CVE-2024-5114

A vulnerability classified as critical has been found in Campcodes Complete Web-Based School Management System 1.0. Affected is an unknown function of the file /view/teacherattendancehistory1.php. The manipulation of the argument index leads to sql injection. It is possible to launch the attack...

Event Registration System SQL注入漏洞

Event Registration System is a QR code based event registration system by Carlo Montero, an individual developer. An SQL injection vulnerability exists in Event Registration System version 1.0, which originates from an unknown function in Portal.php that causes SQL injection via the...

PT-2024-34538 · Unknown · Campcodes Complete Web-Based School Management System

Name of the Vulnerable Software and Affected Versions: Campcodes Complete Web-Based School Management System version 1.0 Description: A critical issue was found in the system, affecting an unknown functionality of the file /view/teacher profile.php. The manipulation of the index argument leads to...

PT-2024-4021 · Ivanti · Ivanti Neurons For Itsm

Name of the Vulnerable Software and Affected Versions: Ivanti Neurons for ITSM affected versions not specified Description: The issue is related to a SQL injection vulnerability in the web component of Ivanti Neurons for ITSM, due to inadequate protection of the SQL query structure. This...

PT-2024-34495 · Unknown · Campcodes Complete Web-Based School Management System

Name of the Vulnerable Software and Affected Versions: Campcodes Complete Web-Based School Management System version 1.0 Description: A critical issue has been found in the system, affecting an unknown functionality of the file /view/student first payment.php. The manipulation of the grade argume...

Multiple vulnerabilities in Field Logic DataCube

Overview DataCube provided by Field Logic Inc. contains multiple vulnerabilities listed below. Direct Request 'Forced Browsing' CWE-425 - CVE-2024-25830 Reflected cross-site scripting CWE-79 - CVE-2024-25831 Unrestricted upload of file with dangerous type CWE-434 - CVE-2024-25832 SQL injection...

CVE-2024-4925

A vulnerability was found in SourceCodester School Intramurals Student Attendance Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /intramssams/managecourse.php. The manipulation of the argument id leads to sql injection. The attack may be...

SiAdmin SQL注入漏洞

SiAdmin is an application. SiAdmin version 1.1 suffers from a SQL injection vulnerability that stems from the presence of a SQL injection vulnerability that allows a remote attacker to send a specially crafted SQL query to the system and retrieve all the information stored in it...

Simple Online Bidding System SQL Injection Vulnerability

Simple Online Bidding System is an online bidding system by oretnom23 individual developer. A SQL injection vulnerability exists in Simple Online Bidding System version 1.0, which stems from an incorrect manipulation of the parameter id that can lead to sql injection...

PT-2024-33471 · Sourcecodester · Sourcecodester Simple Online Bidding System

Name of the Vulnerable Software and Affected Versions: SourceCodester Simple Online Bidding System version 1.0 Description: A critical issue has been found in the system, affecting an unknown functionality of the file /simple-online-bidding-system/admin/index.php?page=manage product. The...

CVE-2024-34955

Code-projects Budget Management 1.0 is vulnerable to SQL Injection via the delete parameter...

PT-2024-33333 · Campcodes · Campcodes Online Examination System

Name of the Vulnerable Software and Affected Versions: Campcodes Online Examination System version 1.0 Description: A critical issue has been found in the system, affecting the file addExamExe.php. The manipulation of the examTitle argument leads to SQL injection. It is possible to initiate the...

TONGDA Office Anywhere SQL注入漏洞

TONGDA Office Anywhere is a collaborative office OA system. A SQL injection vulnerability exists in TONGDA Office Anywhere 2017, which stems from the fact that incorrect operation of the parameter MIDSTR can lead to sql injection...

CVE-2024-4801

A vulnerability was found in Kashipara College Management System 1.0 and classified as critical. This issue affects some unknown processing of the file submitnewfaculty.php. The manipulation of the argument address leads to sql injection. The attack may be initiated remotely. The exploit has been...

DEBIAN-CVE-2024-31460

Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, some of the data stored in automationtreerules.php is not thoroughly checked and is used to concatenate the SQL statement in createallheadernodes function from lib/apiautomation.php , finally resulti...

Cyber Power Systems PowerPanel Enterprise 安全漏洞

Cyber Power Systems PowerPanel Enterprise is a software program from Cyber Power Systems designed to provide real-time PUE, PUE trends, and total energy use trends. A security vulnerability exists in Cyber Power Systems PowerPanel Enterprise prior to version v2.8.3 that stems from an SQL injectio...

Cyber Power Systems PowerPanel Enterprise 安全漏洞

Cyber Power Systems PowerPanel Enterprise is a software program from Cyber Power Systems designed to provide real-time PUE, PUE trends, and total energy use trends. A security vulnerability exists in Cyber Power Systems PowerPanel Enterprise prior to version v2.8.3 that stems from an SQL injectio...

PT-2024-3341 · F5 · Big-Ip Next Central Manager

Name of the Vulnerable Software and Affected Versions: F5 BIG-IP Next Central Manager affected versions not specified Description: An SQL injection vulnerability exists in the BIG-IP Next Central Manager API. This vulnerability allows an unauthenticated attacker to conduct a remote attack and gai...

RuvarOA 安全漏洞

RuvarOA is an office automation system of Ruvar China. A SQL injection vulnerability exists in RuvarOA v6.01 and v12.01, which is caused by the lack of validation of the officemissiveid parameter in the /WorkFlow/wfworkformsave.aspx file against external SQL input. An attacker can exploit this...

RuvarOA 安全漏洞

RuvarOA is an office automation system of China Ruvar Company. A security vulnerability exists in RuvarOA v6.01 and v12.01, which is caused by a SQL injection vulnerability in the btid parameter of the /include/getdict.aspx file...