CVE-2023-52335

Advantech iView ConfigurationServlet SQL Injection Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability. The specific flaw exist...

The vulnerability of the Ivanti Endpoint Manager software for managing endpoints in information networks lies in the lack of protective measures for SQL query structures, allowing attackers to execute arbitrary code.

The vulnerability of the Ivanti Endpoint Manager software for managing endpoints in information networks relates to the lack of security measures taken to protect the SQL query structure. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

SourceCodester Best Employee Management System 安全漏洞

SourceCodester Best Employee Management System is a SourceCodester open source employee management system. A security vulnerability exists in SourceCodester Best Employee Management System version 1.0, which originates from an SQL injection vulnerability in the id parameter of the...

PT-2024-16683 · Sourcecodester · Sourcecodester Online Veterinary Appointment System

Name of the Vulnerable Software and Affected Versions: SourceCodester Online Veterinary Appointment System version 1.0 Description: A critical vulnerability was found in the SourceCodester Online Veterinary Appointment System. This issue affects the file /admin/services/view service.php, where th...

WordPress WP EIS plugin <= 1.3.3 - SQL Injection vulnerability

SQL Injection vulnerability discovered by LVT-tholv2k Patchstack Alliance in WordPress Plugin WP EIS versions = 1.3.3...

The vulnerability of the EdOnline EMS system allows a perpetrator to disclose protected information.

The vulnerability of the EdOnline EMS educational process management system is related to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability can allow a malicious actor to disclose the protected information...

PT-2024-33055 · Wavelog · Wavelog

Name of the Vulnerable Software and Affected Versions: Wavelog version 1.8.5 Description: The issue allows SQL injection via the band, sat, propagation, or mode variables in the get band confirmed function of Gridmap model.php. This can potentially lead to unauthorized access or manipulation of...

CVE-2024-9156

The TI WooCommerce Wishlist WordPress plugin through 2.8.2 is vulnerable to SQL Injection due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries...

CVE-2024-42417

Delta Electronics DIAEnergie is vulnerable to an SQL injection in the script HandlerCFG.ashx. An authenticated attacker may be able to exploit this issue to cause delay in the targeted product...

WordPress plugin The Events Calendar SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection vulnerability...

SourceCodester Modern Loan Management System SQL注入漏洞

SourceCodester Modern Loan Management System is a modern loan management system from SourceCodester open source. A SQL injection vulnerability exists in SourceCodester Modern Loan Management System version 1.0, which stems from an incorrect operation of the parameter searchMember that can result ...

SEMCMS 安全漏洞

SEMCMS is a foreign trade web content management system CMS that supports multiple languages. A SQL injection vulnerability exists in SEMCMS version 4.8, which originates from the lack of validation of external SQL statements in SEMCMSMain.php. An attacker can exploit this vulnerability to execut...

PT-2024-7376 · Unknown · Edonline Ems

Name of the Vulnerable Software and Affected Versions: EdOnline EMS affected versions not specified Description: The issue is related to the lack of protection for the SQL query structure in EdOnline EMS, which could allow a remote attacker to disclose protected information. Recommendations: At t...

PT-2024-13441 · Undefined · Undefined

SageCRM Directory Traversal, SQL Injection and Server-Side Request Forgery CVEs: CVE-2023-47300, CVE-2023-47301, CVE-2023-47302,CVE-2023-47303 https://t.co/HSou9Momct...

CVE-2024-6924

The TrueBooker WordPress plugin before 1.0.3 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection...

PT-2024-39032 · Unknown · Job Portal

Name of the Vulnerable Software and Affected Versions: JobPortal affected versions not specified Description: The issue is related to a SQL injection vulnerability. An attacker could send a specially designed query through the user id parameter in the "/jobportal/admin/user/controller.php" endpoi...

Lansweeper Credential Collector

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Lansweeper Credential Collector', 'Description' = %q Lansweeper stores the credentials it uses to scan the computers in its Microsoft SQL databas...

WordPress plugin Propovoice Pro SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection...

SourceCodester E-Commerce Website SQL注入漏洞

SourceCodester E-Commerce Website is a SourceCodester open source application. A PHP e-commerce website project for bookstores. A SQL injection vulnerability exists in SourceCodester E-Commerce Website version 1.0, which stems from the manipulation of the parameter fname in the file...

CVE-2024-7651

The App Builder – Create Native Android & iOS Apps On The Flight plugin for WordPress is vulnerable to limited SQL Injection via the ‘app-builder-search’ parameter in all versions up to, and including, 4.2.6 due to insufficient escaping on the user supplied parameter and lack of sufficient...