CVE-2023-5918

A vulnerability, which was classified as critical, was found in SourceCodester Visitor Management System 1.0. Affected is an unknown function of the file manageuser.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The identifier of thi...

PT-2023-29354 · Unknown · Online Bus Booking System

Name of the Vulnerable Software and Affected Versions: Online Bus Booking System version 1.0 Description: The issue concerns multiple Unauthenticated SQL Injection vulnerabilities. Specifically, the user query parameter of the "bus info.php" resource does not validate the characters received and...

CVE-2023-25045

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in David F. Carr RSVPMaker allows SQL Injection.This issue affects RSVPMaker: from n/a through 9.9.3...

CVE-2023-36263

Prestashop opartlimitquantity 1.4.5 and before is vulnerable to SQL Injection. OpartlimitquantityAlertlimitModuleFrontController::displayAjaxPushAlertMessage has sensitive SQL calls that can be executed with a trivial http call and exploited to forge a SQL injection...

SUSE CVE-2023-46490

SQL Injection vulnerability in Cacti v1.2.25 allows a remote attacker to obtain sensitive information via the formactions function in the managers.php function...

CVE-2023-44480

Leave Management System Project v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'setcasualleave' parameter of the admin/setleaves.php resource does not validate the characters received and they are sent unfiltered to the database...

Cacti SQL Injection Vulnerability

Cacti is a set of open source network traffic monitoring and analysis tools from the Cacti team. The tool obtains data via snmpget, analyzes it using RRDtool drawing graphs, and provides data and user management features. A SQL injection vulnerability exists in Cacti v1.2.25, which stems from...

CVE-2023-26584

Unauthenticated SQL injection in the GetStudentInconsistencies method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers...

IDAttend IDWeb SQL Injection Vulnerability

IDAttend IDWeb is a web-based module from IDAttend, Inc. A SQL injection vulnerability exists in IDAttend IDWeb version 3.1.052 and prior versions, which stems from an unauthenticated SQL injection in the GetCurrentPeriod method...

IDAttend IDWeb SQL Injection Vulnerability

IDAttend IDWeb is a web-based module from IDAttend, Inc. A security vulnerability exists in IDAttend IDWeb version 3.1.052 and prior versions that stems from an unauthenticated SQL injection in the GetExcursionList method...

PT-2023-6632

Name of the Vulnerable Software and Affected Versions F5 BIG-IP Configuration utility affected versions not specified Description An authenticated SQL injection vulnerability exists in the BIG-IP Configuration utility, which may allow an authenticated attacker with network access to the...

The vulnerability of the /log/mailrecvview.php file in the D-Link DAR-7000 router microprogramming system allows a hacker to execute arbitrary SQL code.

The vulnerability of the /log/mailrecvview.php file in the D-Link DAR-7000 router microprogramming system is related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL code remotely...

SuperWebMailer SQL Injection Vulnerability

Superwebmailer is a web-based PHP newsletter software for newsletter recipient management, sending HTML newsletters, birthday emails. A security vulnerability exists in SuperWebMailer version 9.00.0.01710, which originates from a SQL injection vulnerability in parameter size...

Langchain Injection Vulnerability

LangChain is built as an application using LLM through composability. Langchain 0.0.155 and prior versions are vulnerable to an injection vulnerability that stems from the presence of a SQL injection vulnerability...

PT-2023-32257 · Netentsec · Netentsec Ns-Asg Application Security Gateway

Name of the Vulnerable Software and Affected Versions: Netentsec NS-ASG Application Security Gateway version 6.3 Description: A critical issue was found in the Netentsec NS-ASG Application Security Gateway, affecting an unknown part of the file /admin/list addr fwresource ip.php. This issue leads...

NocoDB SQL Injection Vulnerability

NocoDB is an open source Airtable replacement. Convert any MySql, PostgreSql, Sql Server, Sqlite and MariaDb into a smart spreadsheet. A security vulnerability exists in Nocodb version 0.109.2. An attacker exploiting this vulnerability can query the underlying database...

QNAP Systems Video Station SQL Injection Vulnerability

QNAP Systems Video Station is a video management and playback application from QNAP Systems. A security vulnerability exists in QNAP Systems Video Station 5.7.0 2023/07/27 and prior versions that could allow an authenticated user to inject malicious code over the network...

Online Computer and Laptop Store SQL Injection Vulnerability

Online Computer and Laptop Store is an online computer and laptop store by Carlo Montero Personal Developer. A SQL injection vulnerability exists in Online Computer and Laptop Store version 1.0, which originates from a SQL injection vulnerability in the file products.php...

PT-2023-27750 · Qsige · Qsige

Name of the Vulnerable Software and Affected Versions: QSige affected versions not specified Description: The QSige statistics are affected by a remote SQL injection vulnerability. The web application does not correctly filter input parameters, allowing SQL injections, Denial of Service DoS, or...

PrestaShop SQL Injection Vulnerability

PrestaShop is an open source e-commerce solution from PrestaShop, Inc. in the United States. The solution provides multiple payment methods, SMS alerts, and product image scaling. A security vulnerability exists in PrestaShop that stems from the incorrect neutralization of SQL parameters in the...