Kelixun Communication Command and Dispatch Management Platform Security Vulnerability

Kelixun Communication Command and Dispatch Management Platform Kelixun is a communication command and dispatch management platform from Kelixun, China. A security vulnerability exists in Kelixun Communication Command and Dispatch Management Platform version 7.6.6.439 and prior versions, which...

AMTT HiBOS Security Vulnerability

AMTT HiBOS is a hotel broadband operating system from AmTech Century AMTT, China. A security vulnerability exists in AMTT HiBOS version v3.0.3.151204, which originates from the presence of a SQL injection vulnerability...

PT-2024-37625 · Unknown · Hitout Carsale

Name of the Vulnerable Software and Affected Versions: Hitout Carsale version 1.0 Description: A critical issue has been discovered, affecting the OrderController.java file. The manipulation of the orderBy argument leads to SQL injection. This issue can be exploited remotely. Recommendations: For...

PT-2024-37575 · Bethesda · Bethesda Online Reservation System

Name of the Vulnerable Software and Affected Versions: Bethesda Online Reservation System version 1.0 Description: A critical issue has been found in the Bethesda Online Reservation System, affecting some unknown functionality of the file controller.php. The manipulation of the rmtype id argument...

PT-2024-6878 · Centreon · Centreon

Name of the Vulnerable Software and Affected Versions: Centreon version 24.04.2 Description: A SQL injection vulnerability allows a remote high-privileged attacker to execute arbitrary SQL commands via create user form inputs. This issue is related to the lack of protection of the SQL query...

PT-2024-37459 · Sourcecodester · Sourcecodester Food Ordering Management System

Name of the Vulnerable Software and Affected Versions: SourceCodester Food Ordering Management System version 1.0 Description: A critical vulnerability was found in the SourceCodester Food Ordering Management System. The issue affects an unknown functionality of the file user-router.php. The...

CVE-2024-6043

A vulnerability classified as critical has been found in SourceCodester Best House Rental Management System 1.0. This affects the function login of the file adminclass.php. The manipulation of the argument username leads to sql injection. It is possible to initiate the attack remotely. The exploi...

Music Class Enrollment System SQL Injection Vulnerability

Music Class Enrollment System is a music class enrollment system by Carlo Montero Personal Developer. A SQL injection vulnerability exists in Music Class Enrollment System version 1.0, which stems from a manipulation of the parameter id that can lead to SQL injection...

PHP Event Calendar SQL Injection Vulnerability

PHP Event Calendar is open source a multi-user modern event calendar based on AJAX. It is easy to integrate and fully customizable. A SQL injection vulnerability exists in PHP Event Calendar version 1.0, which stems from a security issue in the regConfirm/regDelete function of process.php, which...

Online Book Store SQL Injection Vulnerability

Online Book Store is an online bookstore by the individual developer Arvin Arandilla. The SQL injection vulnerability exists in itsourcecode Online Book Store version 1.0, which stems from admindelete.php containing unknown processing that leads to SQL injection via the parameter bookisbn...

PT-2024-37311 · Unknown · Itsourcecode Online Bookstore

Name of the Vulnerable Software and Affected Versions: itsourcecode Online Book Store versions up to 1.0 Description: A critical issue was found in the itsourcecode Online Book Store, where an unknown function of the file /edit book.php is affected. The manipulation of the image argument leads to...

Online Bookstore SQL Injection Vulnerability

Online Book Store is an online bookstore by Arvin Arandilla, a personal developer. A SQL injection vulnerability exists in Online Bookstore version 1.0, which is caused by book.php containing an unknown function that causes SQL injection via the parameter bookisbn...

Guangdong Baolun Electronics IP Network Broadcasting Service Platform SQL Injection Vulnerability

Guangdong Baolun Electronics IP Network Broadcasting Service Platform is an electronic IP network broadcasting service platform of Guangdong Baolun Electronics, China. A SQL injection vulnerability exists in the Guangdong Baolun Electronics IP Network Broadcasting Service Platform version 2.0,...

PT-2024-29406 · WordPress · Search & Replace

Name of the Vulnerable Software and Affected Versions: Search & Replace WordPress plugin versions prior to 3.2.2 Description: The issue allows admins to perform SQL injection attacks due to a parameter not being sanitized and escaped before use in a SQL statement. This can be particularly...

CVE-2024-3549

The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to SQL Injection via the 'b2sSortPostType' parameter in all versions up to, and including, 7.4.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQ...

PT-2024-4154 · Fortinet · Fortiportal

Name of the Vulnerable Software and Affected Versions: Fortinet FortiPortal versions 7.0.0 through 7.0.6 Fortinet FortiPortal version 7.2.0 Description: The issue is related to the improper neutralization of special elements used in an SQL command, also known as SQL injection, in Fortinet...

WordPress plugin Visualizer SQL Injection Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection...

PT-2024-8590

Name of the Vulnerable Software and Affected Versions Ivanti Endpoint Manager versions prior to 2024 November Security Update Ivanti Endpoint Manager versions prior to 2022 SU6 November Security Update Description The issue is related to SQL injection in Ivanti Endpoint Manager, which allows a...

The vulnerability of the GetDBPatchProducts function in the endpoint management software Ivanti EPM 2022 SU5 allows a hacker to execute arbitrary code.

The vulnerability of the GetDBPatchProducts function in the Ivanti EPM 2022 SU5 endpoint management software exists due to the lack of measures taken to neutralize special elements used in the operating system command. Exploiting this vulnerability allows a malicious actor to execute arbitrary co...

Ivanti EPM SQL注入漏洞

Ivanti EPM is a one-stop shop for managing user profiles and all client devices from Ivanti USA. An SQL injection vulnerability exists in Ivanti EPM 2022 SU5 and prior versions, which can be exploited by an attacker to execute arbitrary code...