CVE-2022-24124

The query API in Casdoor before 1.13.1 has a SQL injection vulnerability related to the field and value parameters, as demonstrated by api/get-organizations...

CVE-2022-22294

A SQL injection vulnerability exists in ZFAKA=1.43 which an attacker can use to complete SQL injection in the foreground and add a background administrator account...

CSZ CMS SQL注入漏洞

CSZ CMS is a PHP-based open-source content management system CMS.A SQL injection vulnerability exists in CSZ CMS 1.2.9, which can be exploited by attackers via cszcms/controllers/Member.php...

MartDevelopers Iresturant SQL注入漏洞

MartDevelopers Iresturant is an open source lightweight restaurant Erp from MartDevelopers Kenya. used to integrate social restaurant operations into one system. martDevelopers iResturant 1.0 is vulnerable to a SQL injection vulnerability that stems from adding email and phone parameter values ar...

Taocms SQL注入漏洞

Taocms is a micro Cms Content Management System in China. Taocms in v3.0.2 version exists SQL injection vulnerability, the vulnerability stems from taocmsincludeModelArticle.php for SQL statements lack of effective filtering and escaping. An attacker can exploit this vulnerability to execute...

CVE-2021-45406

In SalonERP 3.0.1, a SQL injection vulnerability allows an attacker to inject payload using 'sql' parameter in SQL query while generating a report. Upon successfully discovering the login admin password hash, it can be decrypted to obtain the plain-text password...

CVE-2022-22055

The Le-yan dental management system contains an SQL-injection vulnerability. An unauthenticated remote attacker can inject SQL commands into the input field of the login page to acquire administrator’s privilege and perform arbitrary operations on the system or disrupt service...

SalonErp SQL注入漏洞

SalonErp is a salon management software by Thomas Sparber Personal Developer. A SQL injection vulnerability exists in SalonERP 3.0.1. The vulnerability allows an attacker to inject payloads using sql parameters in SQL queries when generating reports. After successfully discovering the login...

CVE-2020-28679

A vulnerability in the showReports module of Zoho ManageEngine Applications Manager before build 14550 allows authenticated attackers to execute a SQL injection via a crafted request...

DEBIAN-CVE-2022-21661

WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. Due to improper sanitization in WPQuery, there can be cases where SQL injection is possible through plugins or themes that use it in a certain way. This has been patched in WordPress...

CVE-2021-25030

The Events Made Easy WordPress plugin before 2.2.36 does not sanitise and escape the searchtext parameter before using it in a SQL statement via the emesearchmail AJAX action, available to any authenticated users. As a result, users with a role as low as subscriber can call it and perform SQL...

CVE-2021-43157

Projectsworlds Online Shopping System PHP 1.0 is vulnerable to SQL injection via the id parameter in cartremove.php...

Projectworlds Hospital Management System SQL注入漏洞

Projectworlds Hospital Management System is a hospital management system from Projectworlds Austria. version 1.0 of Projectworlds Hospital Management System is vulnerable to SQL injection, which can be exploited by attackers to compromise database system and in some cases use this vulnerability t...

WordPress 插件 SQL注入漏洞

WordPress is the Wordpress Foundation's suite of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.A SQL injection vulnerability exists in the WordPress Ni WooCommerce Custom Order Status plugin, which stems fro...

WordPress SQL注入漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers. Modern Events Calendar Lite Plugin is a WordPress open source application plugin. WordPress Modern Events Calendar Lite...

PayPal Free Source Code SQL注入漏洞

PayPal Free Source Code is an online registration management system. A security vulnerability exists in PayPal Free Source Code 1.0 online registration management system, which allows attackers to obtain sensitive information and execute arbitrary SQL commands via the IDNO parameter...

Esri Arcgis Server SQL注入漏洞

Esri Arcgis Server is a Web-oriented, enterprise-class software platform that can be used to provide geolocation services from Esri, Inc. Esri ArcGIS Server suffers from a SQL injection vulnerability that stems from a lack of validation of externally entered SQL statements in database-based...

Aanderaa GeoView SQL注入漏洞

Aanderaa GeoView is a web-based solution for displaying environmental data. Aanderaa GeoView suffers from a SQL injection vulnerability that can be exploited by an attacker to manipulate the database server...

Sophos SG UTM SQL注入漏洞

Sophos SG UTM is a security gateway from Sophos UK. The product is used to protect computer nodes on a local area network. A security vulnerability exists in the user portal prior to SG UTM version 9.708 MR8, through which an authenticated user may be able to execute code...

WordPress 插件 SQL注入漏洞

WordPress Plugin is an open source application plugin for WordPress. The WordPress plugin suffers from a SQL injection vulnerability that stems from the hmwp get user ip function attempting to retrieve an ip address from multiple headers, including ip address headers that the user can spoof, such...