CVE-2021-24550

The Broken Link Manager WordPress plugin through 0.6.5 does not sanitise, validate or escape the url GET parameter before using it in a SQL statement when retrieving an URL to edit, leading to an authenticated SQL injection issue...

CVE-2021-35458

Online Pet Shop We App 1.0 is vulnerable to Union SQL Injection in products.php aka p=products via the c or s parameter...

CVE-2020-21806

SQL Injection Vulnerability in ECTouch v2 via the shop page in index.php...

ECTouch SQL注入漏洞

ECTouch is a software application. An open source mobile mall system to create an enterprise exclusive mobile mall. A SQL injection vulnerability exists in ECTouch, which originates from the product index.php page failing to filter the input of special characters, an attacker can execute illegal...

WordPress SQL注入漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A SQL injection vulnerability exists in WordPress Woocommerce. The vulnerability stems from a lack o...

CVE-2021-26226

SQL injection vulnerability in SourceCodester CASAP Automated Enrollment System v 1.0 allows remote attackers to execute arbitrary SQL statements, via the id parameter to edituser.php...

CASAP Automated Enrollment SQL注入漏洞

CASAP Automated Enrollment is an automated enrollment system for the CASAP organization. The goal of this project is to provide CASAP with an automated enrollment system to streamline the school's processes and make them more effective, efficient and easily retrievable. SourceCodester Alumni...

Vulnerabilities fixed in Kaseya Virtual System Administrator (VSA)

Vulnerabilities have been fixed in Kaseya VSA. The vulnerabilities allow a malicious party to launch attacks that lead to the following categories of damage: Cross-Site Scripting XSS. Bypassing authentication Remote code execution Administrator/Root rights SQL Injection Access to sensitive data...

Metinfo MetInfo SQL注入漏洞

Metinfo MetInfo is a content management system CMS developed by China Metinfo using PHP and Mysql. A SQL injection vulnerability exists in MetInfo, which originates from the product's admin/?n=language&c=languageweb&a=doAddLanguage does not securely validate user input data, and can be exploited ...

CVE-2021-29730

IBM InfoSphere Information Server 11.7 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 201164...

Metinfo MetInfo SQL注入漏洞

Metinfo is a content management system CMS developed using PHP and Mysql by China's Mito Metinfo. A SQL injection vulnerability exists in Metinfo 7.0, which can be exploited by attackers to access sensitive database information...

CVE-2020-4902

IBM Datacap Taskmaster Capture IBM Datacap Navigator 9.1.7 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 191045...

PHPGurukul Hospital Management System SQL注入漏洞

PHPGurukul Hospital Management System is a web application for hospitals to manage doctors and patients. A SQL injection vulnerability exists in \hms\change-emaild.php in PHPGurukul Hospital Management System version 4.0. An attacker can exploit this vulnerability to obtain sensitive information...

PT-2021-10735 · Unknown · Phpgurukul Hospital Management System

Name of the Vulnerable Software and Affected Versions: PHPGurukul Hospital Management System version 4.0 Description: The issue concerns a SQL injection vulnerability located in the hmsget doctor.php file. This vulnerability can be exploited by remote unauthenticated users to obtain sensitive...

ECShop SQL注入漏洞

ECShop is a professional e-commerce mall system. A SQL injection vulnerability exists in ECShop version 3.0. An attacker can exploit this vulnerability by using the aid parameter of admin/affiliateck.php to conduct SQL injection attacks...

CVE-2021-33668

Due to improper input sanitization, specially crafted LDAP queries can be injected by an unauthenticated user. This could partially impact the confidentiality of the application...

CVE-2020-25362

The id paramater in Online Shopping Alphaware 1.0 has been discovered to be vulnerable to an Error-Based blind SQL injection in the /alphaware/details.php path. This allows an attacker to retrieve all databases...

WordPress 插件SQL注入漏洞

WordPress Plugin is an open source application plugin for WordPress. WP Statistics suffers from a SQL injection vulnerability that can be exploited by attackers to obtain sensitive information about a database...

PT-2021-3413

Name of the Vulnerable Software and Affected Versions Spam protection, AntiSpam, FireWall by CleanTalk WordPress Plugin versions prior to 5.153.4 Description The issue is related to the update log function in the lib/Cleantalk/ApbctWP/Firewall/SFW.php module, which does not properly protect the S...

CVE-2020-27232

An exploitable SQL injection vulnerability exists in ‘manageServiceStocks.jsp’ page of OpenClinic GA 5.173.3. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability...