JeecgBoot SQL注入漏洞

JeecgBoot is a Java low-code platform developed by Jeecg Corporation, designed for enterprise web applications. Version 3.9.0 of JeecgBoot contains a SQL injection vulnerability. This vulnerability arises from incorrect handling of the parameter “keyword” in the file...

CVE-2021-47856

Easy Cart Shopping Cart 2021 contains a non-persistent cross-site scripting vulnerability in the search module's keyword parameter. Remote attackers can inject malicious script code through the search input to compromise user sessions and manipulate application content...

CVE-2025-41005

Imaster's MEMS Events CRM contains an SQL injection vulnerability in‘keyword’ parameter in ‘/memsdemo/exchangeoffers.php’...

CVE-2025-41005

Imaster's MEMS Events CRM contains an SQL injection vulnerability in‘keyword’ parameter in ‘/memsdemo/exchangeoffers.php’...

CVE-2025-41005 Multiple vulnerabilities in Imaster products Open configuration options

Imaster's MEMS Events CRM contains an SQL injection vulnerability in‘keyword’ parameter in ‘/memsdemo/exchangeoffers.php’...

CVE-2025-41005

CVE-2025-41005 affects Imaster’s MEMS Events CRM. The vulnerability is an SQL injection in the keyword parameter of the /memsdemo/exchange_offers.php endpoint, caused by unsafeguarded input handling in that API. Impact is high (potential for unauthorized data access/modification);CVSS v4.0 base s...

CVE-2025-41005 Multiple vulnerabilities in Imaster products Open configuration options

Imaster's MEMS Events CRM contains an SQL injection vulnerability in‘keyword’ parameter in ‘/memsdemo/exchangeoffers.php’...

EUVD-2026-1933

Imaster's MEMS Events CRM contains an SQL injection vulnerability in‘keyword’ parameter in ‘/memsdemo/exchangeoffers.php’...

MEMS - Events CRM SQL注入漏洞

MEMS - Events CRM is a Customer Relationship Management system by the individual developer Nzioka Victor. MEMS - Events CRM suffers from a SQL injection vulnerability that originates in the keyword parameter in /memsdemo/exchangeoffers.php...

PT-2026-2264

Name of the Vulnerable Software and Affected Versions Imaster's MEMS Events CRM affected versions not specified Description The software contains an SQL injection issue in the keyword parameter of the '/memsdemo/exchange offers.php' API endpoint. This allows for potential unauthorized database...

CVE-2009-4316

Cross-site scripting XSS vulnerability in searchresultsmain.php in ZeeLyrics 3x allows remote attackers to inject arbitrary web script or HTML via the keyword parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...

CVE-2022-33094

74cmsSE v3.5.1 was discovered to contain a SQL injection vulnerability via the keyword parameter at /home/job/map...

CVE-2022-33095

74cmsSE v3.5.1 was discovered to contain a SQL injection vulnerability via the keyword parameter at /home/jobfairol/resumelist...

EUVD-2025-205396

A vulnerability was detected in ketr JEPaaS up to 7.2.8. Affected by this vulnerability is the function postilService.loadPostils of the file /je/postil/postil/loadPostil. Performing manipulation of the argument keyWord results in sql injection. Remote exploitation of the attack is possible. The...

CVE-2025-15088 ketr JEPaaS loadPostil postilService.loadPostils sql injection

A vulnerability was detected in ketr JEPaaS up to 7.2.8. Affected by this vulnerability is the function postilService.loadPostils of the file /je/postil/postil/loadPostil. Performing a manipulation of the argument keyWord results in sql injection. Remote exploitation of the attack is possible. Th...

PT-2025-53415

Name of the Vulnerable Software and Affected Versions ketr JEPaaS versions up to 7.2.8 Description A SQL injection issue exists in ketr JEPaaS. The postilService.loadPostils function, located in the file /je/postil/postil/loadPostil, is susceptible to exploitation. Manipulation of the keyWord...

ketr JEPaaS SQL注入漏洞

ketr JEPaaS is a low-code rapid development platform open-sourced by China's ketr ketr. A SQL injection vulnerability exists in ketr JEPaaS 7.2.8 and earlier versions, which stems from incorrect manipulation of the parameter keyWord in the file /je/postil/postil/readAllPostil, which could lead to...

CVE-2024-58276

Obi08/Enrollment System 1.0 contains a SQL injection vulnerability in the keyword parameter of /getsubject.php that allows unauthenticated attackers to execute arbitrary SQL queries. Attackers can use UNION-based injection to extract sensitive information from the users table including usernames...

Enrollment System SQL注入漏洞

Enrollment System is an enrollment system software by Obi08 Individual Developer. A SQL injection vulnerability exists in Enrollment System version 1.0, which originates from SQL injection of the parameter keyword in /getsubject.php, which may result in the extraction of sensitive information...

PT-2025-49132

Obi08/Enrollment System 1.0 contains a SQL injection vulnerability in the keyword parameter of /get subject.php that allows unauthenticated attackers to execute arbitrary SQL queries. Attackers can use UNION-based injection to extract sensitive information from the users table including usernames...