PT-2024-23703 · Unknown · Phpgurukul Cyber Cafe Management System

Name of the Vulnerable Software and Affected Versions: phpgurukul Cyber Cafe Management System Using PHP & MySQL version 1.0 Description: The issue allows attackers to run arbitrary SQL commands via the editid variable in the "/edit-computer-detail.php" API endpoint. This enables attackers to...

Tianwell Fire Intelligent Command Platform 安全漏洞

Tianwell Fire Intelligent Command Platform is a firefighting intelligent command platform from Tianwell, China. A security vulnerability exists in Tianwell Fire Intelligent Command Platform version 1.1.1.1, which stems from an incorrect operation of the parameter gsdwid that can lead to SQL...

CVE-2024-2342

The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to SQL Injection via the customerid parameter in all versions up to, and including, 1.6.7.7 due to insufficient escaping on the user supplied parameter and lack of sufficient...

CVE-2023-44038

In VeridiumID before 3.5.0, the identity provider page allows an unauthenticated attacker to discover information about registered users via an LDAP injection attack...

pgjdbc: PostgreSQL JDBC Driver allows attacker to inject SQL if using PreferQueryMode=SIMPLE

A flaw was found in the PostgreSQL JDBC Driver. A SQL injection is possible when using the non-default connection property preferQueryMode=simple in combination with application code that has a vulnerable SQL that negates a parameter value...

USN-6720-1 cacti vulnerability

Kentaro Kawane discovered that Cacti incorrectly handled user provided input sent through request parameters to the graphview.php script. A remote authenticated attacker could use this issue to perform SQL injection attacks...

NetentSec NS-ASG 安全漏洞

NetentSec NS-ASG is an application security gateway from China NetentSec. A security vulnerability exists in NetentSec NS-ASG version 6.3, which originates from an SQL injection vulnerability in the /admin/editvirtualsiteinfo.php file...

PT-2024-19049 · Zoho · Zoho Manageengine Exchange Reporter Plus

Name of the Vulnerable Software and Affected Versions: Zoho ManageEngine Exchange Reporter Plus versions 5714 and below Description: The issue is related to an Authenticated SQL injection in the report exporting feature. Recommendations: For Zoho ManageEngine Exchange Reporter Plus versions 5714...

PT-2024-1657 · Solarwinds · Solarwinds Orion Platform

Name of the Vulnerable Software and Affected Versions: SolarWinds Orion Platform affected versions not specified Description: A SQL Injection Remote Code Execution vulnerability was found in the SolarWinds Platform, which can be exploited using a create statement. This issue requires user...

Raven - CI/CD Security Analyzer

RAVEN Risk Analysis andVulnerability Enumeration for CI/CD is a powerful security tool designed to perform massive scans for GitHub Actions CI workflows and digest the discovered data into a Neo4j database. Developed and maintained by the Cycode research team. With Raven, we were able to identify...

[SECURITY] [DLA 3715-1] jinja2 security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-3715-1 [email protected] https://www.debian.org/lts/security/ Chris Lamb January 23, 2024 https://wiki.debian.org/LTS -...

PrestaShop Security Breach

PrestaShop is an open source e-commerce solution from PrestaShop, Inc. in the United States. The solution provides multiple payment methods, SMS alerts and product image scaling. A security vulnerability exists in PrestaShop due to an SQL injection vulnerability in the...

PT-2024-15595 · Code Projects · Code-Projects Fighting Cock Information System

Name of the Vulnerable Software and Affected Versions: code-projects Fighting Cock Information System version 1.0 Description: A critical issue affects the processing of the file /admin/pages/edit chicken.php, where the manipulation of the id argument leads to sql injection. The attack can be...

PT-2024-15438

Name of the Vulnerable Software and Affected Versions Kashipara Food Management System versions up to 1.0 Description A critical issue has been found in the processing of the file partylist edit submit.php. The manipulation of the argument id leads to sql injection. The attack may be initiated...

Kashipara Food Management System SQL注入漏洞

Kashipara Food Management System is a food management system from Kashipara. A SQL injection vulnerability exists in Kashipara Food Management System version 1.0, which is caused by a lack of validation of the itemname parameter of the itemlistsubmit.php file against externally-entered SQL...

PT-2023-30182

Name of the Vulnerable Software and Affected Versions GM Information Technologies MDO versions through 20231229 Description The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL Injection attacks. The...

The vulnerability of the GLPI system’s request, incident, and computer equipment inventory processes, related to the improper elimination of special elements used in SQL commands, allows a hacker to alter the database query logic by introducing arbitrary SQL operators.

The vulnerability of the GLPI system’s request, incident, and computer equipment inventory management functions is related to the improper elimination of special elements used in SQL queries. Exploiting this vulnerability allows a malicious actor to alter the query logic to the database, by...

Adobe Experience Manager cross-site scripting vulnerability (CNVD-2024-0322071)

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

Adobe Experience Manager cross-site scripting vulnerability (CNVD-2024-0270177)

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

Adobe Experience Manager cross-site scripting vulnerability (CNVD-2023-10112062)

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...