2823 matches found
PT-2023-15127 · Tuzicms · Tuzicms
Name of the Vulnerable Software and Affected Versions: Tuzicms version 2.0.6 Description: A SQL injection issue was found in the UserController.class.php component, located in AppManageController. Recommendations: For Tuzicms version 2.0.6, update to a newer version that contains a fix for this...
AlexRed contentmap SQL注入漏洞
contentmap is an application by AlexRed Personal Developer. AlexRed contentmap suffers from a SQL injection vulnerability that stems from the fact that incorrect manipulation of the parameter contentid can lead to sql injection...
PT-2023-10002 · Unknown · Bricco Authenticator Plugin
Name of the Vulnerable Software and Affected Versions: Bricco Authenticator Plugin versions prior to 1.39 Description: A critical issue was found in the Bricco Authenticator Plugin, affecting the authenticate/compare function of the DBAuthenticator.java file. This issue leads to sql injection...
CVE-2022-4547
The Conditional Payment Methods for WooCommerce WordPress plugin through 1.0 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin|users with a role as low as admin...
pontifex.http SQL注入漏洞
pontifex.http is an application by Andrew Personal Developer. An SQL injection vulnerability exists in pontifex.http, which originates from unknown code in the file lib/Http.coffee and operates to cause SQL injection...
CVE-2022-46955
Dynamic Transaction Queuing System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/ajax.php?action=savequeue...
CVE-2022-46471
Online Health Care System v1.0 was discovered to contain a SQL injection vulnerability via the consultingid parameter at /healthcare/Admin/consultingdetail.php...
PT-2023-10220 · Unknown · Dovgalyuk Aibattle
Name of the Vulnerable Software and Affected Versions: Dovgalyuk AIBattle affected versions not specified Description: A critical vulnerability has been found in Dovgalyuk AIBattle. The issue affects the sendComments function of the file site/procedures.php. The manipulation of the text argument...
PT-2023-15108 · Unknown · Helmet Store Showroom Site
Name of the Vulnerable Software and Affected Versions: Helmet Store Showroom Site version 1.0 Description: The issue is related to a SQL injection vulnerability. This vulnerability can be exploited via the id parameter at the "/classes/Master.php?f=delete brand" API endpoint. Recommendations: For...
PT-2023-16141 · Sourcecodester · Online Flight Booking Management System
Name of the Vulnerable Software and Affected Versions: SourceCodester Online Flight Booking Management System affected versions not specified Description: A critical issue has been discovered, affecting the file review search.php, specifically the POST Parameter Handler component. The manipulatio...
Lead Management System SQL注入漏洞
Lead management system is a lead management system developed by Mayuri K. The Lead Management System v1.0 version is vulnerable to SQL injection, which stems from the lack of validation of external input SQL statements in the userid parameter of changePassword.php. An attacker could use this...
pplv2 SQL注入漏洞
pplv2 is an application by Gokul Srinivas Personal Developer. A SQL injection vulnerability exists in pplv2. An attacker could exploit this vulnerability to perform a sql injection attack...
CVE-2022-46163
Travel support program is a rails app to support the travel support program of openSUSE TSP. Sensitive user data bank account details, password Hash can be extracted via Ransack query injection. Every deployment of travel-support-program below the patched version is affected. The...
CVE-2022-46163 travel-support-program vulnerable to data exfiltration via Ransack query injection
Travel support program is a rails app to support the travel support program of openSUSE TSP. Sensitive user data bank account details, password Hash can be extracted via Ransack query injection. Every deployment of travel-support-program below the patched version is affected. The...
CVE-2022-46163 travel-support-program vulnerable to data exfiltration via Ransack query injection
Travel support program is a rails app to support the travel support program of openSUSE TSP. Sensitive user data bank account details, password Hash can be extracted via Ransack query injection. Every deployment of travel-support-program below the patched version is affected. The...
CVE-2022-46163
CVE-2022-46163 affects the Travel Support Program (openSUSE) – a Rails app that uses the Ransack search library. The default Ransack configuration can be abused via *_start, *_end, or *_cont matchers to perform character‑by‑character brute‑force and exfiltrate sensitive data (e.g., bank account n...
CVE-2022-46163 travel-support-program vulnerable to data exfiltration via Ransack query injection
Travel support program is a rails app to support the travel support program of openSUSE TSP. Sensitive user data bank account details, password Hash can be extracted via Ransack query injection. Every deployment of travel-support-program below the patched version is affected. The...
CVE-2023-0016
SAP BPC MS 10.0 - version 810, allows an unauthorized attacker to execute crafted database queries. The exploitation of this issue could lead to SQL injection vulnerability and could allow an attacker to access, modify, and/or delete data from the backend database...
PT-2023-14814 · Rails +3 · Rails +3
Name of the Vulnerable Software and Affected Versions: travel-support-program versions prior to the patched version Description: The travel-support-program, a rails app supporting the openSUSE travel support program, is affected by a Ransack query injection issue. This allows sensitive user data,...
PT-2023-10142 · Unknown · Cherishsin Klattr
Name of the Vulnerable Software and Affected Versions: CherishSin klattr affected versions not specified Description: A critical vulnerability has been found in CherishSin klattr, affecting an unknown part, which leads to sql injection. Recommendations: At the moment, there is no information abou...