Simple Customer Relationship Management SQL注入漏洞

Simple Customer Relationship Management Simple CRM is a simple customer relationship management system by Carlo Montero Personal Developer. A security vulnerability exists in Simple Customer Relationship Management System v1.0, which originates from a SQL injection vulnerability in the address...

PT-2023-20196 · Sap · Sap Aba

Name of the Vulnerable Software and Affected Versions: SAP ABAP versions 751, 753, 754, 756, 757, 791 Description: The issue is caused by insufficient input sanitization, allowing an authenticated high privileged user to alter the current session of the user by injecting malicious database querie...

Saysis Starcities SQL注入漏洞

Saysis Starcities is an application from Saysis, Inc. A security vulnerability exists in Saysis Starcities that stems from imperfect handling of user input data prior to splicing SQL statements, which could lead to an SQL injection vulnerability...

PT-2023-16893 · Lmxcms · Lmxcms

Name of the Vulnerable Software and Affected Versions: lmxcms version 1.41 Description: A critical issue has been found in the function update of the file AcquisiAction.class.php. The manipulation of the argument id with specific input leads to SQL injection. The attack can be launched remotely...

CVE-2023-1251

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Akinsoft Wolvox. This issue affects Wolvox: before 8.02.03...

Best POS Management System SQL注入漏洞

Best pos management system is a best pos management system by Mayuri K. Individual developer. A security vulnerability exists in Best POS Management System version 1.0, which stems from a SQL injection vulnerability via the id parameter in /billing/home.php...

iGamingModules flashgames SQL注入漏洞

Flashgames is an open source Xoops module from iGaming Modules. It is used to support Flash game applications. A SQL injection vulnerability exists in iGamingModules flashgames version 1.1.0, which stems from the fact that manipulation of the parameter lid can lead to sql injection...

WordPress Plugin Correos Oficial SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A SQL injection vulnerability exists in...

ZoneMinder SQL注入漏洞

ZoneMinder is an open source video surveillance software system. The system supports IP, USB, and analog cameras, among others. A security vulnerability exists in ZoneMinder versions prior to 1.36.33 and prior to 1.37.33 that stems from the presence of a SQL injection vulnerability, which can be...

PT-2023-20436 · Gentoo · Soko

Name of the Vulnerable Software and Affected Versions: Gentoo soko versions prior to 1.0.1 Description: The issue allows for SQL Injection, leading to a Denial of Service. When the "Recently Visited Packages" view is selected, the search history cookie value is used in SQL queries without proper...

CVE-2023-0903

A vulnerability was found in SourceCodester Employee Task Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file edit-task.php. The manipulation of the argument taskid leads to sql injection. The attack can be initiated remotely. The complexit...

OIC Exponent CMS SQL注入漏洞

OIC Exponent CMS is a free, open source modular content management system CMS based on PHP from OIC, USA. The system supports direct editing in pages and provides user management, site configuration, content editing and other functions. An SQL injection vulnerability exists in OIC Exponent CMS...

Intern Record System SQL注入漏洞

Intern Record System is an intern record system from the individual developers at Codeprojects. A security vulnerability exists in Intern Record System version 1.0. An attacker can exploit this vulnerability to execute arbitrary code and obtain sensitive information...

SUSE CVE-2013-0269

The JSON gem before 1.5.5, 1.6.x before 1.6.8, and 1.7.x before 1.7.7 for Ruby allows remote attackers to cause a denial of service resource consumption or bypass the mass assignment protection mechanism via a crafted JSON document that triggers the creation of arbitrary Ruby symbols or certain...

SUSE CVE-2018-7033

SchedMD Slurm before 17.02.10 and 17.11.x before 17.11.5 allows SQL Injection attacks against SlurmDBD...

SUSE CVE-2021-23222

A man-in-the-middle attacker can inject false responses to the client's first few queries, despite the use of SSL certificate verification and encryption...

SUSE CVE-2021-30459

A SQL Injection issue in the SQL Panel in Jazzband Django Debug Toolbar before 1.11.1, 2.x before 2.2.1, and 3.x before 3.2.1 allows attackers to execute SQL statements by changing the rawsql input field of the SQL explain, analyze, or select form...

SUSE CVE-2022-23305

By design, the JDBCAppender in Log4j 1.2.x accepts an SQL statement as a configuration parameter where the values to be inserted are converters from PatternLayout. The message converter, %m, is likely to always be included. This allows attackers to manipulate the SQL by entering crafted strings...

PT-2023-10256 · Webbuilders · Silverstripe-Kapost-Bridge

Name of the Vulnerable Software and Affected Versions: webbuilders-group silverstripe-kapost-bridge version 0.3.3 Description: A critical issue has been found, affecting the index/getPreview function of the file code/control/KapostService.php. This issue leads to sql injection and can be launched...

PbootCMS SQL注入漏洞

PbootCMS is an open source enterprise building content management system CMS using PHP language developed by PbootCMS individual developers. A security vulnerability exists in PbootCMS version 3.0.5. An attacker can exploit the vulnerability to execute arbitrary SQL commands via a specially craft...