PT-2023-24960 · Unknown · Wifi Soft Unibox Administration

Name of the Vulnerable Software and Affected Versions: Wifi Soft Unibox Administration versions 3.0 through 3.1 Description: The issue arises from the lack of validation or sanitization of user input in the username field of the login page, leading to SQL Injection. This allows attackers to injec...

PT-2023-27140 · Unknown · Cafe Billing System

Name of the Vulnerable Software and Affected Versions: Cafe Billing System version 1.0 Description: A critical issue was found in the Cafe Billing System, affecting an unknown functionality of the file index.php of the component Order Handler. The manipulation of the id argument leads to SQL...

Biltay Technology Scienta SQL注入漏洞

Biltay Technology Scienta is a mobile application from Biltay Technology designed for enterprise management. Biltay Technology Scienta suffers from a SQL injection vulnerability that stems from not properly neutralizing special elements. An attacker can exploit this vulnerability to inject...

Campcodes Beauty Salon Management System SQL注入漏洞

Campcodes Beauty Salon Management System is a beauty salon management system from Campcodes. A SQL injection vulnerability exists in Campcodes Beauty Salon Management System version 1.0, which originates from an unknown function in the file /admin/admin-profile.php that can lead to SQL injection...

Hospital Management System SQL注入漏洞

Hospital Management System HMS is a computerized system that helps manage healthcare-related information and helps healthcare providers do their jobs efficiently. A SQL injection vulnerability exists in Hospital Management System version 1.0, which stems from the presence of an unknown function i...

CVE-2023-3793

A vulnerability was found in Weaver e-cology. It has been rated as critical. This issue affects some unknown processing of the file filelFileDownloadForOutDoc.class of the component HTTP POST Request Handler. The manipulation of the argument fileid with the input 1+WAITFOR+DELAY leads to sql...

CVE-2023-3743

Ap Page Builder, in versions lower than 1.7.8.2, could allow a remote attacker to send a specially crafted SQL query to the productoneimg parameter to retrieve the information stored in the database...

Bylancer QuickOrder SQL注入漏洞

Bylancer QuickOrder is a WhatsApp food ordering plugin from Bylancer. A SQL injection vulnerability exists in Bylancer QuickOrder version 6.3.7, which stems from the presence of an unknown function in the blog in the component GET Parameter Handler, which leads to sql injection via parameter s. T...

Bylancer QuickJob SQL注入漏洞

Bylancer QuickJob is an advanced Job Board PHP script from Bylancer. A SQL injection vulnerability exists in Bylancer QuickJob version 6.1, which stems from the presence of an unknown function in the component GET Parameter Handler, which leads to sql injection via the parameters keywords/gender...

CVE-2023-37472 Query injection in Knowage server

Knowage is an open source suite for business analytics. The application often use user supplied data to create HQL queries without prior sanitization. An attacker can create specially crafted HQL queries that will break subsequent SQL queries generated by the Hibernate engine. The endpoint...

CVE-2023-37472 Query injection in Knowage server

Knowage is an open source suite for business analytics. The application often use user supplied data to create HQL queries without prior sanitization. An attacker can create specially crafted HQL queries that will break subsequent SQL queries generated by the Hibernate engine. The endpoint...

PrestaShop SQL注入漏洞

PrestaShop is an open source e-commerce solution from PrestaShop, Inc. in the United States. The solution provides multiple payment methods, short message alerts and product image zoom. A SQL injection vulnerability exists in PrestaShop versions 3.1.10 through 3.3.8, which stems from a SQL...

CVE-2023-37628

Online Piggery Management System 1.0 is vulnerable to SQL Injection...

Best pos management system SQL注入漏洞

Best pos management system is a best pos management system by Mayuri K. Individual developer. A SQL injection vulnerability exists in Best POS Management System version 1.0, which stems from the parameter username in the file adminclass.php that can lead to sql injection...

PT-2023-21773 · Softmed · Softmed Selfpatron

Name of the Vulnerable Software and Affected Versions: Softmed SelfPatron versions prior to 2.0 Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL Injection attacks. Recommendations: Fo...

DOOR Property Cloud Platform Management Center SQL注入漏洞

DOOR Property Cloud Platform Management Center is a property cloud platform management center of China DOOR Corporation. A security vulnerability exists in DOOR Property Cloud Platform Management Center version 1.0, which originates from an SQL injection vulnerability...

The vulnerability of the GLPI system’s handling of requests and incidents lies in the improper neutralization of input data during the generation of web pages, as well as the improper neutralization of special elements used in SQL commands. This allows attackers to execute arbitrary SQL queries in the database.

The vulnerability of the GLPI application’s request and incident handling system lies in the insufficient cleaning of user data at the final inventory registration stage. A user who has not undergone identity verification can send specially created requests to the vulnerable application and execu...

The vulnerability of the GLPI system’s handling of requests and incidents lies in the improper cancellation of input during the generation of web pages, allowing a malicious user to execute arbitrary SQL queries in the database.

The vulnerability of the GLPI system for handling requests and incidents is related to insufficient cleaning of user data on search pages. A malicious actor can trick a victim into clicking on a specially created link, allowing arbitrary HTML code and scripts to be executed in the user’s browser...

WordPress plugin MStore API SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection vulnerabili...

Webkil QloApps SQL注入漏洞

Webkil QloApps is free open source hotel booking and online reservation system. A security vulnerability exists in Webkul QloApps version 1.6.0, which stems from a SQL injection vulnerability in the GET parameter. An attacker can exploit the vulnerability to bypass the authentication and...