Ivanti Endpoint Manager 安全漏洞

Ivanti Endpoint Manager is a comprehensive endpoint management solution developed by Ivanti to unify the management of all types of devices in an enterprise network, including Windows, macOS, Linux, ChromeOS, mobile devices and IoT devices. An SQL injection vulnerability exists in Ivanti Endpoint...

WordPress Horsemanager plugin <= 1.3 - SQL Injection vulnerability

SQL Injection vulnerability discovered by LVT-tholv2k Patchstack Alliance in WordPress Plugin Horsemanager versions = 1.3...

Sourcecodester Cab Management System 安全漏洞

Sourcecodester Cab Management System is an open source cab management system from Sourcecodester. A security vulnerability exists in Sourcecodester Cab Management System version 1.0, which originates from an SQL injection vulnerability contained in the id parameter in manageclient.php and...

Codezips Hospital Appointment System 注入漏洞

Codezips Hospital Appointment System is Codezips open source a hospital appointment system. An injection vulnerability exists in Codezips Hospital Appointment System version 1.0, which stems from the parameter Name in the file /removeDoctorResult.php that can cause SQL injection...

Devtron SQL注入漏洞

Devtron is a Kubernetes cloud-native tool integration platform open-sourced by Devtron. A SQL injection vulnerability exists in Devtron prior to version 0.7.2, which stems from an authenticated user being able to execute malicious SQL queries via the CreateUser interface...

PT-2024-16683 · Sourcecodester · Sourcecodester Online Veterinary Appointment System

Name of the Vulnerable Software and Affected Versions: SourceCodester Online Veterinary Appointment System version 1.0 Description: A critical vulnerability was found in the SourceCodester Online Veterinary Appointment System. This issue affects the file /admin/services/view service.php, where th...

dify tools vanna has pandas query inject

This report is not public...

WordPress WP EIS plugin <= 1.3.3 - SQL Injection vulnerability

SQL Injection vulnerability discovered by LVT-tholv2k Patchstack Alliance in WordPress Plugin WP EIS versions = 1.3.3...

PT-2024-16413 · Tongda Oa · Tongda Oa

Name of the Vulnerable Software and Affected Versions: Tongda OA versions up to 11.10 Description: A critical vulnerability was found in Tongda OA, affecting the file /pda/workflow/check seal.php. The manipulation of the ID argument leads to SQL injection. The attack can be initiated remotely...

SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection through the GraphCypherQAChain class. An attacker can manipulate, delete, or create data, disrupt services, and compromise database integrity by injecting malicious SQL commands into prompts. Note: This vulnerability impac...

LangChain SQL注入漏洞

LangChain is a LangChain open source framework for developing applications powered by the Large Language Model LLM. A SQL injection vulnerability exists in LangChain version 0.2.5, which stems from SQL injection that can be achieved via prompt injection and could lead to unauthorized data...

LangChain.js SQL注入漏洞

LangChain.js is a build context-aware reasoning application open-sourced by LangChain. An SQL injection vulnerability exists in LangChain.js version 0.2.5 and earlier, which stems from allowing on-the-fly injection, which leads to SQL injection, which allows an attacker to create, update, or dele...

Codezips Hospital Appointment System SQL注入漏洞

Codezips Hospital Appointment System is a Codezips open source hospital appointment system. Codezips Hospital Appointment System version 1.0 suffers from a SQL injection vulnerability that originates from the parameter Username in the file /loginAction.php that can lead to SQL injection...

WordPress Woocommerce Quote Calculator plugin <= 1.1 - SQL Injection vulnerability

SQL Injection vulnerability discovered by LVT-tholv2k Patchstack Alliance in WordPress Plugin Woocommerce Quote Calculator versions = 1.1...

FunAdmin 安全漏洞

FunAdmin is FunAdmin open source development based on ThinkPHP6 + Layui development of a lightweight high-color backend development system. A security vulnerability exists in FunAdmin version 5.0.2, which originates from an SQL injection vulnerability in the parentField parameter of the index...

CVE-2024-10350

A vulnerability was found in code-projects Hospital Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/add-doctor.php. The manipulation of the argument docname leads to sql injection. The attack can be initiated remotely. The exploi...

CVE-2024-35286

A vulnerability in NuPoint Messenger NPM of Mitel MiCollab through 9.8.0.33 allows an unauthenticated attacker to conduct a SQL injection attack due to insufficient sanitization of user input. A successful exploit could allow an attacker to access sensitive information and execute arbitrary...

CVE-2024-47189

The API Interface of the AWV Audio, Web and Video Conferencing component of Mitel MiCollab through 9.8 SP1 FP2 9.8.1.201 could allow an unauthenticated attacker to conduct SQL injection due to insufficient sanitization of user input. A successful exploit could allow an attacker with knowledge of...

WordPress plugin SW Contact Form SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection vulnerabili...

PT-2024-16069 · Unknown · Phpgurukul Boat Booking System

Name of the Vulnerable Software and Affected Versions: PHPGurukul Boat Booking System version 1.0 Description: A critical issue has been found in the Sign In Page component of the PHPGurukul Boat Booking System, specifically in the /admin/index.php file. The manipulation of the username argument...