PT-2024-20994 · Ruvaroa · Ruvaroa

Name of the Vulnerable Software and Affected Versions: RuvarOA versions 6.01 through 12.01 Description: A SQL injection issue was discovered via the bt id parameter at the "/include/get dict.aspx" API endpoint. This allows for potential exploitation. No information is provided about the estimated...

RuvarOA 安全漏洞

RuvarOA is an office automation system of Ruvar China. A SQL injection vulnerability exists in RuvarOA v6.01 and v12.01, which is caused by a lack of validation of the idlist parameter of the /WorkFlow/wfworkprint.aspx file against externally entered SQL statements. An attacker can exploit this...

CVE-2024-33164

J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sqlfilter parameter in the authUserList function...

RuvarOA 安全漏洞

RuvarOA is an office automation system of Ruvar China. A SQL injection vulnerability exists in RuvarOA v6.01 and v12.01, which originates from the id parameter of the /bulletin/bulletintemplateshow.aspx file that lacks validation of externally entered SQL statements. An attacker can exploit this...

SEMCMS SQL注入漏洞

SEMCMS is a foreign trade web content management system CMS that supports multiple languages. SEMCMS 4.8 and earlier versions suffer from a SQL injection vulnerability, which stems from the application's lack of validation of external input SQL statements, and can be exploited by attackers to...

PT-2024-25133 · J2Eefast · J2Eefast

Name of the Vulnerable Software and Affected Versions: J2EEFAST version 2.7.0 Description: The issue is related to a SQL injection vulnerability. It occurs via the sql filter parameter in the myProcessList function. Recommendations: For J2EEFAST version 2.7.0, consider restricting access to the...

Campcodes Complete Web-Based School Management System 安全漏洞

Campcodes Complete Web-Based School Management System is a Web-based school management system from Campcodes, Inc. A security vulnerability exists in version 1.0 of the Campcodes Complete Web-Based School Management System, which originates from an SQL injection vulnerability in the myindex...

Delta Electronics DIAEnergie SQL注入漏洞

Delta Electronics DIAEnergie is an industrial energy management system from Delta Electronics, Taiwan, China, for monitoring and analyzing energy consumption in real time, calculating energy consumption and load characteristics, optimizing equipment performance, improving production processes and...

PT-2024-25864 · Unknown · Parcelpanel

Name of the Vulnerable Software and Affected Versions: ParcelPanel versions 3.8.1 and earlier Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for potential exploitation by injecting maliciou...

NETGEAR RAX30 安全漏洞

NETGEAR RAX30 is a dual-band wireless router from NETGEAR. A security vulnerability exists in the NETGEAR RAX30 that stems from a SQL injection vulnerability when processing certain SOAP requests...

ASUS RT-AX92U 安全漏洞

ASUS RT-AX92U is a wireless router from Asus China. A security vulnerability exists in the ASUS RT-AX92U that stems from the presence of a SQL injection information disclosure vulnerability that allows network-adjacent attackers to disclose sensitive information on the affected router...

PT-2024-12762 · Ibm · Ibm Cognos Controller

Name of the Vulnerable Software and Affected Versions: IBM Cognos Controller versions 10.4.1 through 11.0.0 Description: The issue allows a remote attacker to send specially crafted SQL statements, which could enable the attacker to view, add, modify, or delete information in the back-end databas...

HubBank SQL注入漏洞

HubBank is an application from HubBank, Inc. HubBank version 1.0.2 suffers from a SQL injection vulnerability that originates from allowing an attacker to send specially crafted SQL queries to the database from different endpoints and retrieve information stored in the database...

PT-2024-24229

Name of the Vulnerable Software and Affected Versions Ecommerce-CodeIgniter-Bootstrap version d22b54e8915f167a135046ceb857caaf8479c4da Description The issue allows a remote attacker to execute arbitrary code via the manageQuantitiesAndProcurement method of the Orders model.php component. This is ...

Limbas 安全漏洞

Limbas is a database framework written in PHP by the German company Limbas. It is used to create database-driven business applications. A security vulnerability exists in Limbas version v5.2.14 and earlier versions, which stems from the discovery of an SQL injection vulnerability contained via th...

BlueNet Technology Clinical Browsing System SQL注入漏洞

BlueNet Technology Clinical Browsing System is a clinical browsing system from BlueNet Technology USA. A SQL injection vulnerability exists in BlueNet Technology Clinical Browsing System version 1.2.1, which stems from the parameter documentUniqueId in the file /xds/deleteStudy.php that can lead ...

WordPress plugin Advanced Search 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exist...

LibreNMS 安全漏洞

LibreNMS is an open source network monitoring system based on PHP and MySQL from the LibreNMS community. The system features customizable alerts, auto-discovery of network environments and automatic updates. A security vulnerability exists in LibreNMS versions prior to 24.4.0, which stems from a...

VulnCheck KEV: CVE-2019-9762

A SQL Injection was discovered in PHPSHE 1.7 in include/plugin/payment/alipay/pay.php with the parameter id. The vulnerability does not need any authentication...

CVE-2024-30923

SQL Injection vulnerability in DerbyNet v9.0 and below allows a remote attacker to execute arbitrary code via the where Clause in Racer Document Rendering...