The vulnerability of the RequestHandlers.js LoginAuth function in the software for router configuration by MilesightVPN allows a hacker to bypass the authentication process.

The vulnerability of the RequestHandlers.js LoginAuth function in the MilesightVPN software’s router configuration relates to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor to bypass the authentication process remotely...

PT-2023-27750 · Qsige · Qsige

Name of the Vulnerable Software and Affected Versions: QSige affected versions not specified Description: The QSige statistics are affected by a remote SQL injection vulnerability. The web application does not correctly filter input parameters, allowing SQL injections, Denial of Service DoS, or...

DedeBIZ SQL Injection Vulnerability

DedeBIZ is a content management system from China Muyun Intelligent Technology DedeBIZ company. A SQL injection vulnerability exists in DedeBIZ version 6.2, which stems from the fact that incorrect manipulation of the parameter ids can lead to sql injection...

CVE-2023-44047

Sourcecodester Toll Tax Management System v1 is vulnerable to SQL Injection...

PT-2023-31400 · Infinitietech · Infinitietech Taskhub

Name of the Vulnerable Software and Affected Versions: infinitietech taskhub version 2.8.7 Description: A critical issue has been found in the GET Parameter Handler component, specifically affecting the /home/get tasks list file. The manipulation of the project/status/user id/sort/search argument...

PT-2023-30110 · Unknown · Saphira Connect

Name of the Vulnerable Software and Affected Versions: Saphira Connect versions prior to 9 Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL Injection attacks. Recommendations: For...

PT-2023-27712 · Unknown · Schoolmate

Name of the Vulnerable Software and Affected Versions: Schoolmate version 1.3 Description: The issue concerns SQL Injection in the schoolname variable from the Database, located at header.php. This allows for potential exploitation. Recommendations: For Schoolmate version 1.3, consider restrictin...

SUSE CVE-2023-39361

Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a SQL injection discovered in graphview.php. Since guest users can access graphview.php without authentication by default, if guest users are being utilized in an enabled state, there...

PT-2023-4916 · Unknown · Super Store Finder

Name of the Vulnerable Software and Affected Versions: Super Store Finder version 3.6 Description: The issue is related to a lack of protection against SQL query structure exploitation, which can allow a remote attacker to gain access to the administration panel. The store locator component is...

ARDEREG Sistemas SCADA SQL Injection Vulnerability

ARDEREG Sistemas SCADA is a Supervisory Control and Data Acquisition SCADA system from ARDEREG, Inc. ARDEREG Sistemas SCADA suffers from a SQL injection vulnerability that originates from the login page being susceptible to SQL injection attacks...

CVE-2023-4556

A vulnerability was found in SourceCodester Online Graduate Tracer System 1.0 and classified as critical. Affected by this issue is the function mysqliquery of the file sexit.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been...

PT-2023-29575 · Sourcecodester · Sourcecodester Online Graduate Tracer System

Name of the Vulnerable Software and Affected Versions: SourceCodester Online Graduate Tracer System version 1.0 Description: A critical issue was found, affecting the mysqli query function of the file sexit.php. The manipulation of the id argument leads to SQL injection. The attack can be launche...

Aruba Networks EdgeConnect SD-WAN Orchestrator SQL注入漏洞

Aruba Networks EdgeConnect is an edge connectivity management platform from Aruba Networks, USA. A security vulnerability exists in the Aruba Networks EdgeConnect SD-WAN Orchestrator that stems from an SQL injection vulnerability in the web-based management interface...

CVE-2023-39939

SQL injection vulnerability in LuxCal Web Calendar prior to 5.2.3M MySQL version and LuxCal Web Calendar prior to 5.2.3L SQLite version allows a remote unauthenticated attacker to execute arbitrary queries against the database and obtain or alter the information in it...

CVE-2022-48601

A SQL injection vulnerability exists in the “network print report” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database...

CVE-2022-48596

A SQL injection vulnerability exists in the “ticket queue watchers” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database...

CVE-2022-48597

A SQL injection vulnerability exists in the “ticket event report” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database...

CVE-2022-48587

A SQL injection vulnerability exists in the “schedule editor” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database...

PT-2023-15861 · Sciencelogic · Sciencelogic Sl1

Name of the Vulnerable Software and Affected Versions: ScienceLogic SL1 affected versions not specified Description: A SQL injection issue exists in the “reporting job editor” feature of the ScienceLogic SL1. This feature takes unsanitized user-controlled input and passes it directly to a SQL...

PT-2023-15868 · Sciencelogic · Sciencelogic Sl1

Name of the Vulnerable Software and Affected Versions: ScienceLogic SL1 affected versions not specified Description: A SQL injection issue exists in the "ticket queue watchers" feature of the ScienceLogic SL1. This feature takes unsanitized user-controlled input and passes it directly to a SQL...