PT-2024-16067 · Unknown · Phpgurukul Boat Booking System

Name of the Vulnerable Software and Affected Versions: PHPGurukul Boat Booking System version 1.0 Description: A critical issue was found in the PHPGurukul Boat Booking System, affecting some unknown functionality of the file status.php of the component Check Booking Status Page. The manipulation...

PT-2024-16080 · Unknown · Codezips Sales Management System

Name of the Vulnerable Software and Affected Versions: Codezips Sales Management System version 1.0 Description: A critical vulnerability has been found in the Codezips Sales Management System. This issue affects an unknown part of the file deletecustind.php. The manipulation of the argument id...

EsafeNet CDG SQL注入漏洞

EsafeNet CDG is a document security management system from EsafeNet. EsafeNet CDG V5 version has a SQL injection vulnerability, which originates from the parameter id of the file /com/esafenet/servlet/client/MailDecryptApplicationService.java, which can lead to SQL injection...

VulnCheck KEV: CVE-2024-8877

Improper neutralization of special elements results in a SQL Injection vulnerability in Riello Netman 204. It is only limited to the SQLite database of measurement data.This issue affects Netman 204: through 4.05...

TAI Smart Factory QPLANT SF SQL注入漏洞

TAI Smart Factory QPLANT SF is a tool for managing and controlling production execution from TAI Smart Factory, Inc. A SQL injection vulnerability exists in TAI Smart Factory QPLANT SF version 1.0, which originates from allowing a remote attacker to retrieve all database information by sending a...

ESi AIM LINE Marketing Platform SQL注入漏洞

ESi AIM LINE Marketing Platform is a marketing platform from ESi, Inc. A SQL injection vulnerability exists in ESi AIM LINE Marketing Platform versions 3.3.0 through 5.8.4, which stems from failure to properly validate a specific query parameter, and when the LINE Marketing module is enabled, an...

PT-2024-33055 · Wavelog · Wavelog

Name of the Vulnerable Software and Affected Versions: Wavelog version 1.8.5 Description: The issue allows SQL injection via the band, sat, propagation, or mode variables in the get band confirmed function of Gridmap model.php. This can potentially lead to unauthorized access or manipulation of...

PT-2024-38074 · Netease Youdao · Qanything

Name of the Vulnerable Software and Affected Versions: netease-youdao/qanything version 1.4.1 Description: The issue concerns a SQL injection vulnerability where unsafe data obtained from user input is concatenated in SQL queries. This affects functions including get knowledge base name, from...

CVE-2024-9156

The TI WooCommerce Wishlist WordPress plugin through 2.8.2 is vulnerable to SQL Injection due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries...

CVE-2024-9560

A vulnerability was found in ESAFENET CDG V5. It has been rated as critical. Affected by this issue is the function delCatelogs of the file /CDGServer3/document/Catelogs;logindojojs?command=DelCatelogs. The manipulation of the argument id leads to sql injection. The attack may be launched remotel...

SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection due to the improper neutralization of special elements such as backticks in SQL commands. Remediation Upgrade mediawiki/cargo to version 3.7 or higher. References - Gerrit Mediawiki - GitHub Commit - Wikimedia Phabricator...

CVE-2024-42417

Delta Electronics DIAEnergie is vulnerable to an SQL injection in the script HandlerCFG.ashx. An authenticated attacker may be able to exploit this issue to cause delay in the targeted product...

WordPress plugin Cost Calculator Builder SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection vulnerabili...

Advocate Office Management System SQL注入漏洞

Advocate Office Management System is an office management system by Mayuri K. Individual Developer. A SQL injection vulnerability exists in Advocate Office Management System version 1.0, which originates from an SQL injection vulnerability in the id parameter of the /control/editclient.php page...

PT-2024-32275 · Ipswitch · Whatsup Gold

Name of the Vulnerable Software and Affected Versions: WhatsUp Gold versions prior to 2024.0.1 Description: A SQL Injection issue allows an authenticated lower-privileged user, with at least Network Manager permissions, to achieve privilege escalation to the admin account. This is related to the...

PT-2024-39549 · Unknown · Dingfanzu Cms

Name of the Vulnerable Software and Affected Versions: dingfanzu CMS up to 29d67d9044f6f93378e6eb6ff92272217ff7225c Description: A critical issue has been found in the software, affecting some unknown functionality of the file saveNewPwd.php. The manipulation of the username argument leads to sql...

CVE-2024-7385

The WordPress Simple HTML Sitemap plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter in all versions up to, and including, 3.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible f...

WordPress plugin The Events Calendar SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection vulnerability...

SourceCodester Modern Loan Management System SQL注入漏洞

SourceCodester Modern Loan Management System is a modern loan management system from SourceCodester open source. A SQL injection vulnerability exists in SourceCodester Modern Loan Management System version 1.0, which stems from an incorrect operation of the parameter searchMember that can result ...

PT-2024-39412 · Unknown · Code-Projects Student Record System

Name of the Vulnerable Software and Affected Versions: code-projects Student Record System version 1.0 Description: A critical issue has been found in the code-projects Student Record System, affecting unknown code in the file /course.php. The manipulation of the coursename argument leads to SQL...