CVE-2021-46308

An SQL Injection vulnerability exists in Sourcecodester Online Railway Reservation Sysytem 1.0 via the sid parameter...

kabirkhyrul Hospital Managment System SQL注入漏洞

Hospital Managment System HMS is a computer or web-based system that helps manage the operations of a hospital or any medical facility.Hospital Managment System is vulnerable to a SQL injection vulnerability that stems from a database based application that lacks validation of externally entered...

Sourcecodester Online Railway Reservation system SQL注入漏洞

SourceCodester Online Railway Reservation system is a web-based application that provides an online platform for rail or train station passengers or potential passengers to browse their schedules and reserve seats. sourceCodester Online Railway Reservation system is vulnerable to a SQL injection...

kabirkhyrul Hospital Managment System SQL注入漏洞

Hospital Managment System HMS is a computer or web-based system that helps manage the operations of a hospital or any medical facility.Hospital Managment System is vulnerable to SQL injection, which can be exploited by attackers to execute illegal SQL commands...

MingSoft Mcms SQL注入漏洞

Mcms is a complete open source J2ee system from China MingFei MingSoft. mcms v5.2.4 version has a SQL injection vulnerability, which originates in /ms/mdiy/model/importJson.do for the lack of filtering and escaping of SQL data. No detailed vulnerability details are available at this time...

code-projects Pharmacy Management SQL注入漏洞

code-projects Pharmacy Management is a pharmacy management system. A SQL injection vulnerability exists in code-projects Pharmacy Management because the username parameter in the product administrator login form does not effectively filter special characters in the input data. The vulnerability c...

Mitsubishi Electric MC Works64 缓冲区错误漏洞

Mitsubishi Electric MC Works64 is a data acquisition and monitoring system SCADA from Mitsubishi Electric Japan. A security vulnerability exists in Mitsubishi Electric MC Works64 that stems from a coding error in the SQL query engine memory allocation code that makes it possible to execute a seri...

xml-security: XPath Transform abuse allows for information disclosure

All versions of Apache Santuario - XML Security for Java prior to 2.2.3 and 2.1.7 are vulnerable to an issue where the "secureValidation" property is not passed correctly when creating a KeyInfo from a KeyInfoReference element. This allows an attacker to abuse an XPath Transform to extract any...

CVE-2022-0258

pimcore is vulnerable to Improper Neutralization of Special Elements used in an SQL Command...

CVE-2022-0224

dolibarr is vulnerable to Improper Neutralization of Special Elements used in an SQL Command...

UBUNTU-CVE-2022-0224

dolibarr is vulnerable to Improper Neutralization of Special Elements used in an SQL Command...

CVE-2021-43971

A SQL injection vulnerability in /mobile/SelectUsers.jsp in SysAid ITIL 20.4.74 b10 allows a remote authenticated attacker to execute arbitrary SQL commands via the filterText parameter...

CVE-2021-25054

The WPcalc WordPress plugin through 2.1 does not sanitize user input into the 'did' parameter and uses it in a SQL statement, leading to an authenticated SQL Injection vulnerability...

WordPress plugin SQL注入漏洞

WordPress is the WordPress Foundation's set of blogging platforms developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress has a SQL injection vulnerability in versions prior to 5.8.3, which stems from the lack of validation of externally...

The vulnerability of the makeSafe function in the Attendance Management System allows a violator to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the makeSafe function in the Attendance Management System’s software lies in the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to compromise the confidentiality, integrity, and accessibility of the protected...

WordPress plugin SQL注入漏洞

WordPress is a blogging platform developed by the Wordpress Foundation using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers.The WordPress Download Monitor Plugin has a SQL injection vulnerability in versions prior to 4.4.5, which stems from the use...

WordPress plugin Events Made Easy SQL注入漏洞

WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. A SQL injection vulnerability exists in the WordPress plugin Events Made Easy. The vulnerability stems from the program not properly filtering and...

CVE-2021-44161

Changing MOTP Mobile One Time Password system’s specific function parameter has insufficient validation for user input. A attacker in local area network can perform SQL injection attack to read, modify or delete backend database without authentication...

CVE-2021-45814

Nettmp NNT 5.1 is affected by a SQL injection vulnerability. An attacker can bypass authentication and access the panel with an administrative account...

The vulnerability of the “description_filter” parameter in the group_list component of the Advantech R-SeeNet monitoring software for routers, related to incorrect validation of input data, allows a hacker to execute arbitrary SQL queries.

The vulnerability of the “descriptionfilter” parameter in the grouplist component of the Advantech R-SeeNet monitoring software for routers is related to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL...