the mngprofileid parameter. Attackers can send crafted requests with malicious SQL payloads in the mngprofileid parameter to extract sensitive database...

8.8CVSS6AI score0.00311EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/02/27 5:23 p.m.25 views

CVE-2019-25493 Homey BNB V4 SQL Injection via getrecord.php

Homey BNB V4 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'val' parameter. Attackers can send GET requests to the admin/getrecord.php endpoint with malicious 'val' values to extract sensitive databas...

8.8CVSS0.00315EPSS
Exploits1References3
EUVD
EUVD
added 2025/12/15 6:30 p.m.7 views

EUVD-2025-203388

A Server-Side Template Injection SSTI vulnerability exists in the Frappe ERPNext through 15.89.0 Print Format rendering mechanism. Specifically, the API frappe.www.printview.gethtmlandstyle triggers the rendering of the html field inside a Print Format document using frappe.rendertemplatetemplate...

6AI score0.00429EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2023-33632

Malicious code in bioql PyPI...

4.9CVSS6.4AI score0.00752EPSS
Exploits2References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-44372

Malicious code in bioql PyPI...

8.8CVSS6.4AI score0.00454EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/05/28 12:0 a.m.5 views

MyBatis-Plus 安全漏洞

MyBatis-Plus is an open source toolkit from Baomidou. A security vulnerability exists in MyBatis-Plus versions prior to 3.5.6, which stems from the presence of a SQL injection vulnerability. An attacker can exploit the vulnerability to obtain database information via Boolean blind injection...

5.4CVSS7.5AI score0.00374EPSS
Exploits0References4
NVD
NVD
added 2022/12/26 1:15 p.m.16 views

CVE-2022-4166

The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the addCountS POST parameter before concatenating it to an SQL query in 4activate.php. This may allow malicious users with at least author privilege to leak sensitive informati...

6.5CVSS0.00854EPSS
Exploits2References2
OSV
OSV
added 2022/06/30 5:15 p.m.3 views

CVE-2022-22494

IBM Spectrum Protect Operations Center 8.1.0.000 through 8.1.14 could allow a remote attacker to gain details of the database, such as type and version, by sending a specially-crafted HTTP request. This information could then be used in future attacks. IBM X-Force ID: 226940...

5.3CVSS6.5AI score0.01457EPSS
Exploits0References2
CNVD
CNVD
added 2020/12/08 12:0 a.m.2 views

SQL Injection Vulnerability in SEACMS v10.9

Ocean Movie Management System SEACMS, Ocean CMS using php + mysql architecture, is a set of video point of view system designed for different needs of the webmasters and A SQL injection vulnerability exists in SEACMS v10.9, which can be exploited by attackers to obtain sensitive database...

7.9AI score
Exploits0
CNVD
CNVD
added 2020/08/26 12:0 a.m.1 views

YouDianCMS suffers from SQL injection vulnerability (CNVD-2020-56375)

YouDianCMS set computer website, mobile website, micro letter, APP, small program in one, share space, data automatic synchronization, is the domestic open source five station one excellent solution. YouDianCMS has SQL injection vulnerability, attackers can use the vulnerability to obtain databas...

7.9AI score
Exploits0
CNVD
CNVD
added 2020/08/24 12:0 a.m.1 views

JeeSite of Jinan Zhuoyuan Software Co., Ltd. suffers from SQL injection vulnerability (CNVD-2020-57094)

JeeSite is an enterprise information technology development infrastructure platform , Java enterprise applications open source framework. JeeSite by Jinan Zhuoyuan Software Co., Ltd. suffers from a SQL injection vulnerability. Attackers can use this vulnerability to obtain sensitive information i...

7.6AI score
Exploits0
CNVD
CNVD
added 2020/06/01 12:0 a.m.2 views

MKCMS suffers from SQL injection vulnerability (CNVD-2020-33189)

MKCMS is a film and television management system, support for independent modification, users can directly upload the server to generate a website platform, you can add the background to modify the project and so on. MKCMS SQL injection vulnerability, attackers can use the vulnerability to obtain...

8AI score
Exploits0
CNVD
CNVD
added 2020/05/19 12:0 a.m.2 views

SQL Injection Vulnerability in Ocean CMS Backend (CNVD-2020-33129)

Ocean CMS is a web content management system based on PHP+MYSQL architecture that can run across platforms. Ocean CMS has a SQL injection vulnerability that can be exploited by attackers to obtain sensitive database information...

8AI score
Exploits0
CNVD
CNVD
added 2020/04/23 12:0 a.m.2 views

SQL Injection Vulnerability in Jinwei Smart Restaurant (CNVD-2020-31418)

Jinwei Smart Restaurant is a free restaurant management software. It is suitable for all kinds of large and small restaurants, as well as fast food, Chinese food, western food, hot pot restaurant and other kinds of catering business. Jinwei Intelligent Restaurant has a SQL injection vulnerability...

8.1AI score
Exploits0
CNVD
CNVD
added 2020/02/27 12:0 a.m.2 views

SQL injection vulnerability in Kaiping Lianke Network Technology website building system

Kaiping Lianke Network was founded in 2005, is a main website construction, website promotion, speedy software, bathroom ERP management software, micro letter marketing company. SQL injection exists in Kaiping Lianke Network Technology website building system. Attackers can use this vulnerability...

7.6AI score
Exploits0
CNVD
CNVD
added 2020/01/27 12:0 a.m.1 views

SQL Injection Vulnerability in uqcms Cloud Business System

UQCMS cloud business system is a B2B2C e-commerce software with the program using PHP+MYSQL and the template using smarty template. UQCMS cloud business system ca.class.php page SQL injection vulnerability, an attacker can use the vulnerability to obtain database sensitive information...

7.9AI score
Exploits0
CNVD
CNVD
added 2019/12/09 12:0 a.m.2 views

ZZZphp sa***.php page sl*** parameter has SQL injection vulnerability

zzphp is a PHP and MYSQL based on free open source building system . ZZZphp sa.php page sl parameters exist SQL injection vulnerability, an attacker can use the vulnerability to obtain database sensitive information...

8AI score
Exploits0
CNVD
CNVD
added 2019/12/07 12:0 a.m.2 views

SQL injection vulnerability in emlog backend na***.php page

Short for every memory log, emlog is a PHP and MySQL based blog and CMS builder. SQL injection vulnerability exists in the background na.php page of emlog, which can be exploited by attackers to obtain sensitive database information...

7.9AI score
Exploits0
Rows per page
Query Builder