CampCodes Online Apartment Visitor Management SQL注入漏洞

CampCodes Online Apartment Visitor Management is an online apartment visitor management system from CampCodes Philippines. CampCodes Online Apartment Visitor Management version 1.0 suffers from a SQL injection vulnerability that stems from an incorrect manipulation of the parameter Username in th...

(0Day) Ivanti Endpoint Manager MP_Report_Run2 SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Endpoint Manager. Authentication is required to exploit this vulnerability. The specific flaw exists within the MPReportRun2 class. The issue results from the lack of proper validation of a...

(0Day) Ivanti Endpoint Manager MP_VistaReport SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Endpoint Manager. Authentication is required to exploit this vulnerability. The specific flaw exists within the MPVistaReport class. The issue results from the lack of proper validation of a...

(0Day) Ivanti Endpoint Manager MP_QueryDetail2 SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Endpoint Manager. Authentication is required to exploit this vulnerability. The specific flaw exists within the MPQueryDetail2 class. The issue results from the lack of proper validation of a...

(0Day) Ivanti Endpoint Manager PatchHistory SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Endpoint Manager. Authentication is required to exploit this vulnerability. The specific flaw exists within the PatchHistory class. The issue results from the lack of proper validation of a...

SourceCodester Hotel and Lodge Management System 安全漏洞

SourceCodester Hotel and Lodge Management System is SourceCodester open source hotel and lodge management system. A security vulnerability exists in SourceCodester Hotel and Lodge Management System version 1.0, which stems from an incorrect manipulation of the parameter email in the file login.ph...

Nozomi Networks Guardian/CMC SQL注入漏洞

Nozomi Networks Guardian/CMC is a centralized management console from Nozomi Networks, Inc. in the United States. A SQL injection vulnerability exists in Nozomi Networks Guardian/CMC that stems from improper validation of input parameters in the Alert function, which could lead to an SQL injectio...

PT-2025-40990

Name of the Vulnerable Software and Affected Versions Alert functionality affected versions not specified Description A SQL Injection issue exists due to inadequate input validation of a parameter within the Alert functionality. An authenticated user with limited privileges can execute arbitrary...

PT-2025-41160

Name of the Vulnerable Software and Affected Versions SourceCodester Hotel and Lodge Management System version 1.0 Description A flaw exists in SourceCodester Hotel and Lodge Management System 1.0 related to the file /del tax.php. Manipulation of the ID parameter can lead to SQL injection. This...

(0Day) Ivanti Endpoint Manager Report_Run SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Endpoint Manager. Authentication is required to exploit this vulnerability. The specific flaw exists within the ReportRun class. The issue results from the lack of proper validation of a...

SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection via the orderField parameter in the REST API. An attacker can execute arbitrary HQL statements by injecting crafted input, potentially leading to unauthorized data access or manipulation. Remediation Upgrade...

EUVD-2025-32540

XWiki Platform is vulnerable to HQL injection via wiki and space search REST API...

CVE-2025-11334

A security flaw has been discovered in Campcodes Online Apartment Visitor Management System 1.0. Affected is an unknown function of the file /visitor-detail.php. The manipulation of the argument editid results in sql injection. The attack can be executed remotely. The exploit has been released to...

CVE-2025-11315

Tipray Data Leakage Prevention System 1.0 is affected. The vulnerability is in the findUserPage.do file, specifically the findUserPage function, where manipulation of the sort argument enables SQL injection. It is remotely exploitable and the exploit has been made public. The vendor was contacted...

CVE-2025-11313 Tipray 厦门天锐科技股份有限公司 Data Leakage Prevention System 天锐数据泄露防护系统 findRolePage.do findRolePage sql injection

A flaw has been found in Tipray 厦门天锐科技股份有限公司 Data Leakage Prevention System 天锐数据泄露防护系统 1.0. This impacts the function findRolePage of the file findRolePage.do. This manipulation of the argument sort causes sql injection. The attack may be initiated remotely. The exploit has been published and may...

CVE-2025-11313 Tipray 厦门天锐科技股份有限公司 Data Leakage Prevention System 天锐数据泄露防护系统 findRolePage.do findRolePage sql injection

A flaw has been found in Tipray 厦门天锐科技股份有限公司 Data Leakage Prevention System 天锐数据泄露防护系统 1.0. This impacts the function findRolePage of the file findRolePage.do. This manipulation of the argument sort causes sql injection. The attack may be initiated remotely. The exploit has been published and may...

EUVD-2025-32482

A flaw has been found in Tipray 厦门天锐科技股份有限公司 Data Leakage Prevention System 天锐数据泄露防护系统 1.0. This impacts the function findRolePage of the file findRolePage.do. This manipulation of the argument sort causes sql injection. The attack may be initiated remotely. The exploit has been published and may...

Code-Projects Online Course Registration SQL注入漏洞

Online Course Registration is an online course registration system. Online Course Registration suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter ID of the file /admin/manage-students.php. An attacker can...

CampCodes Online Apartment Visitor Management SQL注入漏洞

CampCodes Online Apartment Visitor Management is an online apartment visitor management system from CampCodes Philippines. A SQL injection vulnerability exists in CampCodes Online Apartment Visitor Management version 1.0, which stems from an incorrect manipulation of the parameter editid in the...

PT-2025-40838

Name of the Vulnerable Software and Affected Versions Tipray Data Leakage Prevention System version 1.0 Description A flaw exists in Tipray Data Leakage Prevention System that allows for SQL injection. The issue is located in the findRolePage.do file and specifically affects the findRolePage...