CVE-2023-6035

The EazyDocs WordPress plugin before 2.3.4 does not properly sanitize and escape "data" parameter before using it in an SQL statement via an AJAX action, which could allow any authenticated users, such as subscribers, to perform SQL Injection attacks...

CVE-2023-50429

IzyBat Orange casiers before 202308031 allows getEnsemble.php ensemble SQL injection...

CVE-2023-48823

A Blind SQL injection issue in ajax.php in GaatiTrack Courier Management System 1.0 allows an unauthenticated attacker to inject a payload via the email parameter during login...

Packers and Movers Management System Security Vulnerability

Packers and Movers Management System is a Packers and Movers Management System by Carlo Montero Individual Developer. A security vulnerability exists in Packers and Movers Management System version v.1.0, which stems from the presence of a SQL injection vulnerability. The vulnerability can be...

postgresql: extension script @substitutions@ within quoting allow SQL injection

IN THE EXTENSION SCRIPT, a SQL Injection vulnerability was found in PostgreSQL if it uses @extowner@, @extschema@, or @extschema:...@ inside a quoting construct dollar quoting, '', or "". If an administrator has installed files of a vulnerable, trusted, non-bundled extension, an attacker with...

SolarWinds Platform SQL Injection Vulnerability

SolarWinds Platform is a unified monitoring, observability, and service management platform from US-based SolarWinds, Inc. SolarWinds Platform is vulnerable to an SQL injection vulnerability that stems from the presence of an SQL injection vulnerability. An attacker could exploit this vulnerabili...

VulnCheck KEV: CVE-2023-1454

A vulnerability classified as critical has been found in jeecg-boot 3.5.0. This affects an unknown part of the file jmreport/qurestSql. The manipulation of the argument apiSelectId leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public...

CVE-2023-5047

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in DRD Fleet Leasing DRDrive allows SQL Injection. This issue affects DRDrive: before 20231006...

WordPress Plugin WP Hotel Booking Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

CVE-2023-47308

In the module "Newsletter Popup PRO with Voucher/Coupon code" newsletterpop before version 2.6.1 from Active Design for PrestaShop, a guest can perform SQL injection in affected versions. The method NewsletterpopsendVerificationModuleFrontController::checkEmailSubscription has sensitive SQL calls...

Piccolo Security Breach

Piccolo is Piccolo open source a fast , user-friendly ORM and query builder . Piccolo 1.1.1 before the version has a security vulnerability , the vulnerability stems from the vulnerability to SQL injection attacks , attackers can use the vulnerability to directly access the database...

Online Matrimonial Project SQL Injection Vulnerability

Online Matrimonial Project is an online matrimonial program. A SQL injection vulnerability exists in Online Matrimonial Project v1.0 where certain parameters are not validated or escaped before they are used in a stitched SQL statement...

PT-2023-30214 · Unknown · Online Matrimonial Project

Name of the Vulnerable Software and Affected Versions: Online Matrimonial Project version 1.0 Description: The issue concerns Unauthenticated SQL Injection vulnerabilities. Specifically, the id parameter of the "partner preference.php" resource does not validate the characters received and they a...

PT-2023-30225 · Unknown · Online Matrimonial Project

Name of the Vulnerable Software and Affected Versions: Online Matrimonial Project version 1.0 Description: The issue concerns Unauthenticated SQL Injection vulnerabilities. Specifically, the pass parameter in the register function of the functions.php file is vulnerable. Recommendations: For Onli...

WordPress Plugin Video Gallery SQL Injection Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. WordPress Plugin Video Gallery - Best...

PT-2023-15300 · Online Ada · Accessibility Suite

Name of the Vulnerable Software and Affected Versions: Accessibility Suite by Online ADA versions 4.11 through 4.12 Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL Injection attacks...

PT-2023-21245 · WordPress · Wp Reroute Email

Name of the Vulnerable Software and Affected Versions: WP Reroute Email versions 1.4.6 and earlier Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL Injection attacks. Recommendations:...

PT-2023-20415 · Tutor Lms · Tutor Lms

Name of the Vulnerable Software and Affected Versions: Tutor LMS versions 2.1.10 and earlier Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL Injection attacks. Recommendations: For...

WordPress Plugin Zendrop - Global Dropshipping SQL Injection Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. WordPress Plugin Zendrop - Global...

PT-2023-15411 · Unknown · Simple Photo Gallery

Name of the Vulnerable Software and Affected Versions: Simple Photo Gallery versions n/a through v1.8.1 Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL Injection attacks...