CVE-2024-7780

The Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder plugin for WordPress is vulnerable to generic SQL Injection via the id parameter in versions 2.0 to 2.13.9 due to insufficient escaping on the user-supplied parameter and la...

Hertzbeat 安全漏洞

Hertzbeat is an open source real-time monitoring system. A SQL injection vulnerability exists in Hertzbeat versions prior to 1.6.0 that stems from the application's lack of validation of externally entered SQL statements. An attacker can exploit this vulnerability to execute illegal SQL commands ...

PT-2024-38414 · WordPress · Learnpress

Name of the Vulnerable Software and Affected Versions: LearnPress – WordPress LMS Plugin versions up to, and including, 4.2.6.9.3 Description: The issue is related to time-based SQL Injection via the order parameter due to insufficient escaping on the user-supplied parameter and lack of sufficien...

PT-2024-38292 · Sourcecodester · Sourcecodester Tracking Monitoring Management System

Name of the Vulnerable Software and Affected Versions: SourceCodester Tracking Monitoring Management System version 1.0 Description: A critical issue was found in the system, affecting the /ajax.php?action=save establishment file. The manipulation of the id argument leads to SQL injection. The...

CVE-2024-39304 ChurchCRM SQL Injection Vulnerability

ChurchCRM is an open-source church management system. Versions of the application prior to 5.9.2 are vulnerable to an authenticated SQL injection due to an improper sanitization of user input. Authentication is required, but no elevated privileges are necessary. This allows attackers to inject SQ...

The vulnerability of the templateadd.php file in the Tailoring Management System allows a malicious individual to execute arbitrary SQL code, gain unauthorized access to read, modify, or delete data, or cause service interruptions.

The vulnerability of the templateadd.php file in the Tailoring Management System relates to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows an attacker who operates remotely to execute arbitrary SQL code, gain unauthorized access to read, modify, ...

PT-2024-37839 · Aguardnet · Aguardnet'S Space Management System

Name of the Vulnerable Software and Affected Versions: AguardNet's Space Management System affected versions not specified Description: The issue allows unauthenticated remote attackers to inject arbitrary SQL commands, enabling them to read, modify, and delete database contents due to improper...

CVE-2024-39027

SeaCMS v12.9 has an unauthorized SQL injection vulnerability. The vulnerability is caused by the SQL injection through the cid parameter at /js/player/dmplayer/dmku/index.php?ac=edit, which can cause sensitive database information to be leaked...

The vulnerability of the query_utask_verbose function in the MCUDBHelper component of the corporate version of the PowerPanel Enterprise monitoring and power source management system allows a perpetrator to disclose protected information.

The vulnerability of the queryutaskverbose function in the MCUDBHelper component of the PowerPanel Enterprise monitoring and power management system is related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability can allow an attacker to disclose sensitive...

WordPress plugin UsersWP security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

The vulnerability of the ThinServer component of the Rockwell Automation ThinManager application management platform allows a attacker to execute arbitrary code.

The vulnerability of the ThinServer component of Rockwell Automation’s centralized application management platform, ThinManager, relates to errors in processing input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by sending a specially crafted SQL query...

CVE-2024-6218

A vulnerability, which was classified as critical, has been found in itsourcecode Vehicle Management System 1.0. Affected by this issue is some unknown functionality of the file busprofile.php. The manipulation of the argument busid leads to sql injection. The attack may be launched remotely. The...

CVE-2024-5605

The Media Library Assistant plugin for WordPress is vulnerable to time-based SQL Injection via the ‘order’ parameter within the mlatagcloud Shortcode in all versions up to, and including, 3.16 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...

WordPress plugin Youzify security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

The vulnerability of the IT service management web component Ivanti Neurons for ITSM allows a malicious actor to read, modify, delete arbitrary files, and cause service failures.

The vulnerability of the IT service management web component Ivanti Neurons for ITSM is related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows an attacker to remotely read, modify, or delete arbitrary files, as well as cause a service failure...

The vulnerability of the software for network monitoring and control of IT infrastructure on the SolarWinds Platform lies in the lack of protective measures for the SQL query structure, allowing attackers to execute arbitrary SQL code.

The vulnerability of the software for network monitoring and control of IT infrastructure on the SolarWinds Platform is related to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL code remotely...

CVE-2024-5329

The Unlimited Elements For Elementor Free Widgets, Addons, Templates plugin for WordPress is vulnerable to blind SQL Injection via the ‘dataaddonID’ parameter in all versions up to, and including, 1.5.109 due to insufficient escaping on the user supplied parameter and lack of sufficient preparati...

Campcodes Complete Web-Based School Management System 安全漏洞

Campcodes Complete Web-Based School Management System is a Web-based school management system from Campcodes, Inc. A security vulnerability exists in Complete Web-Based School Management System version 1.0. An attacker can exploit this vulnerability to execute arbitrary SQL commands via the id...

The vulnerability of the Ivanti EPM 2022 SU5 endpoint management software lies in its lack of measures to neutralize special elements used in the operating system’s command set. This allows a perpetrator to execute arbitrary code.

The vulnerability of the Ivanti EPM 2022 SU5 endpoint management software exists due to the failure to take measures to neutralize special elements used in the operating system’s command set. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by injecting specially...

The vulnerability of the built-in server of the medical image and data management system Sante PACS Server PG allows a hacker to execute arbitrary codes.

The vulnerability in the embedded DICOM server of the medical image and data management system Sante PACS Server PG is related to the lack of measures taken to protect the SQL query structure when processing the NAME parameter of a patient record. Exploiting this vulnerability allows an attacker ...