8282 matches found
Siemens TeleControl Server Basic SQL注入漏洞
Siemens TeleControl Server Basic is an industrial remote controller from Siemens, Germany. Siemens TeleControl Server Basic suffers from a SQL injection vulnerability that stems from the internally used 'UnlockProject' method. An attacker could exploit the vulnerability to cause bypass of...
Siemens TeleControl Server Basic SQL注入漏洞
Siemens TeleControl Server Basic is an industrial remote controller from Siemens, Germany. Siemens TeleControl Server Basic suffers from a SQL injection vulnerability that can be exploited by an attacker to cause remote code execution...
Siemens TeleControl Server Basic SQL注入漏洞
Siemens TeleControl Server Basic is an industrial remote controller from Siemens, Germany. Siemens TeleControl Server Basic suffers from a SQL injection vulnerability that originates from a SQL injection in the internal method ActivateProject, which can be exploited by an attacker to bypass...
WordPress plugin Hostel SQL注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection vulnerabili...
Siemens TeleControl Server Basic SQL注入漏洞
Siemens TeleControl Server Basic is an industrial remote controller from Siemens, Germany. Siemens TeleControl Server Basic suffers from an SQL injection vulnerability that originates from an internal method, LockUser, which can be exploited by an attacker to bypass authorization controls and...
CVE-2025-3559
A vulnerability has been found in ghostxbh uzy-ssm-mall 1.0.0 and classified as critical. This vulnerability affects the function ForeProductListController of the file /mall/product/0/20. The manipulation of the argument orderBy leads to sql injection. The attack can be initiated remotely. The...
SicommNet BASEC 安全漏洞
SicommNet BASEC is an agent solution from SicommNet, Inc. A security vulnerability exists in SicommNet BASEC that stems from a SQL injection issue on the login page, which could lead to bypassing authentication and executing arbitrary SQL commands...
WordPress plugin Accessibility Suite by Online ADA SQL注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection vulnerabili...
PT-2025-15931 · Unknown · Aaronfrey Nearby Locations
Name of the Vulnerable Software and Affected Versions: aaronfrey Nearby Locations versions n/a through 1.1.1 Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL Injection attacks...
The vulnerability of the ZimbraSyncService service in the corporate email management system, Zimbra Collaboration Suite, allows a perpetrator to gain unauthorized access to protected information.
The vulnerability of the ZimbraSyncService service in the Zimbra Collaboration Suite enterprise email management system exists due to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability can allow an attacker operating remotely to gain unauthorized access t...
CVE-2025-29390
jerryhanjj ERP 1.0 is vulnerable to SQL Injection in the setpassword function in application/controllers/home.php...
Bus Pass Management System view-pass-detail.php File SQL Injection Vulnerability
Bus Pass Management System is a bus pass management system. Bus Pass Management System suffers from a SQL injection vulnerability that originates from a missing validation of an externally entered SQL statement in the viewid parameter of the view-pass-detail.php file. An attacker can exploit this...
Patient Record Management System xray_print.php File SQL Injection Vulnerability
Patient Record Management System is a medical record management system. Patient Record Management System suffers from a SQL injection vulnerability that originates from a missing validation of externally entered SQL statements in the parameter itrno of the xrayprint.php file. The vulnerability ca...
e-Diary Management System login.php File SQL Injection Vulnerability
The e-Diary Management System is an electronic diary management system. The e-Diary Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the logindetail parameter of the login.php file. An attacker can...
e-Diary Management System edit-category.php File SQL Injection Vulnerability
The e-Diary Management System is an electronic diary management system. The e-Diary Management System suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the Category parameter of the edit-category.php?id=8 file. An attacker ca...
CVE-2025-22461
SQL injection in Ivanti Endpoint Manager before version 2024 SU1 or before version 2022 SU7 allows a remote authenticated attacker with admin privileges to achieve code execution...
CVE-2025-3427
The 3DPrint Lite plugin for WordPress is vulnerable to SQL Injection via the 'infilltext' parameter in all versions up to, and including, 2.1.3.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...
Seeyon FE Collaborative Office Platform 安全漏洞
Seeyon FE Collaborative Office Platform is a collaborative office platform from China-based Seeyon. A security vulnerability exists in Seeyon FE Collaborative Office Platform version 5.5.2, which stems from an incorrect operation of the parameter Name that can lead to SQL injection...
WordPress plugin Team Circle Image Slider With Lightbox SQL注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection vulnerabili...
CVE-2025-31496 apollo-compiler Named Fragment Processing Vulnerability
apollo-compiler is a query-based compiler for the GraphQL query language. Prior to 1.27.0, a vulnerability in Apollo Compiler allowed queries with deeply nested and reused named fragments to be prohibitively expensive to validate. Named fragments were being processed once per fragment spread in...