Thinking Software Technology Efence SQL注入漏洞

Thinking Software Technology Efence is a mobile device management solution from China-based Thinking Software Technology. A SQL injection vulnerability exists in Thinking Software Technology Efence due to a login function that does not validate user-entered parameters...

Exploit for Cross-site Scripting in Dandulaney Dan\'S_Embedder_For_Google_Calendar

CVE-2023-51504 This is a dockerized reproduction of the MotoCM...

CVE-2021-4340

The uListing plugin for WordPress is vulnerable to generic SQL Injection via the ‘listingid’ parameter in versions up to, and including, 1.6.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

CVE-2023-33762

eMedia Consulting simpleRedak up to v2.47.23.05 was discovered to contain a SQL injection vulnerability via the Activity parameter...

PT-2023-12143 · Unknown · Fighting Cock Information System

Name of the Vulnerable Software and Affected Versions: Fighting Cock Information System version 1.0 Description: A SQL Injection issue allows a remote attacker to obtain sensitive information via the 'edit breed.php' parameter. Recommendations: For Fighting Cock Information System version 1.0,...

WordPress plugin Elementor Website Builder SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A SQL injection vulnerability exists in the...

PT-2023-24194 · Xibo · Xibo

Name of the Vulnerable Software and Affected Versions: Xibo versions 1.4.0 through 2.3.16 Xibo versions 2.3.17 is not affected, but versions prior to 3.3.5 are affected, so the correct range is Xibo versions 3.3.0 through 3.3.4 Description: A SQL injection issue was discovered in the...

WordPress plugin Portfolio Gallery SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A SQL injection vulnerability exists in...

Faculty Evaluation System SQL注入漏洞

Faculty Evaluation System is a faculty evaluation system. A SQL injection vulnerability exists in Faculty Evaluation System, which can be exploited by an attacker to directly manipulate the database by constructing malicious query statements to obtain sensitive information or perform arbitrary...

CVE-2023-0600

The WP Visitor Statistics Real Time Traffic WordPress plugin before 6.9 does not escape user input which is concatenated to an SQL query, allowing unauthenticated visitors to conduct SQL Injection attacks...

CVE-2023-2669

A vulnerability was found in SourceCodester Lost and Found Information System 1.0. It has been classified as critical. This affects an unknown part of the file admin/?page=categories/viewcategory of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. I...

SourceCodester Online Exam System SQL注入漏洞

Online Exam System is an online exam system by oretnom23 individual developers. SourceCodester Online Exam System version 1.0 suffers from a SQL injection vulnerability that originates from a problem in the file adminpanel/admin/faceboxmodal/updateCourse.php, where manipulation of the parameter i...

Medical System Medisys Weblab Products SQL注入漏洞

Medical System Medisys Weblab Products is a client module for Medical System's LIS. It is a tool that allows laboratory clients to log in their own samples and subsequently view the results. A security vulnerability exists in Medical System Medisys Weblab Products version v19.4.03 that stems from...

Pimcore SQL注入漏洞

Pimcore is Austria Pimcore company's set of open source for creating and managing Web applications Web content management platform. The platform integrates Web content management, e-commerce framework and product information management applications. A SQL injection vulnerability exists in Pimcore...

PT-2023-23003

Name of the Vulnerable Software and Affected Versions Pimcore versions prior to 10.5.21 Description The issue is related to a SQL injection vulnerability in the admin search find API. This vulnerability allows an attacker to interfere with the queries that the application makes to its database,...

PrestaShop SQL注入漏洞

PrestaShop is an open source e-commerce solution from PrestaShop, Inc. in the United States. The solution provides multiple payment methods, short message alerts and product image scaling. A security vulnerability exists in PrestaShop version v.2.2.12 and prior versions. An attacker exploited the...

CVE-2023-2148

A vulnerability classified as critical has been found in Campcodes Online Thesis Archiving System 1.0. This affects an unknown part of the file /admin/curriculum/viewcurriculum.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The...

Archery SQL注入漏洞

Archery is an open source vulnerability assessment and management tool. Archery suffers from a SQL injection vulnerability that stems from the inclusion of multiple SQL injection vulnerabilities that could allow an attacker to query a connected database...

Archery SQL注入漏洞

Archery is an open source vulnerability assessment and management tool. Archery suffers from a SQL injection vulnerability that stems from the inclusion of multiple SQL injection vulnerabilities that could allow an attacker to query a connected database...

PT-2023-22780 · Archery · Archery

Name of the Vulnerable Software and Affected Versions: Archery affected versions not specified Description: The Archery project contains multiple SQL injection vulnerabilities that may allow an attacker to query the connected databases. User input coming from the db name parameter value and the...