CVE-2023-0964

A vulnerability classified as critical has been found in SourceCodester Sales Tracker Management System 1.0. Affected is an unknown function of the file admin/products/viewproduct.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The...

Sequelize SQL注入漏洞

Sequelize is a database ORM Object Relational Mapping tool for Node.js. A security vulnerability exists in Sequelize versions prior to 6.19.1, which stems from an SQL injection vulnerability due to not properly escaping parameters...

CVE-2023-26093

Liima before 1.17.28 allows Hibernate query language HQL injection, related to colToSort in the deployment filter...

PT-2023-10008 · Oclc · Oclc-Research Oaicat

Name of the Vulnerable Software and Affected Versions: OCLC-Research OAICat version 1.5.61 Description: A critical issue affects some unknown processing, leading to sql injection. The attack may be initiated remotely. Recommendations: For OCLC-Research OAICat version 1.5.61, upgrade to version...

CVE-2023-0883

A vulnerability has been found in SourceCodester Online Pizza Ordering System 1.0 and classified as critical. This vulnerability affects unknown code of the file /php-opos/index.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has...

Canteen Management System SQL注入漏洞

Canteen Management System is a cafeteria management system by Mayuri K. Individual developer. A security vulnerability exists in Canteen Management System version 1.0, which stems from an SQL injection vulnerability...

SUSE CVE-2008-1149

phpMyAdmin before 2.11.5 accesses $REQUEST to obtain some parameters instead of $GET and $POST, which allows attackers in the same domain to override certain variables and conduct SQL injection and Cross-Site Request Forgery CSRF attacks by using crafted cookies...

SUSE CVE-2009-3125

SQL injection vulnerability in the Bug.search WebService function in Bugzilla 3.3.2 through 3.4.1, and 3.5, allows remote attackers to execute arbitrary SQL commands via unspecified parameters...

PT-2023-13661 · Ehoney · Ehoney

Name of the Vulnerable Software and Affected Versions: Ehoney version 2.0.0 Description: The issue allows attackers to execute arbitrary code due to a SQL Injection vulnerability in models/protocol.go and models/images.go. Recommendations: For Ehoney version 2.0.0, consider restricting access to...

ownCloud SQL注入漏洞

ownCloud is a set of personal cloud storage solutions from the US-based company ownCloud. A security vulnerability exists in ownCloud Android version 2.21.1. An attacker exploited the vulnerability to disclose sensitive information...

PT-2023-2060 · Apache · Apache Fineract

Name of the Vulnerable Software and Affected Versions: Apache Fineract versions 1.4 through 1.8.2 Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This could allow authorized users to change or add data ...

Gimmie vBulletin SQL注入漏洞

Gimmie vBulletin is a Gimmie open source forum plugin . Gimmie vBulletin 1.2.2 version of the SQL injection vulnerability , the vulnerability stems from the file triggerreferral.php unknown handling problems , the operation of the parameter referrername will lead to sql injection...

jocms SQL注入漏洞

jocms is an easy to edit simple CMS for mxgbr individual developers. A security vulnerability exists in jocms version 0.8, which is caused by SQL injection, and can be exploited by remote attackers to run arbitrary SQL commands and view sensitive information via the jodeletemask function in...

Easyone CRM SQL注入漏洞

Easyone CRM is a customer relationship management system from Easyone. Manage your business relationships and access your data, from sales to marketing, wherever you are, directly from your management. A security vulnerability exists in Easyone CRM version v5.50.02, which stems from a SQL injecti...

Forget Heart Message Box SQL注入漏洞

Forget Heart Message Box is a messaging website. v1.1 of Forget Heart Message Box is vulnerable to SQL injection, which stems from a lack of validation of external input SQL statements in the name parameter of ca.php. An attacker could use this vulnerability to execute illegal SQL commands to ste...

Bangresto SQL注入漏洞

Bangresto is a restaurant source code POS by the individual developer Mesin Kasir. A security vulnerability exists in Bangresto version 1.0 that stems from the presence of SQL injection via the itemID parameter...

CVE-2020-21152

SQL Injection vulnerability in inxedu 2.0.6 allows attackers to execute arbitrary commands via the functionIds parameter to /saverolefunction...

CVE-2023-20010

A vulnerability in the web-based management interface of Cisco Unified Communications Manager Unified CM and Cisco Unified Communications Manager Session Management Edition Unified CM SME could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. This...

Mangboard SQL注入漏洞

Mangboard is an e-commerce website of the South Korean company Mangboard. A SQL injection vulnerability exists in Mangboard versions prior to 2.0.4. The vulnerability stems from an unchecked input value, which is an SQL injection vulnerability that can be exploited by an attacker to execute...

Hospital Management System SQL注入漏洞

Hospital Management System HMS is a computerized system that helps manage healthcare-related information and helps healthcare providers do their jobs efficiently. A SQL injection vulnerability exists in Hospital Management System. An attacker could exploit this vulnerability to execute arbitrary...