Code-Projects Chat System 注入漏洞

Chat System is a chat system. Chat System has a SQL injection vulnerability that stems from a lack of sufficient input validation and cleanup of the parameter user in the file /user/addnewmember.php. An attacker could exploit this vulnerability to cause database information to be disclosed or...

CVE-2024-48761

Reflected XSS vulnerability in Celk Sistemas Celk Saude v.3.1.252.1 allows a remote attacker to inject arbitrary JavaScript code via the "erro" parameter...

CVE-2025-0754

The vulnerability was found in OpenShift Service Mesh 2.6.3 and 2.5.6. This issue occurs due to improper sanitization of HTTP headers by Envoy, particularly the x-forwarded-for header. This lack of sanitization can allow attackers to inject malicious payloads into service mesh logs, leading to lo...

EsafeNet CDG 安全漏洞

EsafeNet CDG is a document security management system from EsafeNet. A security vulnerability exists in EsafeNet CDG version V5, which originates from the parameter id of the file /contenttop.jsp that can lead to SQL injection...

CVE-2024-57095

SQL injection vulnerability in Go-CMS v.1.1.10 allows a remote attacker to execute arbitrary code via a crafted payload...

PT-2025-2632 · Ibm · Bigfix Patch Download Plug-Ins

Name of the Vulnerable Software and Affected Versions: BigFix Patch Download Plug-ins affected versions not specified Description: The issue is related to an insecure package in BigFix Patch Download Plug-ins that is susceptible to XML injection attacks. This allows an attacker to inject maliciou...

PT-2025-3427 · Unknown · Online Food Ordering System

Name of the Vulnerable Software and Affected Versions: Online Food Ordering System version 1.0 Description: A SQL Injection issue exists in the login form of the system. The issue arises because the input fields username and password are not properly sanitized, allowing attackers to inject...

CVE-2024-56841

A vulnerability has been identified in Mendix LDAP All versions V1.1.2. Affected versions of the module are vulnerable to LDAP injection. This could allow an unauthenticated remote attacker to bypass username verification...

Cross-Site Scripting (XSS)

netcarver/textile is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper sanitization of user-controllable href input in image links when running the parser in restricted mode, allowing an attacker to inject malicious JavaScript code into image links, which is executed wh...

code-projects Online Shoe Store 注入漏洞

Online Shoe Store is an online shoe store system. Online Shoe Store suffers from a SQL injection vulnerability that originates from the id parameter in the /details.php page that lacks validation of externally entered SQL statements. An attacker can exploit this vulnerability to execute illegal S...

Landray EIS 安全漏洞

Landray EIS is a comprehensive intelligent collaboration platform from the Chinese company Landray. A security vulnerability exists in Landray EIS versions 2001 through 2006 that stems from vulnerability to SQL injection attacks...

CVE-2024-22063 ZTE ZENIC ONE R58 product has a CSV injection vulnerability

The ZENIC ONE R58 products by ZTE Corporation have a command injection vulnerability. An authenticated attacker can exploit this vulnerability to tamper with messages, inject malicious code, and subsequently launch attacks on related devices...

PT-2024-17865 · Unknown · 1000 Projects Attendance Tracking Management System

Name of the Vulnerable Software and Affected Versions: 1000 Projects Attendance Tracking Management System version 1.0 Description: A critical issue was found in the 1000 Projects Attendance Tracking Management System. This issue affects the file /admin/attendance action.php and is related to the...

CVE-2024-12934

A vulnerability classified as critical has been found in code-projects Simple Admin Panel 1.0. This affects an unknown part of the file updateItemController.php. The manipulation of the argument pdesk leads to sql injection. It is possible to initiate the attack remotely. The exploit has been...

Codezips Project Management System 注入漏洞

Codezips Project Management System is a project management system that provides project management, task assignment and other features. A SQL injection vulnerability exists in the /pages/forms/advanced.php file in Codezips Project Management System version 1.0, which stems from insufficient...

CVE-2024-12898

A vulnerability was found in 1000 Projects Attendance Tracking Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/facultyaction.php. The manipulation of the argument facultycourseid leads to sql injection. The attack can be initiate...

PT-2024-36674 · Vibebp · Vibebp

Name of the Vulnerable Software and Affected Versions: VibeBP versions prior to 1.9.9.7.7 Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL Injection attacks. Recommendations: For...

RTI Connext Professional 安全漏洞

RTI Connext Professional is a connectivity platform from RTI USA designed to meet the demanding requirements of the Industrial Internet of Things IIoT. A security vulnerability exists in RTI Connext Professional that stems from an improper neutralization of the particular element used, which can...

CVE-2024-11840

CVE-2024-11840 affects RapidLoad AI – Optimize Web Vitals Automatically (WordPress plugin) up to v2.4.2. It lacks capability checks on multiple functions (uucss_data, update_rapidload_settings, wp_ajax_update_htaccess_file, uucss_update_rule, upload_rules, get_all_rules, update_titan_settings, pr...

GHSA-4V5X-9M47-CQR2 Duplicate Advisory: WildFly Elytron OpenID Connect Client Extension authorization code injection attack

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-5565-3c98-g6jc. This link is maintained to preserve external references. Original Description A vulnerability was found in OIDC-Client. When using the RH SSO OIDC adapter with EAP 7.x or when using the...