Stock Management System SQL注入漏洞

Sourcecodester Stock Management System is an inventory management system. A security vulnerability exists in Stock Management System, which is caused by an incorrect manipulation of the parameter user/password leading to sql injection...

PT-2022-27113 · Boa · Boa

Name of the Vulnerable Software and Affected Versions: Boa version 0.94.14rc21 Description: The issue concerns SQL Injection via the username variable. However, it is noted that this vulnerability is disputed by multiple third parties because Boa does not ship with any support for SQL...

AeroCMS SQL注入漏洞

AeroCMS is a content management system from AeroCMS, Inc. A security vulnerability exists in AeroCMS v0.0.1, which stems from the id parameter of its adminpostcomments.php component allowing an attacker to implement SQL injection resulting in access to database information. No detailed...

AeroCMS SQL注入漏洞

AeroCMS is a content management system from AeroCMS, Inc. A security vulnerability exists in AeroCMS v0.0.1, which stems from the postcategoryid parameter of its adminincludeseditpost.php component allowing an attacker to implement SQL injection resulting in access to database information. No...

PT-2022-26793 · Unknown · Billing System Project

Name of the Vulnerable Software and Affected Versions: Billing System Project version 1.0 Description: The issue is related to a SQL injection vulnerability. This vulnerability can be exploited via the orderId parameter at the "fetchOrderData.php" endpoint. Recommendations: For Billing System...

AeroCMS SQL注入漏洞

AeroCMS is a content management system from the American company AeroCMS. AeroCMS version v0.0.1 suffers from a security vulnerability that stems from the pid parameter of its post.php component that allows an attacker to implement a SQL injection resulting in access to database information...

AeroCMS SQL注入漏洞

AeroCMS is a content management system from AeroCMS Inc. in the United States. AeroCMS version v0.0.1 suffers from a security vulnerability that stems from the Category parameter of its category.php component that allows an attacker to implement SQL injection resulting in access to database...

CVE-2022-39180

College Management System v1.0 - SQL Injection SQLi. By inserting SQL commands to the username and password fields in the login.php page...

Automotive Shop Management System SQL注入漏洞

Automotive Shop Management System is an automotive shop management system by the individual developer Carlo Montero. Automotive Shop Management System v1.0 suffers from a SQL injection vulnerability that originates from /asms/admin/?page=user/manageuser&id=Lack of validation of externally entered...

PT-2022-26951 · Delta Electronics · Delta Electronics Diaenergie

Name of the Vulnerable Software and Affected Versions: Delta Electronics DIAEnergie versions prior to v1.9.02.001 Description: The issue allows an attacker to inject SQL queries via the network. This is related to SQL Injection in HandlerTag KID.ashx. Recommendations: For versions prior to...

College Management System SQL注入漏洞

College Management System is a simple project organized by Code Projects. It is used to keep track of students, teachers, subjects, schedules and all things related to college. College Management System v1.0 suffers from a SQL injection vulnerability that can be exploited to insert SQL commands...

BACKCLICK SQL注入漏洞

BACKCLICK is a marketing software from BACKCLICK Germany that helps organizations create, implement, measure and run web-based email campaigns. A SQL injection vulnerability exists in BACKCLICK Professional version 5.9.63, which stems from insufficient user-supplied input escaping, and can be...

PT-2022-26816 · Unknown · Human Resource Management System

Name of the Vulnerable Software and Affected Versions: Human Resource Management System version 1.0 Description: A SQL injection issue was found in the Human Resource Management System. The vulnerability can be exploited via the password parameter at the "/hrm/controller/login.php" API endpoint...

s::can moni::tools SQL注入漏洞

s::can moni::tools is a platform from s::can for managing a virtually unlimited number of sites, online probes, analyzers and parameters. A SQL injection vulnerability exists in versions of s::can moni::tools prior to 4.2, which originates from an authenticated attacker being able to gain full...

LimeSurvey SQL注入漏洞

LimeSurvey formerly known as PHPSurveyor is a set of open source online questionnaire survey program by Limesurvey team, which supports survey program development, questionnaire publishing and data collection. A SQL injection vulnerability exists in LimeSurvey v5.4.4, which stems from the discove...

HHIMS SQL注入漏洞

HHIMS is a free, open source software system from the individual developers at TSRuban. It is used to store and retrieve simple patient medical records. HHIMS suffers from a SQL injection vulnerability that originates from an unknown function in the scenegraph/svgattributes.c file of the SVG Pars...

Online Diagnostic Lab Management System SQL注入漏洞

Online Diagnostic Lab Management System is an online diagnostic lab management system. A security vulnerability exists in Online Diagnostic Lab Management System v1.0, which was discovered to contain an SQL injection vulnerability via the id parameter on /odlms//classes/Master.php?f=deleteactivit...

CVE-2022-41258

Due to insufficient input validation, SAP Financial Consolidation - version 1010, allows an authenticated attacker to inject malicious script when running a common query in the Web Administration Console. On successful exploitation, an attacker can view or modify information causing a limited...

CVE-2022-3481

The WooCommerce Dropshipping WordPress plugin before 4.4 does not properly sanitise and escape a parameter before using it in a SQL statement via a REST endpoint available to unauthenticated users, leading to a SQL injection...

Sanitization Management System SQL注入漏洞

Sanitization Management System is a sanitization management system by Carlo Montero Personal Developer. A security vulnerability exists in Sanitization Management System v1.0, which stems from the id parameter of its /php-sms/classes/Master.php?f=deleteinquiry component that allows an attacker to...