CVE-2022-46163

Travel support program is a rails app to support the travel support program of openSUSE TSP. Sensitive user data bank account details, password Hash can be extracted via Ransack query injection. Every deployment of travel-support-program below the patched version is affected. The...

PT-2025-4633 · Unknown · Notfound Traveler Code

Name of the Vulnerable Software and Affected Versions: NotFound Traveler Code versions n/a through 3.1.0 Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows malicious SQL commands to be executed...

WeGIA SQL注入漏洞

WeGIA is a web manager for welfare organizations by the individual developer Nilson Lazarin. An SQL injection vulnerability exists in WeGIA 3.2.11 and prior versions that originates from allowing an authorized attacker to execute arbitrary SQL queries that could allow access to or delete sensitiv...

WeGIA SQL注入漏洞

WeGIA is a web manager for welfare organizations by the individual developer Nilson Lazarin. An SQL injection vulnerability exists in WeGIA 3.2.11 and prior versions that originates from allowing an authorized attacker to execute arbitrary SQL queries that could allow access to or delete sensitiv...

PT-2025-4115 · Unknown · Code-Projects Chat System

Name of the Vulnerable Software and Affected Versions: code-projects Chat System version 1.0 Description: A critical issue affects some unknown processing of the file /user/add chatroom.php. The manipulation of the argument chatname/chatpass leads to SQL injection. The attack may be initiated...

itsourcecode Tailoring Management System 安全漏洞

itsourcecode Tailoring Management System is a tailoring management system from itsourcecode open source. A security vulnerability exists in version 1.0 of itsourcecode Tailoring Management System, which stems from a parameter typeid in the file partview.php that can lead to SQL injection...

CVE-2024-53357

Multiple SQL injection vulnerabilities in EasyVirt DCScope = 8.6.0 and CO2Scope = 1.3.0 allows remote authenticated attackers, with low privileges, to 1 add an admin user via the /api/user/addalias route; 2 modifiy a user via the /api/user/updatealiasroute; 4 delete users via the /api/user/delali...

Code-Projects Job Recruitment 注入漏洞

Code-Projects Job Recruitment is an open source job portal from Code-Projects. An injection vulnerability exists in Code-Projects Job Recruitment version 1.0, which stems from a manipulation of the parameter n that can lead to SQL injection...

CVE-2025-0861

The VR-Frases collect & share quotes plugin for WordPress is vulnerable to SQL Injection via several parameters in all versions up to, and including, 3.0.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...

WordPress plugin Simple Download Monitor SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection vulnerabili...

GO-CMS 安全漏洞

GO-CMS is an RBAC-based privilege management system by the individual developer Xiaoyuer Xi-Yuer. A security vulnerability exists in GO-CMS version v.1.1.10, which stems from the presence of a SQL injection vulnerability that allows remote attackers to execute arbitrary code via a crafted payload...

PT-2025-5542 · Unknown · Yannick Lefebvre Bug Library

Name of the Vulnerable Software and Affected Versions: Yannick Lefebvre Bug Library versions n/a through 2.1.4 Description: The issue is related to an SQL Injection vulnerability, specifically Improper Neutralization of Special Elements used in an SQL Command, which allows Blind SQL Injection...

Centreon SQL注入漏洞

Centreon is a set of open source system monitoring tools from the French company Centreon . The product provides monitoring capabilities for resources such as networks, systems and applications. A security vulnerability exists in versions of Centreon Web prior to 24.10.3, which originates from an...

WordPress plugin Product Table by WBW SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A SQL injection vulnerability exists in the...

WeGIA SQL注入漏洞

WeGIA is a web manager for welfare organizations by the individual developer Nilson Lazarin. A SQL injection vulnerability exists in WeGIA versions prior to 3.2.9. An attacker can exploit this vulnerability to execute arbitrary SQL commands in the database to access sensitive information...

Ivanti EPM SQL注入漏洞

Ivanti EPM is a one-stop shop for managing user profiles and all client devices from Ivanti USA. Ivanti EPM is vulnerable to a SQL injection vulnerability that stems from the inclusion of a SQL injection vulnerability. Allowing a remote authenticated attacker with administrator privileges to...

Mysiteforme 安全漏洞

Mysiteforme is a permission management system. A SQL injection vulnerability exists in versions of Mysiteforme prior to 2025.01.01, which stems from the lack of validation of the sname parameter in table/list for externally entered SQL statements. An attacker can exploit this vulnerability to...

Chatwoot SQL注入漏洞

Chatwoot is a Chatwoot open source application. Customer Engagement Suite, an open source alternative to Intercom, Zendesk, Salesforce Service Cloud, and more. A SQL injection vulnerability exists in Chatwoot versions prior to 3.16.0 that stems from improper input cleanup and allows an attacker t...

Codezips Project Management System 注入漏洞

Codezips Project Management System is an open source project management system from Codezips. An injection vulnerability exists in Codezips Project Management System version 1.0, which originates from a SQL injection in the parameter name...

PT-2025-3840 · Unknown · Leiyuxi Cy-Fast

Name of the Vulnerable Software and Affected Versions: leiyuxi cy-fast version 1.0 Description: A critical vulnerability exists in the listData function within the /sys/menu/listData file. Manipulation of the argument order leads to a SQL injection, potentially allowing for remote attacks. The...