WordPress plugin WP Simple Pay Lite Manager SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection...

Online Nurse Hiring System 安全漏洞

PHPGurukul Online Nurse Hiring System is an online nurse hiring system from PHPGurukul. A security vulnerability exists in Online Nurse Hiring System version v1.0, which stems from an SQL injection vulnerability found in the component /admin/profile.php via the fullname parameter...

WordPress Service plugin <= 1.0.4 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Mika Patchstack Alliance in WordPress Plugin Service versions = 1.0.4...

WordPress Share Buttons – Social Media plugin <= 1.0.2 - SQL Injection vulnerability

SQL Injection vulnerability discovered by LVT-tholv2k Patchstack Alliance in WordPress Plugin Share Buttons – Social Media versions = 1.0.2...

CVE-2024-54811

A SQL injection vulnerability in /index.php in PHPGurukul Park Ticketing Management System v1.0 allows an attacker to execute arbitrary SQL commands via the "login" parameter...

Code-Projects Online Class and Exam Scheduling System 安全漏洞

Code-Projects Online Class and Exam Scheduling System is an online class and exam scheduling system from Code-Projects, Inc. A security vulnerability exists in Code-Projects Online Class and Exam Scheduling System version 1.0, which stems from a parameter id in the file /pages/subjectupdate.php...

Image Access Scan2Net 安全漏洞

Image Access Scan2Net is a scanning software from Image Access Germany. A security vulnerability exists in Image Access Scan2Net versions 7.40 and earlier, 7.42 and earlier, and 7.42B and earlier, which originates from an authenticated attacker who can perform SQL injection by accessing the...

Dell Avamar SQL注入漏洞

Dell Avamar is a purpose-built backup application from Dell, Inc. It is designed to provide a conveniently sized, turnkey, affordable, deduplicated backup solution. Dell Avamar suffers from a SQL injection vulnerability that arises from an improper neutralization of special elements used in SQL...

Ivanti CSA 安全漏洞

Ivanti CSA is a locally deployed virtual appliance from Ivanti that is designed to simplify the integration of IT service management with cloud services and support automated processes to improve operational efficiency. Ivanti CSA suffers from a SQL injection vulnerability that can be exploited b...

VulnCheck KEV: CVE-2024-35286

A vulnerability in NuPoint Messenger NPM of Mitel MiCollab through 9.8.0.33 allows an unauthenticated attacker to conduct a SQL injection attack due to insufficient sanitization of user input. A successful exploit could allow an attacker to access sensitive information and execute arbitrary...

CVE-2024-54928

kashipara E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/deleteteacher.php,...

CVE-2022-38947

SQL Injection vulnerability in Flipkart-Clone-PHP version 1.0 in entry.php in producttitle parameter, allows attackers to execute arbitrary code...

Kashipara E-learning Management System 安全漏洞

Kashipara E-learning Management System is a learning management system from Kashipara. A security vulnerability exists in Kashipara E-learning Management System v1.0. An attacker can exploit the vulnerability to access the database by executing arbitrary SQL commands via the username, firstname,...

Apache Superset SQL注入漏洞

Apache Superset is a data visualization and data exploration platform from the Apache USA Foundation. An SQL injection vulnerability exists in Apache Superset versions prior to 4.1.0, which stems from improper neutralization of special elements in SQL commands, where specific engine functions are...

WordPress Beautiful Taxonomy Filters plugin <= 2.4.3 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Frissi0n in WordPress Plugin Beautiful Taxonomy Filters versions = 2.4.3...

PYSEC-2024-157

An issue was discovered in Django 5.1 before 5.1.4, 5.0 before 5.0.10, and 4.2 before 4.2.17. Direct usage of the django.db.models.fields.json.HasKey lookup, when an Oracle database is used, is subject to SQL injection if untrusted data is used as an lhs value. Applications that use the...

QNAP Systems SMB 安全漏洞

QNAP Systems SMB is a network file sharing protocol from China-based QNAP Systems. A security vulnerability exists in QNAP Systems SMB that stems from the inclusion of a SQL injection vulnerability...

The vulnerability of the module for creating multifunctional library portals “J-İRBIIS 2.0” of the SAB IRBIS platform allows a hacker to execute arbitrary SQL code.

The vulnerability of the module for creating multifunctional library portals “J-IRBIS 2.0” of the SAB IRBIS platform is related to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL code by sending a...

1000 Projects Library Management System 安全漏洞

1000 Projects Library Management System is an open source library management system from 1000 Projects. A security vulnerability exists in 1000 Projects Library Management System version 1.0 due to a SQL injection in parameter q. The vulnerability is caused by the presence of a parameter q in the...

UBUNTU-CVE-2024-53908

An issue was discovered in Django 5.1 before 5.1.4, 5.0 before 5.0.10, and 4.2 before 4.2.17. Direct usage of the django.db.models.fields.json.HasKey lookup, when an Oracle database is used, is subject to SQL injection if untrusted data is used as an lhs value. Applications that use the...