Aruba Networks ClearPass Policy Manager SQL注入漏洞

Aruba Networks ClearPass Policy Manager is an Aruba Networks application that provides a secure access management system for wireless networks. A security vulnerability exists in Aruba Networks ClearPass Policy Manager versions 6.10.x through 6.10.6 and 6.9.x through 6.9.11. An attacker could...

CVE-2022-37203

JFinal CMS 5.1.0 is vulnerable to SQL Injection. These interfaces do not use the same component, nor do they have filters, but each uses its own SQL concatenation method, resulting in SQL injection...

PT-2022-24485 · Unknown · Smartvista Svfe2

Name of the Vulnerable Software and Affected Versions: SmartVista SVFE2 version 2.2.22 Description: A SQL injection issue was found in SmartVista SVFE2. The issue is related to the UserForm:j id88, UserForm:j id90, and UserForm:j id92 parameters at the "/SVFE2/pages/feegroups/country group.jsf"...

WordPress plugin NEX-Forms SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A SQL injection vulnerability exists in the...

TestLink SQL注入漏洞

TestLink is a set of open source software for managing software testing process and providing statistical analysis by TestLink team. A SQL injection vulnerability exists in TestLink v1.9.20, which originates from a SQL injection contained in /lib/execute/execNavigator.php...

GHSA-WRRW-CRP8-979Q Pageflow vulnerable to sensitive user data extraction via Ransack query injection

Impact The attack allows extracting sensitive properties of database objects that are associated with users or entries belonging to an account that the attacker has access to. Pageflow uses the ActiveAdmin Ruby library to provide some management features to its users. ActiveAdmin relies on the...

Church Management System SQL注入漏洞

Church Management System is a church management system. A security vulnerability exists in Church Management System v1.0, which was discovered to contain a SQL injection vulnerability via the id parameter in /admin/edituser.php...

CVE-2022-37138

Loan Management System 1.0 is vulnerable to SQL Injection at the login page, which allows unauthorized users to login as Administrator after injecting username form...

Microsoft Dynamics SQL注入漏洞

Microsoft Dynamics is a suite of ERP business solutions for multinational organizations from Microsoft USA. The product includes financial management, production management and business intelligence management. A security vulnerability exists in Microsoft Dynamics. No details of the vulnerability...

CVE-2022-38304

Online Leave Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /maintenance/manageleavetype.php...

InventoryManagementSystem SQL注入漏洞

InventoryManagementSystem is an inventory management system by Sajan Rajbhandari, an individual developer. It provides an easy way to track products, suppliers, customers, and purchasing and sales information. A security vulnerability exists in InventoryManagementSystem version 1.0, which...

InventoryManagementSystem SQL注入漏洞

InventoryManagementSystem is an inventory management system by Sajan Rajbhandari, an individual developer. It provides an easy way to track products, suppliers, customers, and purchasing and sales information. A security vulnerability exists in InventoryManagementSystem version 1.0, which...

CVE-2021-44835

An issue was discovered in Active Intelligent Visualization 5. The Vdc header is used in a SQL query without being sanitized. This causes SQL injection...

PT-2022-24316 · Unknown · Interview Management System

Name of the Vulnerable Software and Affected Versions: Interview Management System version 1.0 Description: The issue is related to a SQL injection vulnerability. This vulnerability can be exploited via the id parameter at the "/interview/editQuestion.php" API endpoint. Recommendations: For...

WordPress plugin JoomSport SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. WordPress plugin JoomSport - for Sports: Te...

Doctor’s Appointment System SQL注入漏洞

Doctor's Appointment System is a doctor's appointment system by Hashen Udara, an individual developer. Doctor's Appointment System version 1.0 suffers from a SQL injection vulnerability that originates from an attacker being able to achieve SQL injection via the ?id= parameter of its booking.php...

CVE-2022-36732

Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /librarian/dele.php...

Ingredients Stock Management System SQL注入漏洞

Ingredients Stock Management System is an ingredient stock management system from Carlo Montero's personal developer. v1.0 of the Ingredients Stock Management System is vulnerable to SQL injection, which stems from the lack of validation of external input SQL statements in the month parameter of...

Tyler Odyssey 信任管理问题漏洞

Tyler Technologies Tyler Odyssey is a court and judicial software system from Tyler Technologies, USA. Tyler Odyssey suffers from a security vulnerability that stems from passing unencrypted bytes from an intermediary to a client An intermediary attacker can inject an incorrect response to the...

PT-2022-23559 · Unknown · Ingredients Stock Management System

Name of the Vulnerable Software and Affected Versions: Ingredients Stock Management System version 1.0 Description: A SQL injection issue was found in the id parameter at the /classes/Master.php?f=delete category endpoint. Recommendations: For Ingredients Stock Management System version 1.0, avoi...