Online Tours & Travels Management System SQL注入漏洞

Online Tours & Travels Management System is an online travel management system developed by Mayuri K. A SQL injection vulnerability exists in Online Tours & Travels Management System v1.0, which originates from /admin/update The id parameter of traveller.php lacks validation for external input SQ...

Online Tours & Travels Management System SQL注入漏洞

Online Tours ＆ Travels Management System is an online travel management system by Mayuri K Personal Developer. A SQL injection vulnerability exists in Online Tours & Travels Management System version v1.0 due to a lack of validation of externally-entered SQL statements in the id parameter of its...

Online Tours & Travels Management System SQL注入漏洞

Online Tours & Travels Management System is an online travel management system by Mayuri K. Personal developer. A SQL injection vulnerability exists in Online Tours & Travels Management System v1.0, which originates from a lack of validation of externally entered SQL statements in the id paramete...

WordPress plugin Zephyr Project Manager SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...

School Activity Updates with SMS Notification SQL注入漏洞

School Activity Updates with SMS Notification is an online activity update with SMS notification from janobe Personal Developer. It is used to ensure that every student receives an SMS notification every time there is a school activity. A SQL injection vulnerability exists in School Activity...

CVE-2022-38637

Hospital Management System v1.0 was discovered to contain multiple SQL injection vulnerabilities via the Username and Password parameters on the Login page...

CVE-2022-38540

Archery v1.4.0 to v1.8.5 was discovered to contain a SQL injection vulnerability via the ThreadIDs parameter in the createkillsession interface...

Archery SQL注入漏洞

Archery is a set of open source vulnerability assessment and management tools. A security vulnerability exists in Archery versions v1.8.3 through v1.8.5, which stems from the starttime and stoptime parameters in the my2sql interface containing SQL injection vulnerabilities...

Vulnerabilities fixed in Sophos Firewall

Sophos has fixed vulnerabilities in Sophos Firewall. The vulnerabilities potentially enable a malicious party to launch attacks execute attacks leading to the following categories of damage: Cross-Site Scripting XSS. Bypassing authentication Remote code execution Administrator/Root rights Remote...

PT-2022-24494 · Unknown · Hospital Management System

Name of the Vulnerable Software and Affected Versions: Hospital Management System version 1.0 Description: The issue is related to multiple SQL injection vulnerabilities. These vulnerabilities can be exploited via the Username and Password parameters on the Login page, specifically the '/login' A...

CVE-2022-36256

A SQL injection vulnerability in Stocks.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via the parameters such as "productcode"...

InventoryManagementSystem SQL注入漏洞

InventoryManagementSystem is an inventory management system by Sajan Rajbhandari, an individual developer. It provides an easy way to track products, suppliers, customers, and purchasing and sales information. A security vulnerability exists in InventoryManagementSystem version 1.0, which...

Online Leave Management System SQL注入漏洞

Sourcecodester Online Leave Management System is an online leave management system. A security vulnerability exists in Online Leave Management System v1.0, which originates from a SQL injection vulnerability in /maintenance/manageleavetype.php via the id parameter...

Vulnerabilities fixed in Aruba ClearPass Policy Manager

Aruba has fixed vulnerabilities in ClearPass Policy Manager CPPM. The vulnerabilities potentially enable a malicious person to able to perform attacks that result in the following categories of damage: Cross-Site Request Forgery XSRF. Denial-of-Service DoS. Remote code execution Administrator/Roo...

AIVHUB Active Intelligent Visualization 5 SQL注入漏洞

AIVHUB Active Intelligent Visualization is a powerful reporting and data visualization server from AIVHUB India. A security vulnerability exists in AIVHUB Active Intelligent Visualization 5, which stems from the use of uncleaned Vdc headers in SQL queries...

CVE-2022-37185

SQL injection vulnerability exists in the school information query interface repschoolproj.php of the EMS 6.2 system of the Office of the Thai Basic Education Commission, which can lead to data leakage...

CVE-2022-2717

The JoomSport – for Sports: Team & League, Football, Hockey & more plugin for WordPress is vulnerable to SQL Injection via the 'orderby' parameter on the joomsport-events-form page in versions up to, and including, 5.2.5 due to insufficient escaping on the user supplied parameter and lack of...

Clinic’s Patient Management System SQL注入漏洞

Clinic's Patient Management System is a patient management system for Carlo Montero's clinics. A SQL injection vulnerability exists in Clinic's Patient Management System version 1.0 due to unknown functionality in the index.php file of the component Login, where manipulation of the parameter...

Online Food Ordering System SQL注入漏洞

Online Food Ordering System is an online food ordering system. Online Food Ordering System suffers from a SQL injection vulnerability that can be exploited by an attacker to perform SQL injection via the component /dish .php?resid=...

CVE-2022-38118

OAKlouds Portal website’s Meeting Room has insufficient validation for user input. A remote attacker with general user privilege can perform SQL-injection to access, modify, delete database, perform system operations and disrupt service...