CVE-2022-0786

The KiviCare WordPress plugin before 2.3.9 does not sanitise and escape some parameters before using them in SQL statements via the ajaxpost AJAX action with the getdoctordetails route, leading to SQL Injections exploitable by unauthenticated users...

Sql injection

The Export any WordPress data to XML/CSV WordPress plugin before 1.3.5 does not sanitize the cpt POST parameter when exporting post data before using it in a database query, leading to an SQL injection vulnerability...

phplist SQL注入漏洞

phplist is a suite of open source newsletter and email marketing software from the UK-based phplist. Version 3.2.6 of phplist contains a security vulnerability that can be exploited by attackers to conduct SQL injection attacks...

CVE-2022-1687

The Logo Slider WordPress plugin through 1.4.8 does not sanitise and escape the lspsliderid parameter before using it in a SQL statement via the Manage Slider Images admin page, leading to an SQL Injection...

CVE-2022-32008

Complete Online Job Search System v1.0 is vulnerable to SQL Injection via eris/admin/vacancy/index.php?view=edit&id=...

CVE-2022-29659

Responsive Online Blog v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at single.php...

Rescue Dispatch Management System SQL注入漏洞

Rescue Dispatch Management System is a rescue dispatch management system from Carlo Montero's personal developer. rescue dispatch management system v1.0 is vulnerable to SQL injection, which originates from /rdms/classes/ Master.php?f=deletereport page lacks validation of externally entered SQL...

Online Ordering System SQL注入漏洞

Online Ordering System is a multi-store ordering system that can be used by any small business. version 1.0 of Online Ordering System is vulnerable to a SQL injection vulnerability that stems from a lack of validation of externally entered SQL statements on the admin/vieworders.php page, which...

CVE-2022-29688

CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/singer/admin/singer/hy...

Jfinal CMS SQL注入漏洞

Jfinal CMS is a powerful information consulting website developed by java, using the simple and powerful JFinal as a web framework, template engine with beetl, database with mysql, front-end bootstrap framework. jfinal CMS version 5.1 has a SQL injection vulnerability, the vulnerability originate...

Automotive Shop Management System SQL注入漏洞

Automotive Shop Management System is an automotive shop management system. version 1.0 of Automotive Shop Management System contains a security vulnerability that could be exploited to dump all database credentials and gain administrator access...

Export any WordPress data to XML/CSV < 1.3.5 - Admin+ SQL Injection

The plugin does not sanitize the cpt POST parameter when exporting post data before using it in a database query, leading to an SQL injection vulnerability. PoC 1. Go to the All Export New Export screen in the WordPress admin. 2. Now click on Specific Post Type Posts. 3. Click now on Migrate...

CVE-2022-29988

Online Sports Complex Booking System 1.0 is vulnerable to SQL Injection via \scbs\classes\Master.php?f=delete...

CVE-2022-29009

Multiple SQL injection vulnerabilities via the username and password parameters in the Admin panel of Cyber Cafe Management System Project v1.0 allows attackers to bypass authentication...

OpenMRS SQL注入漏洞

OpenMRS is a medical records system from OpenMRS, Inc. SQL injection vulnerability can be exploited to cause a SQL injection vulnerability via GET requests...

CVE-2022-0814

The Ubigeo de Perú para Woocommerce WordPress plugin before 3.6.4 does not properly sanitise and escape some parameters before using them in SQL statements via various AJAX actions, some of which are available to unauthenticated users, leading to SQL Injections...

CVE-2022-28533

Sourcecodester Medical Hub Directory Site 1.0 is vulnerable to SQL Injection via /mhds/clinic/viewdetails.php...

Delta Electronics DIAEnergie SQL注入漏洞

Delta Electronics DIAEnergie is an industrial energy management system for monitoring and analyzing energy consumption in real time, calculating energy consumption and load characteristics, optimizing equipment performance, improving production processes and maximizing energy efficiency. A SQL...

CVE-2022-28429

Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via /admin/inbox.php&action=delete&msgid=...

FormaLms SQL注入漏洞

formalms a learning management system. Used to build around the specific needs of corporate training. formalms versions prior to v.1.4.3 contain a SQL injection vulnerability that stems from the application's lack of validation of externally entered SQL statements. An attacker could exploit this...