PT-2024-38944 · Gether Technology · 6Shr System

Name of the Vulnerable Software and Affected Versions: 6SHR system from Gether Technology affected versions not specified Description: The 6SHR system from Gether Technology does not properly validate the specific page parameter, allowing remote attackers with regular privilege to inject SQL...

PT-2024-28596 · Unknown · Salon Booking System

Name of the Vulnerable Software and Affected Versions: Salon Booking System versions n/a through 10.7 Description: The issue is related to an SQL Injection problem caused by improper handling of special elements in an SQL command. This allows for SQL Injection attacks, which can potentially lead ...

WordPress plugin Propovoice Pro SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection...

SportsNET SQL注入漏洞

SportsNET is a sports event network application from SportsNET, Inc. SportsNET suffers from a SQL injection vulnerability that can be exploited by an attacker to retrieve, update, and delete all information in the database via a specially crafted SQL query...

WordPress Relevanssi Live Ajax Search plugin <= 2.4 - Unauthenticated WP_Query Argument Injection vulnerability

Unauthenticated WPQuery Argument Injection vulnerability discovered by scottaglia in WordPress Plugin Relevanssi Live Ajax Search versions = 2.4...

CVE-2024-4872

A vulnerability exists in the query validation of the MicroSCADA Pro/X SYS600 product. If exploited this could allow an authenticated attacker to inject code towards persistent data. Note that to successfully exploit this vulnerability an attacker must have a valid credential...

SourceCodester E-Commerce Website SQL注入漏洞

SourceCodester E-Commerce Website is a SourceCodester open source application. A PHP e-commerce website project for bookstores. A SQL injection vulnerability exists in SourceCodester E-Commerce Website version 1.0, which stems from the manipulation of the parameter fname in the file...

CVE-2024-8167

A vulnerability was found in code-projects Job Portal 1.0. It has been classified as critical. Affected is an unknown function of the file /forget.php. The manipulation of the argument email/mobile leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclose...

Centreon Web 安全漏洞

Centreon Web is a set of open source system monitoring tools from the French company Centreon . The product provides monitoring capabilities for network, system and application resources. A security vulnerability exists in Centreon Web that stems from a SQL injection vulnerability in the service...

PT-2024-5844 · Centreon · Centreon Web

Name of the Vulnerable Software and Affected Versions: Centreon Web versions 22.10.0 through 22.10.22 Centreon Web versions 23.04.0 through 23.04.18 Centreon Web versions 23.10.0 through 23.10.12 Centreon Web versions 24.04.0 through 24.04.2 Description: A SQL Injection vulnerability exists in th...

ZOHO ManageEngine ADAudit Plus 安全漏洞

ZOHO ManageEngine ADAudit Plus is ZOHO's solution for simplifying audits, proving compliance and detecting threats. ZOHO ManageEngine ADAudit Plus prior to version 8000 suffers from a SQL injection vulnerability that can be exploited by an attacker to execute custom queries and access database...

Kashipara Bus Ticket Reservation System 安全漏洞

Kashipara Bus Ticket Reservation System is a bus reservation system from Kashipara. A SQL injection vulnerability exists in Kashipara Bus Ticket Reservation System v1.0, which stems from the application's lack of validation of externally-entered SQL statements, and can be exploited by a remote...

CVE-2024-7651

The App Builder – Create Native Android & iOS Apps On The Flight plugin for WordPress is vulnerable to limited SQL Injection via the ‘app-builder-search’ parameter in all versions up to, and including, 4.2.6 due to insufficient escaping on the user supplied parameter and lack of sufficient...

CVE-2024-7780

The Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder plugin for WordPress is vulnerable to generic SQL Injection via the id parameter in versions 2.0 to 2.13.9 due to insufficient escaping on the user-supplied parameter and la...

itsourcecode Project Expense Monitoring System SQL注入漏洞

Project Expense Monitoring System is itsourcecode open source project expense monitoring system. The SQL injection vulnerability exists in itsourcecode Project Expense Monitoring System version 1.0, which originates from a SQL injection vulnerability in the transferid parameter of the...

Hertzbeat 安全漏洞

Hertzbeat is an open source real-time monitoring system. A SQL injection vulnerability exists in Hertzbeat versions prior to 1.6.0 that stems from the application's lack of validation of externally entered SQL statements. An attacker can exploit this vulnerability to execute illegal SQL commands ...

PT-2024-38612

Name of the Vulnerable Software and Affected Versions: The Shopping Cart & eCommerce Store plugin for WordPress versions up to, and including, 5.7.2 Description: The issue is related to boolean-based SQL Injection via the model number parameter due to insufficient escaping on the user-supplied...

CVE-2024-43286

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Squirrly SEO Plugin by Squirrly SEO.This issue affects SEO Plugin by Squirrly SEO: from n/a through 12.3.19...

Vtiger CRM 安全漏洞

Vtiger CRM is a customer relationship management system CRM developed based on SugarCRM by Vtiger USA. The management system provides functions such as managing, collecting, and analyzing customer information. A security vulnerability exists in Vtiger CRM version 8.1.0 and prior versions, which...

PT-2024-38597 · Sourcecodester · Sourcecodester Online Graduate Tracer System

Name of the Vulnerable Software and Affected Versions: SourceCodester Online Graduate Tracer System version 1.0 Description: A critical issue affects some unknown functionality of the file /tracking/admin/view itprofile.php. The manipulation of the id argument leads to SQL injection. The attack c...