2828 matches found
CVE-2024-39250
EfroTech Timetrax v8.3 was discovered to contain an unauthenticated SQL injection vulnerability via the q parameter in the search web interface...
WordPress ListingPro plugin <= 2.9.4 - SQL Injection vulnerability
SQL Injection vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin ListingPro versions = 2.9.4...
PT-2024-37839 · Aguardnet · Aguardnet'S Space Management System
Name of the Vulnerable Software and Affected Versions: AguardNet's Space Management System affected versions not specified Description: The issue allows unauthenticated remote attackers to inject arbitrary SQL commands, enabling them to read, modify, and delete database contents due to improper...
PT-2024-37796 · Unknown · My-Springsecurity-Plus
Name of the Vulnerable Software and Affected Versions: witmy my-springsecurity-plus up to 2024-07-04 Description: A critical issue was found in the software, affecting an unknown functionality of the file "/api/dept/build". The manipulation of the params.dataScope argument leads to SQL injection...
pgjdbc: PostgreSQL JDBC Driver allows attacker to inject SQL if using PreferQueryMode=SIMPLE
A flaw was found in the PostgreSQL JDBC Driver. A SQL injection is possible when using the non-default connection property preferQueryMode=simple in combination with application code that has a vulnerable SQL that negates a parameter value...
CVE-2024-39027
SeaCMS v12.9 has an unauthorized SQL injection vulnerability. The vulnerability is caused by the SQL injection through the cid parameter at /js/player/dmplayer/dmku/index.php?ac=edit, which can cause sensitive database information to be leaked...
VulnCheck KEV: CVE-2024-31750
SQL injection vulnerability in f-logic datacube3 v.1.0 allows a remote attacker to obtain sensitive information via the reqid parameter...
CVE-2024-6452
A vulnerability classified as critical was found in linlinjava litemall up to 1.8.0. Affected by this vulnerability is an unknown functionality of the file AdminGoodscontroller.java. The manipulation of the argument goodsId/goodsSn/name leads to sql injection. The attack can be launched remotely...
The vulnerability of the orderadd.php file in the Tailoring Management System allows a hacker to execute arbitrary SQL code.
The vulnerability of the orderadd.php file in the Tailoring Management System is related to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows an attacker who operates remotely to execute arbitrary SQL code through the customer parameter...
WordPress plugin UsersWP security vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...
ca: token authentication bypass vulnerability
A flaw was found in dogtag-pki and pki-core. The token authentication scheme can be bypassed with a LDAP injection. By passing the query string parameter sessionID=, an attacker can authenticate with an existing session saved in the LDAP directory server, which may lead to escalation of privilege...
Fortra FileCatalyst Security Vulnerability
Fortra FileCatalyst is a file transfer acceleration solution from Fortra, Inc. designed to accelerate and optimize file transfers across global networks. A security vulnerability exists in Fortra FileCatalyst Workflow 5.1.6 Build 135 and prior versions, which stems from the presence of a SQL...
School-Management-System SQL Injection Vulnerability
School-Management-System is a school management system by the individual developer Lahiru Danushka. A SQL injection vulnerability exists in School-Management-System version 1.0.0, 1.0.1, which stems from an incorrect operation of the parameter update that can lead to sql injection...
CVE-2024-6253
A vulnerability was found in itsourcecode Online Food Ordering System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /purchase.php. The manipulation of the argument customer leads to sql injection. The attack may be launched remotely. The exploit...
PT-2024-37496 · Unknown · Pear Admin Boot
Name of the Vulnerable Software and Affected Versions: Pear Admin Boot versions up to 2.0.2 Description: A critical vulnerability has been found in Pear Admin Boot, affecting an unknown function of the file /system/dictData/loadDictItem. The manipulation leads to sql injection, and it is possible...
PT-2024-37485 · Unknown · Sourcecodester Online Food Ordering System
Name of the Vulnerable Software and Affected Versions: itsourcecode Online Food Ordering System version 1.0 Description: A critical issue was found in the itsourcecode Online Food Ordering System, affecting some unknown functionality of the file /purchase.php. The manipulation of the customer...
OpenCart 安全漏洞
OpenCart is an open source online store management system for creating and managing e-commerce websites. It is known for its user-friendliness and flexibility for online stores of different sizes. OpenCart suffers from an SQL injection vulnerability that stems from the presence of an SQL injectio...
CVE-2024-6218
A vulnerability, which was classified as critical, has been found in itsourcecode Vehicle Management System 1.0. Affected by this issue is some unknown functionality of the file busprofile.php. The manipulation of the argument busid leads to sql injection. The attack may be launched remotely. The...
PrestaShop Security Breach
PrestaShop is an open source e-commerce solution from the American company PrestaShop. The solution provides multiple payment methods, short message alerts and product image zoom. PrestaShop Bulk Export products to Google Merchant - A security vulnerability exists in Google Shopping version 1.0.2...
PrestaShop Security Breach
PrestaShop is an open source e-commerce solution from the American company PrestaShop. The solution provides multiple payment methods, short message alerts and product image zoom. A security vulnerability exists in PrestaShop Channable 3.2.1 and earlier versions, which stems from the presence of...