PT-2024-37337 · Unknown · Feng Office

Name of the Vulnerable Software and Affected Versions: Feng Office version 3.11.1.2 Description: A critical issue was found in the Workspaces component, where the manipulation of the dim argument leads to SQL injection. This can be exploited remotely. Recommendations: For Feng Office version...

PT-2024-5494 · Admidio · Admidio

Name of the Vulnerable Software and Affected Versions: Admidio versions prior to 4.3.9 Description: The issue is related to an SQL Injection in the /adm program/modules/ecards/ecard send.php source file of the Admidio Application. This SQL Injection results in a compromise of the application's...

Vulnerability fixed in Fortinet FortiOS

Fortinet has fixed vulnerabilities in FortiOS. A malicious party can exploit the vulnerabilities to execute arbitrary code on the vulnerable system through a Cross-Site-Scripting attack, or through SQL-Injection. Also, a malicious party can bypass security measures and thus allow traffic to pass...

The vulnerability of the plugin for Email Subscribers in the WordPress content management system allows a hacker to add additional SQL queries to existing ones and exploit the vulnerable information.

The vulnerability of the WordPress content management system’s plugin for email subscribers relates to the lack of security measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor to insert additional SQL queries into existing ones, thereby exposing the...

Apache Submarine SQL Injection Vulnerability

Apache Submarine is a cloud-native machine learning platform from the Apache USA Foundation. An SQL injection vulnerability exists in Apache Submarine Server Core, which stems from improper neutralization of the particular element used...

SuiteCRM Security Breach

SuiteCRM is a customer relationship management system from the SuiteCRM team. A security vulnerability exists in SuiteCRM. An attacker exploiting this vulnerability could perform a SQL injection attack...

WordPress plugin Tutor LMS security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PT-2024-6312 · Ivanti · Ivanti Epm

Name of the Vulnerable Software and Affected Versions: Ivanti EPM versions prior to 2022 SU6 Ivanti EPM versions prior to the 2024 September update Description: The issue is related to an unspecified SQL injection in Ivanti EPM, which allows a remote authenticated attacker with admin privileges t...

Ivanti EPM SQL注入漏洞

Ivanti EPM is a one-stop shop for managing user profiles and all client devices from Ivanti USA. An SQL injection vulnerability exists in Ivanti EPM 2022 SU5 and prior versions, which can be exploited by an attacker to execute arbitrary code...

Vadi Corporate Information Systems SQL注入漏洞

Vadi Corporate Information Systems is an information system of Vadi Corporation. Vadi Corporate Information Systems DIGIKENT GIS 2.23.5 and prior versions are vulnerable to a SQL injection vulnerability that stems from the presence of a SQL injection vulnerability...

Campcodes Complete Web-Based School Management System 安全漏洞

Campcodes Complete Web-Based School Management System is a Web-based school management system from Campcodes, Inc. A security vulnerability exists in Complete Web-Based School Management System version 1.0. An attacker can exploit this vulnerability to execute arbitrary SQL commands via the id...

WordPress plugin KKProgressbar2 Free 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

The vulnerability of the Ivanti EPM 2022 SU5 endpoint management software lies in its lack of measures to neutralize special elements used in the operating system’s command set. This allows a perpetrator to execute arbitrary code.

The vulnerability of the Ivanti EPM 2022 SU5 endpoint management software exists due to the failure to take measures to neutralize special elements used in the operating system’s command set. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by injecting specially...

The vulnerability in the web interface of Cisco Firepower Management Center’s software for network management allows a perpetrator to execute arbitrary code.

The vulnerability of the web interface for managing Cisco Firepower Management Center FMC software involves a lack of measures to protect the SQL query structure. Exploiting this vulnerability allows an attacker to execute arbitrary code by injecting a specially crafted SQL query remotely...

School Intramurals Student Attendance Management System SQL注入漏洞

School Intramurals Student Attendance Management System is an on-campus student attendance management system by the individual developer oretnom23. A SQL injection vulnerability exists in SourceCodester School Intramurals Student Attendance Management System version 1.0, which originates from...

Facebook News Feed Like SQL注入漏洞

Facebook News Feed Like is a Facebook-like application by oretnom23 Individual Developer. A SQL injection vulnerability exists in Facebook News Feed Like version 1.0, which stems from the fact that incorrect manipulation of the parameter page can lead to sql injection...

J2EEFAST 安全漏洞

J2eeFAST is a Java EE enterprise-class rapid development platform , is committed to building the best small and medium-sized open source free back-end framework platform . J2EEFAST v2.7.0 version of the SQL injection vulnerability , the vulnerability stems from SysMsgPushMapper.xml findPage...

CVE-2023-51637

Sante PACS Server PG Patient Query SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sante PACS Server PG. Authentication is not required to exploit this vulnerability. The specific flaw exists with...

Vulnerabilities fixed in Atlassian products

Atlassian has fixed vulnerabilities in several products, including Jira, Confluence and Bitbucket. A malicious party can exploit the vulnerabilities to launch attacks that can lead to the following categories of damage: - Cross-Site Request Forgery XSRF - Denial-of-Service DoS. - Circumvention of...

WordPress Media Library Assistant plugin <= 3.15 - Authenticated (Contributor+) SQL Injection via Shortcode vulnerability

Authenticated Contributor+ SQL Injection via Shortcode vulnerability discovered by Thanh Nam Tran in WordPress Plugin Media LIbrary Assistant versions = 3.15...