PT-2023-25195

Name of the Vulnerable Software and Affected Versions a2 License Portal System versions prior to 1.48 Description The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL Injection attacks. Recommendation...

BA Gallery SQL Injection Vulnerability in Joomla!

Joomla! is a set of forum components used in the Joomla! content management system. A security vulnerability exists in Joomla! BA Gallery that stems from improper neutralization of special elements, which can lead to SQL injection...

The vulnerability of the PHP platform pimcore, related to the lack of measures taken to protect the SQL query structure, allows attackers to carry out attacks based on SQL injections.

The vulnerability of the PHP platform pimcore is related to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to carry out attacks based on SQL injections...

CVE-2023-38684

Discourse (open source forum software) is vulnerable in versions prior to 3.0.6 (stable) and 3.1.0.beta7 (beta/tests-passed) where multiple controller actions accept limit parameters without an upper bound, potentially enabling arbitrary users to generate expensive DB queries and exhaust server r...

The vulnerability of the clearAlertByIds function in the system for managing, diagnosing, and optimizing the operation of network devices. The ProSafe Network Management NMS300 allows a hacker to increase their privileges.

The vulnerability of the clearAlertByIds function in the system for managing, diagnosing, and optimizing network device operations is related to the lack of protection for the SQL query structure. Exploiting this vulnerability can allow a malicious actor to increase their privileges remotely...

Campcodes Beauty Salon Management System SQL注入漏洞

Campcodes Beauty Salon Management System is a beauty salon management system from Campcodes. A SQL injection vulnerability exists in Campcodes Beauty Salon Management System version 1.0, which originates from an unknown function in the file /admin/admin-profile.php that can lead to SQL injection...

Biltay Technology Scienta SQL注入漏洞

Biltay Technology Scienta is a mobile application from Biltay Technology designed for enterprise management. Biltay Technology Scienta suffers from a SQL injection vulnerability that stems from not properly neutralizing special elements. An attacker can exploit this vulnerability to inject...

DedeBIZ 跨站脚本漏洞

DedeBIZ is a content management system from China Muyun Intelligent Technology DedeBIZ company. A cross-site scripting vulnerability exists in DedeBIZ version 6.2.10, which originates from the presence of an unknown function in the file /admin/syssqlquery.php, resulting in cross-site scripting...

CVE-2023-3793

A vulnerability was found in Weaver e-cology. It has been rated as critical. This issue affects some unknown processing of the file filelFileDownloadForOutDoc.class of the component HTTP POST Request Handler. The manipulation of the argument fileid with the input 1+WAITFOR+DELAY leads to sql...

Bylancer QuickOrder SQL注入漏洞

Bylancer QuickOrder is a WhatsApp food ordering plugin from Bylancer. A SQL injection vulnerability exists in Bylancer QuickOrder version 6.3.7, which stems from the presence of an unknown function in the blog in the component GET Parameter Handler, which leads to sql injection via parameter s. T...

The vulnerability of the software for processing and transmitting confidential data in Progress MOVEit Transfer arises from the lack of measures taken to protect the SQL query structure. This allows attackers to circumvent security restrictions, execute arbitrary SQL code, and gain unauthorized access to read, modify, or delete data.

The vulnerability of the software for processing and transmitting confidential data using Progress MOVEit Transfer is related to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows an attacker, operating remotely, to circumvent security restrictions...

CVE-2023-37303

An issue was discovered in the CheckUser extension for MediaWiki through 1.39.3. In certain situations, an attempt to block a user fails after a temporary browser hang and a DBQueryDisconnectedError error message...

UBUNTU-CVE-2023-37303

An issue was discovered in the CheckUser extension for MediaWiki through 1.39.3. In certain situations, an attempt to block a user fails after a temporary browser hang and a DBQueryDisconnectedError error message...

The vulnerability of the GLPI system’s handling of requests and incidents lies in the improper cancellation of input during the generation of web pages, allowing a malicious user to execute arbitrary SQL queries in the database.

The vulnerability of the GLPI system for handling requests and incidents is related to insufficient cleaning of user data on search pages. A malicious actor can trick a victim into clicking on a specially created link, allowing arbitrary HTML code and scripts to be executed in the user’s browser...

PT-2023-11557 · Unknown · Joyplus-Cms

Name of the Vulnerable Software and Affected Versions: Joyplus-cms version 1.6.0 Description: A SQL injection issue allows a remote attacker to access sensitive information via the id parameter of the goodbad function. This enables unauthorized access to sensitive data. Recommendations: For...

PHPOK SQL注入漏洞

PHPOK is an enterprise building system that supports expansion. PHPOK v.5.4 suffers from a SQL injection vulnerability that originates from allowing remote attackers to obtain sensitive information via the userlist function in the framerwork/phpokcall.php file. No detailed vulnerability details a...

CVE-2023-2221

The WP Custom Cursors WordPress plugin before 3.2 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as Admin...

JeecgBoot SQL注入漏洞

JeecgBoot is a Chinese Java low-code platform for enterprise web applications. A security vulnerability exists in JeecgBoot 3.5.1 and earlier versions, which stems from a SQL injection vulnerability in the component queryFilterTableDictInfo...

Agro-School Management System SQL注入漏洞

Agro-School Management System is an agricultural school management system. A SQL injection vulnerability exists in Agro-School Management System version 1.0, which stems from a problem with the file loaddata.php, where manipulation of the subject/course parameter can result in sql injection...

PT-2023-24185 · Code Projects · Agro-School Management System

Name of the Vulnerable Software and Affected Versions: code-projects Agro-School Management System version 1.0 Description: A critical issue has been found in the Agro-School Management System, affecting some unknown functionality of the file loaddata.php. The manipulation of the subject/course...