CVE-2024-46905

In WhatsUp Gold versions released before 2024.0.1, a SQL Injection vulnerability allows an authenticated lower-privileged user at least Network Manager permissions required to achieve privilege escalation to the admin account...

PT-2024-17399 · Unknown · Code-Projects Farmacia

Name of the Vulnerable Software and Affected Versions: code-projects Farmacia version 1.0 Description: A critical issue was found in the /visualizar-produto.php file, affecting an unknown part of it. The manipulation of the id argument leads to SQL injection. It is possible to initiate the attack...

PHPGurukul Complaint Management System 注入漏洞

PHPGurukul Complaint Management System is a complaint management system from PHPGurukul. An injection vulnerability exists in version 1.0 of the PHPGurukul Complaint Management System, which originates in the /admin/reset-password.php file with the parameter email for SQL injection...

PHPGurukul Complaint Management System 注入漏洞

PHPGurukul Complaint Management System is a complaint management system from PHPGurukul. An injection vulnerability exists in PHPGurukul Complaint Management System version 1.0, which stems from the parameter emailid in the file /user/index.php that can cause SQL injection...

WordPress plugin Distance Based Shipping Calculator SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A SQL injection vulnerability exists in the...

CVE-2024-9828

The Taskbuilder WordPress plugin before 3.0.5 does not sanitize user input into the 'loadorders' parameter and uses it in a SQL statement, allowing high privilege users such as admin to perform SQL Injection attacks...

Teknogis Informatics Closed Circuit Vehicle Tracking Software SQL注入漏洞

Teknogis Informatics Closed Circuit Vehicle Tracking Software is a closed circuit vehicle tracking software from Teknogis Informatics. Teknogis Informatics Closed Circuit Vehicle Tracking Software version 21.11.2024 and prior versions suffer from a SQL injection vulnerability that stems from...

WordPress plugin Post Ideas 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...

SourceCodester Sentiment Based Movie Rating System 安全漏洞

SourceCodester Sentiment Based Movie Rating System is an open source movie rating system from SourceCodester. A security vulnerability exists in SourceCodester Sentiment Based Movie Rating System version 1.0, which stems from vulnerability to SQL injection attacks...

Weaver e-cology 安全漏洞

Weaver e-cology is a collaborative management application platform from China's Weaver. A security vulnerability exists in Weaver e-cology v9, which is prone to SQL injection attacks...

CVE-2021-1481 Cisco SD-WAN vManage Cypher Query Language Injection Vulnerability

A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct Cypher query language injection attacks on an affected system. This vulnerability is due to insufficient input validation by the web-based management...

PT-2024-16852 · Zzcms · Zzcms

Name of the Vulnerable Software and Affected Versions: ZZCMS version 2023 Description: A critical issue affects some unknown functionality of the file /admin/ad list.php?action=pass of the component Keyword Filtering. The manipulation of the keyword argument leads to SQL injection. The attack may...

Ivanti Endpoint Manager SQL Injection Vulnerability (CNVD-2025-18160)

Ivanti Endpoint Manager is a comprehensive endpoint management solution developed by Ivanti to manage all endpoint devices in an enterprise network. A SQL injection vulnerability exists in Ivanti Endpoint Manager. An attacker could exploit this vulnerability to remotely execute code...

Kashipara E-learning Management System 安全漏洞

Kashipara E-learning Management System is a learning management system from Kashipara. A security vulnerability exists in Kashipara E-learning Management System version 1.0, which is caused by SQL injection of the parameters username and password...

Kashipara E-learning Management System 安全漏洞

Kashipara E-learning Management System is a learning management system from Kashipara. A security vulnerability exists in KASHIPARA E-learning Management System Project version 1.0, which originates from SQL injection of the parameters username and password...

Kashipara E-learning Management System 安全漏洞

Kashipara E-learning Management System is a learning management system from Kashipara. A security vulnerability exists in Kashipara E-learning Management System version 1.0, which is caused by an SQL injection in the parameter classname...

baltic-it TOPqw Webportal 安全漏洞

baltic-it TOPqw Webportal is a web application developed by a social service provider of the German company baltic-it. It can be used to publicly view information about various facilities. A security vulnerability exists in baltic-it TOPqw Webportal version 1.35.287.1, which stems from a SQL...

Ivanti Endpoint Manager SQL注入漏洞

Ivanti Endpoint Manager is a comprehensive endpoint management solution developed by Ivanti to manage all endpoint devices in an enterprise network. A SQL injection vulnerability exists in Ivanti Endpoint Manager. An attacker could exploit this vulnerability to remotely execute code...

1000 Projects Beauty Parlour Management System 注入漏洞

1000 Projects Beauty Parlour Management System is an open source beauty parlor management system from 1000 Projects. An injection vulnerability exists in 1000 Projects Beauty Parlour Management System version 1.0, which stems from an incorrect manipulation of the parameter name that can lead to S...

PT-2024-30573 · Unknown · Decidim Awesome-Module

Name of the Vulnerable Software and Affected Versions: decidim awesome-module versions 0.9.0 through 0.11.1 Description: An improper neutralization of special elements used in an SQL command in the papertrail/version-model of the decidim awesome-module allows an authenticated admin user to...