SourceCodester Best House Rental Management System SQL注入漏洞

SourceCodester Best House Rental Management System is a house rental management system from SourceCodester. A SQL injection vulnerability exists in SourceCodester Best House Rental Management System version 1.0, which is caused by SQL injection of the parameters firstname/lastname/email...

PT-2024-39363 · Unknown · Sourcecodester Best Online News Portal

Name of the Vulnerable Software and Affected Versions: SourceCodester Best Online News Portal version 1.0 Description: A critical vulnerability was found in the Comment Section of the SourceCodester Best Online News Portal. The issue affects unknown code in the file /news-details.php. The...

PT-2024-37271 · Eliz · Eliz Software Panel

Name of the Vulnerable Software and Affected Versions: Eliz Software Panel versions prior to 2.3.24 Description: The issue is related to an SQL Injection vulnerability, which allows for Command Line Execution through SQL Injection. This is due to the improper neutralization of special elements us...

PT-2024-30831 · Unknown · Spiffy Calendar

Name of the Vulnerable Software and Affected Versions: Spiffy Calendar versions through 4.9.12 Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL Injection attacks. Recommendations: For...

PT-2024-7015 · Navidrome · Navidrome

Name of the Vulnerable Software and Affected Versions: Navidrome versions prior to 0.53.0 Description: The issue is related to SQL Injection and Authentication Bypass in Navidrome Music Server. Navidrome automatically adds parameters in the URL to SQL queries, which can be exploited to access...

ORDAT FOSS-Online 安全漏洞

ORDAT FOSS-Online is an enterprise resource management solution from ORDAT. A security vulnerability exists in ORDAT FOSS-Online versions prior to 2.24.01, which stems from the Forgot Password feature containing a SQL injection vulnerability...

Renwoxing Enterprise Intelligent Management System 安全漏洞

Renwoxing Enterprise Intelligent Management System is an Enterprise Intelligent Management System from Renwoxing, China. A security vulnerability exists in Renwoxing Enterprise Intelligent Management System versions prior to 3.0, which originates from a SQL injection vulnerability in the parid...

PT-2024-13441 · Undefined · Undefined

SageCRM Directory Traversal, SQL Injection and Server-Side Request Forgery CVEs: CVE-2023-47300, CVE-2023-47301, CVE-2023-47302,CVE-2023-47303 https://t.co/HSou9Momct...

PT-2024-13439 · Undefined · Undefined

SageCRM Directory Traversal, SQL Injection and Server-Side Request Forgery CVEs: CVE-2023-47300, CVE-2023-47301, CVE-2023-47302,CVE-2023-47303 https://t.co/HSou9Momct...

VICIdial SQL注入漏洞

VICIdial is a software suite from VICIdial, Inc. designed to interact with the Asterisk open source Pbx telephony system as a complete inbound/outbound contact center suite with inbound email support. A security vulnerability exists in VICIdial that stems from allowing plain text credentials to b...

CVE-2024-6924

The TrueBooker WordPress plugin before 1.0.3 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection...

Online Food Menu SQL注入漏洞

Online Food Menu is an online food menu by rems individual developer. A SQL injection vulnerability exists in Online Food Menu version 1.0, which originates from a SQL injection vulnerability in the menu parameter of the /endpoint/delete-menu.php file...

PT-2024-38987

Name of the Vulnerable Software and Affected Versions: FlyCASS CASS and KCM systems affected versions not specified Description: The issue is related to a flaw in SQL query filtering in FlyCASS CASS and KCM systems, making them vulnerable to attack by outside attackers with no authentication. Thi...

PHPGurukul Job Portal SQL注入漏洞

PHPGurukul Job Portal is a PHP-based job search website system from PHPGurukul. A SQL injection vulnerability exists in PHPGurukul Job Portal version 1.0, which originates from the search parameter in /jobportal/index.php...

PT-2024-39032 · Unknown · Job Portal

Name of the Vulnerable Software and Affected Versions: JobPortal affected versions not specified Description: The issue is related to a SQL injection vulnerability. An attacker could send a specially designed query through the user id parameter in the "/jobportal/admin/user/controller.php" endpoi...

WordPress plugin Viral Signup 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

CVE-2024-43776

SQL Injection in mock exam function of Easytest Online Test Platform ver.24E01 and earlier allow remote authenticated users to execute arbitrary SQL commands via the qlevel parameter...

PT-2024-30644 · Unknown · Easytest Online Test Platform

Name of the Vulnerable Software and Affected Versions: Easytest Online Test Platform versions prior to ver.24E01 Description: The issue allows remote attackers to execute arbitrary SQL commands via the uid parameter in the download student learning course function. This enables attackers to...

Computer Laboratory Management System SQL注入漏洞

Computer Laboratory Management System is an open source computer laboratory management system from SourceCodester. A SQL injection vulnerability exists in Computer Laboratory Management System version 1.0, which originates from a SQL injection vulnerability in the name parameter of the...

Sweet-CMS SQL注入漏洞

Sweet-CMS is a high performance backend management system built on a powerful technology stack of Gin, GORM, Redis, Casbin, Viper, etc. by master-nan individual developer. Sweet-CMS 5f441e022b8876f07cde709c77b5be6d2f262e3f and prior versions suffer from a SQL injection vulnerability that originat...