2787 matches found
E-Commerce Website SQL Injection Vulnerability
E-Commerce Website is an e-commerce website. A SQL injection vulnerability exists in E-Commerce Website version 1.0, which stems from the presence of SQL injection...
Osclass Security Vulnerabilities
Osclass is an open source content management system CMS based on PHP and MySQL for creating and managing classified ads websites. A security vulnerability exists in Osclass version 5.1.2, which stems from vulnerability to SQL injection attacks...
WordPress Plugin MoveTo SQL Injection Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. WordPress Plugin MoveTo suffers from a SQL...
PT-2024-21193 · Miniorange · Miniorange Malware Scanner
Name of the Vulnerable Software and Affected Versions: miniorange Malware Scanner versions through 4.7.2 Description: The issue is related to an Improper Neutralization of Special Elements used in an SQL Command, also known as 'SQL Injection'. This allows for potential exploitation by injecting...
PT-2024-18104 · WordPress · Wp Ecommerce
Name of the Vulnerable Software and Affected Versions: WP eCommerce plugin for WordPress versions up to, and including, 3.15.1 Description: The issue is related to time-based blind SQL Injection via the cart contents parameter due to insufficient escaping on the user-supplied parameter and lack o...
CVE-2024-24095
Code-projects Simple Stock System 1.0 is vulnerable to SQL Injection...
Inventory Management System SQL Injection Vulnerability
Inventory Management System is an inventory management system by stemword individual developers. A SQL injection vulnerability exists in Free and Open Source Inventory Management System version 1.0, which stems from an incorrect operation of the parameter customer that can lead to an SQL injectio...
Simple Student Attendance System SQL Injection Vulnerability
Simple Student Attendance System is a simple student attendance system. A SQL injection vulnerability exists in Simple Student Attendance System version 1.0, which stems from an incorrect manipulation of the parameter id that can lead to sql injection...
Nagios XI SQL Injection Vulnerability
Nagios XI is a suite of IT infrastructure monitoring solutions from the US-based Nagios. The solution supports monitoring and alerting of applications, services, operating systems, and more. Nagios XI version 2024R1.01 suffers from a SQL injection vulnerability that originates from allowing remot...
PT-2024-18303 · Limbas · Limbas
Name of the Vulnerable Software and Affected Versions: Limbas version 5.2.14 Description: A vulnerability was found in an unknown functionality of the file main admin.php. The manipulation of the tab group argument leads to sql injection. The complexity of an attack is rather high, and the...
PT-2024-18116 · Ecshop · Ecshop
Name of the Vulnerable Software and Affected Versions: ECshop version 4.1.8 Description: A critical issue has been found in ECshop, affecting some unknown functionality of the file /admin/view sendlist.php. This issue leads to sql injection and can be exploited remotely. The exploit has been...
Dell EMC Secure Connect Gateway SQL注入漏洞
The Dell Secure Connect Gateway Application is a secure connectivity gateway from Dell, USA. The Dell Secure Connect Gateway Application suffers from a SQL injection vulnerability that can be exploited by an attacker to inject malicious content into the filters of the Collection Rest API, resulti...
PT-2024-20820 · Unknown · Simple Expense Tracker
Name of the Vulnerable Software and Affected Versions: Simple Expense Tracker version 1.0 Description: The issue is related to a SQL injection vulnerability. This vulnerability can be exploited via the expense parameter at the "/endpoint/delete expense.php" API endpoint. Recommendations: For Simp...
Cinema Seat Reservation System SQL Injection Vulnerability
Cinema Seat Reservation System is a Code-projects open source movie theater seat reservation system . Cinema Seat Reservation System version 1.0 has a SQL injection vulnerability , the vulnerability stems from allowing SQL injection via the id parameter in Cinema-Reservation/booking.php...
Daily Habit Tracker SQL Injection Vulnerability
Daily Habit Tracker is a daily habit tracker by rems personal developer. Daily Habit Tracker version v.1.0 suffers from a SQL injection vulnerability that stems from the presence of a SQL injection vulnerability that allows remote attackers to execute arbitrary code via a crafted GET request...
Novel-Plus Security Vulnerability
Novel-Plus is an online social reading and writing platform from Novel-Plus, Inc. A security vulnerability exists in Novel-Plus version v4.3.0-RC1 and earlier versions. An attacker can exploit the vulnerability to pass specially crafted offset, limit, and sort parameters to perform a SQL injectio...
PT-2024-20227 · Jsherp · Jsherp
Name of the Vulnerable Software and Affected Versions: jshERP version 3.3 Description: The issue allows an attacker to construct a malicious payload to bypass the protection mechanism of jshERP via the com.jsh.erp.controller.DepotHeadController and the findallocationDetail function of...
PT-2024-16405 · Unknown · Html5 Video Player
Name of the Vulnerable Software and Affected Versions: HTML5 Video Player version 2.5.25 Description: The issue is an unauthenticated SQL injection vulnerability. It affects the id parameter in the get view function. Recommendations: For version 2.5.25, update to version 2.5.25 or later to resolv...
PYSEC-2024-12
LlamaIndex aka llamaindex through 0.9.34 allows SQL injection via the Text-to-SQL feature in NLSQLTableQueryEngine, SQLTableRetrieverQueryEngine, NLSQLRetriever, RetrieverQueryEngine, and PGVectorSQLQueryEngine. For example, an attacker might be able to delete this year's student records via "Dro...
ForU CMS SQL注入漏洞
ForU CMS is ForU open source a website building system . ForU CMS 2020-06-23 and earlier versions suffer from a SQL injection vulnerability that can be exploited by attackers to obtain sensitive database data...