Vulnerabilities fixed in SAP products

Vulnerabilities have been fixed in several SAP products. The vulnerabilities allow a malicious person to carry out attacks execute attacks that result in the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Bypassing authentication Bypassing security measure SQL...

KB Affiliate Referral Script SQL注入漏洞

KB Affiliate Referral Script is a 3-tier referral system by Kunal Bansal Personal Developer. A security vulnerability exists in KB Affiliate Referral Script version 1.0, which can be exploited to cause a sql injection by typing the username/password parameters into the /index.php file. The attack...

Agile Point SQL注入漏洞

Agile Point is Agile Point's solution for automating business processes and workflows and building custom applications, portals and SaaS solutions. Agile Point suffers from a SQL injection vulnerability. The vulnerability stems from the lack of validation of the EncodedData parameter in the...

Advantech iView SQL注入漏洞

Advantech iView, a software based on Simple Network Protocol SNMP for managing B B SmartWorx devices from Advantech, China, is vulnerable to a SQL injection vulnerability in versions prior to Advantech iView 5.7.04.6469, which results from the use of special elements in SQL commands that are not...

CVE-2022-32391

Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the 'id' parameter at /pms/admin/actions/viewaction.php:4...

CVE-2019-12352

An issue was discovered in zzcms 2019. There is a SQL injection Vulnerability in /dl/dlsendmail.php when the attacker has dlsprint authority via a dlid cookie...

CVE-2019-12357

An issue was discovered in zzcms 2019. There is a SQL injection Vulnerability in /admin/deluser.php when the attacker has admin authority via the id parameter...

Online Ordering System SQL注入漏洞

Online Ordering System is a multi-store ordering system that can be used by any small business.An SQL injection vulnerability exists in Online Ordering System version v2.3.2, which originates from /ordering/admin/inventory/index.php?view=edit & id=Lack of validation of external input SQL statemen...

Rescue Dispatch Management System SQL注入漏洞

Rescue Dispatch Management System is a rescue dispatch management system from Carlo Montero's personal developer. rescue dispatch management system version 1.0 is vulnerable to SQL injection, which can be exploited by attackers to perform sql injection and steal data...

NOKIA VitalSuite SPM SQL注入漏洞

NOKIA VitalSuite SPM is a multi-vendor, multi-application performance management solution from Nokia Finland. A security vulnerability exists in NOKIA VitalSuite SPM version 2020. An attacker exploited the vulnerability to perform SQL injection via UserName...

Directory Management System SQL注入漏洞

Directory Management System is a directory management system by Anuj Kumar, a personal developer. A security vulnerability exists in Directory Management System v1.0, which can be exploited to perform an SQL injection attack via the editid parameter in view-directory.php...

CVE-2022-32302

Theme Park Ticketing System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at editticket.php...

IBM Financial Transaction Manager for Digital Payments SQL注入漏洞

IBM Financial Transaction Manager for Digital Payments is a financial transaction manager from IBM Corporation in the United States. IBM Financial Transaction Manager for Digital Payments for Multi-Platform versions 3.2.0 through 3.2.9 are vulnerable to SQL injection, which can be exploited by...

CVE-2022-32346

Hospital's Patient Records Management System v1.0 is vulnerable to SQL Injection via /hprms/admin/rooms/viewroom.php?id=...

CVE-2021-40961

CMS Made Simple =2.2.15 is affected by SQL injection in modules/News/function.adminarticlestab.php. The $sortby variable is concatenated with $query1, but it is possible to inject arbitrary SQL language without using the '...

GLPI SQL注入漏洞

GLPI is an IT and asset management software. The software provides a full-featured IT resource management interface that can be used to create a database to fully manage IT computers, monitors, servers, printers, network devices, phones, and even toner cartridges and ink cartridges, etc. A SQL...

SevOne Network Management System SQL注入漏洞

SevOne Network Management System is the most comprehensive, scalable and application-centric network performance monitoring system for modern NetOps from SevOne, Inc. inclusive versions contain a SQL injection vulnerability that can be exploited by remote attackers to compromise alert summaries...

CVE-2022-32017

Complete Online Job Search System v1.0 is vulnerable to SQL Injection via /eris/index.php?q=result&searchfor=bytitle...

CVE-2022-32010

Complete Online Job Search System v1.0 is vulnerable to SQL Injection via /eris/admin/user/index.php?view=edit&id=...

CVE-2022-32002

Badminton Center Management System v1.0 is vulnerable to SQL Injection via /bcms/admin/courts/managecourt.php?id=...