SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection via the start and end request parameters in CargoExport.php. An attacker can execute arbitrary SQL commands by submitting crafted input to the affected endpoint. Remediation Upgrade mediawiki/cargo to version 3.8.4 or...

EUVD-2017-3651

Malware in sbrugna...

VulnCheck KEV: CVE-2021-24498

The Calendar Event Multi View WordPress plugin before 1.4.01 does not sanitise or escape the 'start' and 'end' GET parameters before outputting them in the page via php/edit.php, leading to a reflected Cross-Site Scripting issue...

PT-2024-34428 · Unknown · Kashipara E-Learning Management System Project

Name of the Vulnerable Software and Affected Versions: kashipara E-learning Management System Project version 1.0 Description: A SQL Injection issue was found in the /admin/calendar of events.php page of the kashipara E-learning Management System Project. The vulnerability is exploitable via the...

CVE-2024-7936

A vulnerability classified as critical has been found in itsourcecode Project Expense Monitoring System 1.0. This affects an unknown part of the file transferredreport.php. The manipulation of the argument start/end/employee leads to sql injection. It is possible to initiate the attack remotely...

itsourcecode Project Expense Monitoring System SQL注入漏洞

itsourcecode Project Expense Monitoring System is a project expense monitoring system from itsourcecode, Inc. A SQL injection vulnerability exists in itsourcecode Project Expense Monitoring System version 1.0, which stems from operations on the parameters start/end/employee that result in SQL...

CVE-2024-33960

SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following 'end' in...

PT-2024-25592 · Unknown · Janobe Paypal/Card Payment

Name of the Vulnerable Software and Affected Versions: Janobe PayPal/Card Payment version 1.0 Description: A SQL injection issue affects the payment system, allowing an attacker to send a specially crafted query to the server and retrieve stored information through the end parameter in the...

CVE-2024-3357

A vulnerability classified as problematic has been found in SourceCodester Aplaya Beach Resort Online Reservation System 1.0. This affects an unknown part of the file admin/modreports/index.php. The manipulation of the argument end leads to cross site scripting. It is possible to initiate the...

Aplaya Beach Resort Online Reservation System SQL注入漏洞

Aplaya Beach Resort Online Reservation System is the online room reservation system of Aplaya Beach Resort. SourceCodester Aplaya Beach Resort Online Reservation System version 1.0 has a SQL injection vulnerability that originates from a SQL injection in the categ/end parameter of the...

Aplaya Beach Resort Online Reservation System 跨站脚本漏洞

Aplaya Beach Resort Online Reservation System is the online room reservation system for Aplaya Beach Resort. A cross-site scripting vulnerability exists in SourceCodester Aplaya Beach Resort Online Reservation System version 1.0, which stems from a cross-site scripting vulnerability in the end...

CVE-2023-2100

A vulnerability classified as problematic was found in SourceCodester Vehicle Service Management System 1.0. This vulnerability affects unknown code of the file /admin/report/index.php. The manipulation of the argument dateend leads to cross site scripting. The attack can be initiated remotely. T...

PT-2023-17789

Name of the Vulnerable Software and Affected Versions SourceCodester Vehicle Service Management System version 1.0 Description A problematic vulnerability was found in the SourceCodester Vehicle Service Management System. This issue affects the file /admin/report/index.php and is triggered by the...

Sourcecodester Vehicle Service Management System 跨站脚本漏洞

Sourcecodester Vehicle Service Management System is an open source PHP project. A simple web application for automotive repair/service stores or businesses. A cross-site scripting vulnerability exists in SourceCodester Vehicle Service Management System version 1.0, which originates from unknown...

Faveo Helpdesk SQL注入漏洞

Faveo Helpdesk is an open source ticketing system built by Faveo based on Laravel framework. A security vulnerability exists in Faveo Helpdesk versions 1.0 through 1.11.1, which stems from a controlled parameter passed from the front-end of the login box to the back-end, resulting in an SQL...

Event Management System SQL注入漏洞

Event Management System is an event management system. A SQL injection vulnerability exists in Calendar Event Management System version 2.3.0, which can be exploited by an attacker to perform SQL injection via the start/end parameter...

PT-2023-16445 · Unknown · Calendar Event Management System

Name of the Vulnerable Software and Affected Versions: Calendar Event Management System version 2.3.0 Description: A critical issue was found in the system, affecting an unknown part. The manipulation of the start and end arguments leads to SQL injection. It is possible to initiate the attack...

CVE-2021-24498

The Calendar Event Multi View WordPress plugin before 1.4.01 does not sanitise or escape the 'start' and 'end' GET parameters before outputting them in the page via php/edit.php, leading to a reflected Cross-Site Scripting issue...

PT-2021-3991 · WordPress · Calendar Event Multi View

Name of the Vulnerable Software and Affected Versions: Calendar Event Multi View WordPress plugin versions prior to 1.4.01 Description: The issue is related to the lack of protection of the web page structure, allowing a remote attacker to conduct cross-site scripting attacks. Specifically, the...

USVN Operating System Command Injection Vulnerability

USVN is a Php-based software for configuring Subversion by the USVN team. A security vulnerability exists in versions prior to USVN 1.0.9 that allows remote code execution via shell metacharacters in the start-of-number or end-of-number parameter to lastthunderdredrequest aka...