Roundcube Webmail SQL注入漏洞

Roundcube Webmail is an open source browser-based IMAP client that supports address book management, message searching, spell checking, and more. A SQL injection vulnerability exists in Roundcube Webmail, which can be exploited to perform SQL injection via "search" or "searchparams". The followin...

CVE-2021-24772

The Stream WordPress plugin before 3.8.2 does not sanitise and validate the order GET parameter from the Stream Records admin dashboard before using it in a SQL statement, leading to an SQL injection issue...

USN-5145-1 postgresql-10, postgresql-12, postgresql-13 vulnerabilities

Jacob Champion discovered that PostgreSQL incorrectly handled SSL certificate verification and encryption. A remote attacker could possibly use this issue to inject arbitrary SQL queries when a connection is first established...

CVE-2020-22223

Stivasoft Phpjabbers Fundraising Script v1.0 was discovered to contain a SQL injection vulnerability via the pjActionLoad function...

CVE-2021-26609

A vulnerability was found in MangboardWordPress plugin. A SQL-Injection vulnerability was found in ordertype parameter. The ordertype parameter makes a SQL query using unfiltered data. This vulnerability allows a remote attacker to steal user information...

Online Student Admission System SQL注入漏洞

Online Student Admission System is an online student admission system. It is used to computerize all pre- and post-admission activities of an institution. A security vulnerability exists in Online Student Admission System version 1.0, which stems from the software's lack of effective restrictions...

PT-2021-23558 · Sqlite Consortium +2 · Sqlite +2

Name of the Vulnerable Software and Affected Versions: The Simple Payroll System with Dynamic Tax Bracket in PHP using SQLite affected versions not specified Description: The issue concerns a remote SQL injection bypass authentication vulnerability for the admin account. The username parameter fr...

ZZCMS SQL注入漏洞

ZZCMS is a content management system CMS from the Zzcms team in China.ZZCMS version 2019 is vulnerable to a SQL injection vulnerability that originates from a missing validation of external input SQL statements in the dlid parameter on the application's /dl/dlprint.php page. An attacker could use...

ZZCMS SQL注入漏洞

ZZCMS is a content management system CMS from the Zzcms team in China.ZZCMS version 2019 is vulnerable to SQL injection, which stems from the lack of effective filtering and escaping of SQL statements in the subzs.php component. An attacker could use this vulnerability to execute illegal SQL...

IBM Sterling B2B Integrator SQL注入漏洞

IBM Sterling B2B Integrator is a transaction engine, a set of components that run the processes you define and manage based on your business needs.IBM Sterling B2B Integrator versions 6.0.0.0-6.0.3.4, 6.1.0.0-6.1.0.3 are vulnerable to SQL injection. An attacker could exploit the vulnerability by...

POC-EXP

It is an offensive tool for vulnerability exploitation. The repository contains a collection of exploits and proof-of-concept PoC code for various vulnerabilities. No specific CVE or GHSA IDs are mentioned, but the repository is likely focused on demonstrating exploitation techniques rather than...

CVE-2020-20692

GilaCMS v1.11.4 was discovered to contain a SQL injection vulnerability via the $GET parameter in /src/core/controllers/cm.php...

OS4Ed OpenSIS SQL注入漏洞

openSIS is a free and open source student information system/school management software. openSIS version 8.0 has a SQL injection vulnerability in the cpidmissattn parameter in TakeAttendance.php. An attacker can exploit this vulnerability to inject SQL queries...

SAP Business One SQL注入漏洞

SAP Business One is a suite of enterprise management software from SAP, a German company. SAP Business One version 10.0 has a SQL injection vulnerability that stems from the lack of effective validation and escaping of SQL statements, which can be exploited by an attacker with business privileges...

S-CMS SQL注入漏洞

S-CMS is a product developed by Zibo Shining Network Technology Co., Ltd. that provides solutions for building enterprise websites. a SQL injection vulnerability exists in the 4.edu.phpconnfunction.php component of S-CMS version 1.0. An attacker can use this vulnerability to access sensitive...

CVE-2021-38390

A Blind SQL injection vulnerability exists in the /DataHandler/HandlerEnergyType.ashx endpoint of Delta Electronics DIAEnergie Version 1.7.5 and prior. The application does not properly validate the user-controlled value supplied through the parameter egyid before using it as part of an SQL query...

YouDianCMS SQL注入漏洞

YouDianCMS is a web CMS. version 8.0 of YouDianCMS is vulnerable to SQL injection, which stems from a lack of search keyword filtering in the search bar and can be exploited to obtain sensitive database information...

Delta Electronics DIAEnergie SQL注入漏洞

A SQL blind injection vulnerability exists in the /DataHandler/HandlerAlarmGroup.ashx endpoint in DIAEnergie 1.7.5 and earlier versions. The vulnerability stems from the application not properly validating the value provided by the user via the parameter agid before using the value as part of a S...

Delta Electronics DIAEnergie SQL注入漏洞

A SQL blind injection vulnerability exists in the /DataHandler/HandlerEnergyType.ashx endpoint in DIAEnergie 1.7.5 and earlier versions. The vulnerability stems from the application not properly validating the value provided by the user via the parameter egyid before using the value as part of a...

thinkphp-zcms SQL注入漏洞

thinkphp-zcms is open source based on thinkphp3.2 development of a cms system , more comprehensive features . thinkphp-zcms There is a SQL injection vulnerability , an attacker can use the vulnerability through index.php?m=home&c=message&a=add to execute arbitrary SQL commands...