Lucene search
K

8282 matches found

OSV
OSV
added 2025/03/14 4:15 p.m.3 views

CVE-2022-29059

An improper neutralization of special elements used in an SQL command 'SQL Injection' vulnerability CWE-89 in FortiWeb version 7.0.1 and below, 6.4.2 and below, 6.3.20 and below, 6.2.7 and below may allow a privileged attacker to execute SQL commands over the log database via specifically crafted...

7.2CVSS5.9AI score0.00388EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/03/14 12:0 a.m.0 views

LogicalDOC SQL注入漏洞

LogicalDOC is the United States LogicalDOC company a set of document management system developed using Java technology. The system has features such as Lucene full-text search indexing and automatic import. A security vulnerability exists in LogicalDOC that stems from the login function containin...

8.7CVSS7.6AI score0.00349EPSS
Exploits0References2
CNVD
CNVD
added 2025/03/13 12:0 a.m.3 views

Restaurant Table Booking System username/mobileno Parameter SQL Injection Vulnerability

Restaurant Table Booking System is a restaurant table reservation system. Restaurant Table Booking System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter username/mobileno in the...

9.8CVSS8.2AI score0.00487EPSS
Exploits1References1
CNVD
CNVD
added 2025/03/11 12:0 a.m.2 views

Restaurant Table Booking System /admin/check_availability.php File SQL Injection Vulnerability

Restaurant Table Booking System is a restaurant table reservation system. Restaurant Table Booking System suffers from a SQL injection vulnerability that originates from an incorrect operation of the parameter username in the /admin/checkavailability.php file, which can lead to SQL injection. An...

9.8CVSS8.1AI score0.00559EPSS
Exploits1References1
OSV
OSV
added 2025/03/09 11:15 p.m.3 views

CVE-2025-2132

A vulnerability classified as critical has been found in ftcms 2.1. Affected is an unknown function of the file /admin/index.php/web/ajaxalllists of the component Search. The manipulation of the argument name leads to sql injection. It is possible to launch the attack remotely. The exploit has be...

7.2CVSS5.6AI score0.00407EPSS
Exploits1References4
CNNVD
CNNVD
added 2025/03/09 12:0 a.m.2 views

AT Software Solutions ATSVD 注入漏洞

AT Software Solutions ATSVD is an application from the Brazilian company AT Software Solutions. An injection vulnerability exists in AT Software Solutions ATSVD version 3.4.1 and earlier, which stems from an incorrect manipulation of the parameter txtCPF that can lead to SQL injection...

9.8CVSS7.9AI score0.00527EPSS
Exploits1References6
CNNVD
CNNVD
added 2025/03/09 12:0 a.m.2 views

ftcms 注入漏洞

ftcms is a content management system from ftcms Inc. An injection vulnerability exists in ftcms version 2.1, which stems from the fact that incorrect manipulation of the parameter name can lead to SQL injection...

7.2CVSS5.7AI score0.00407EPSS
Exploits1References6
Patchstack
Patchstack
added 2025/03/07 9:39 a.m.5 views

WordPress School Management System for Wordpress plugin <= 92.0.0 - Authenticated (Subscriber+) SQL Injection via 'mj_smgt_show_event_task' vulnerability

Authenticated Subscriber+ SQL Injection via 'mjsmgtshoweventtask' vulnerability discovered by shaman0x01 in WordPress Plugin School Management versions = 92.0.0...

6.5CVSS8.1AI score0.00313EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2025/03/07 12:0 a.m.3 views

Projectworlds Life Insurance Management System 注入漏洞

Projectworlds Life Insurance Management System is a life insurance management system from Projectworlds India. An injection vulnerability exists in Projectworlds Life Insurance Management System version 1.0, which stems from improper manipulation of the reciptno parameter and can lead to SQL...

9.8CVSS7.9AI score0.00481EPSS
Exploits1References6
CNNVD
CNNVD
added 2025/03/07 12:0 a.m.3 views

Projectworlds Life Insurance Management System 注入漏洞

Projectworlds Life Insurance Management System is a life insurance management system from Projectworlds India. An injection vulnerability exists in Projectworlds Life Insurance Management System version 1.0, which stems from improper manipulation of the key parameter and could lead to an SQL...

9.8CVSS7.8AI score0.00481EPSS
Exploits1References6
CNNVD
CNNVD
added 2025/03/07 12:0 a.m.3 views

PHPGurukul Emergency Ambulance Hiring Portal 注入漏洞

Emergency Ambulance Hiring Portal is an emergency ambulance hiring portal. Emergency Ambulance Hiring Portal suffers from a SQL injection vulnerability that stems from a lack of validation of externally entered SQL statements in the contactnumber parameter of the /admin/admin-profile.php file. An...

9.8CVSS8.2AI score0.00481EPSS
Exploits1References7
ATTACKERKB
ATTACKERKB
added 2025/03/05 2:15 p.m.5 views

CVE-2024-13147

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Merkur Software B2B Login Panel allows SQL Injection. This issue affects B2B Login Panel: before 15.01.2025...

9.8CVSS5.8AI score0.00377EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2025/03/05 2:15 p.m.3 views

CVE-2024-12097

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Boceksoft Informatics E-Travel allows SQL Injection. This issue affects E-Travel: before 15.12.2024...

9.8CVSS5.8AI score0.00377EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/03/05 12:0 a.m.3 views

Boceksoft Informatics E-Travel SQL注入漏洞

Boceksoft Informatics E-Travel is an application from Boceksoft. A SQL injection vulnerability exists in Boceksoft Informatics E-Travel versions prior to 15.12.2024, which stems from the presence of SQL injection...

9.8CVSS8AI score0.00377EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/03/05 12:0 a.m.3 views

WordPress plugin Hero Mega Menu SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection vulnerabili...

6.5CVSS8.2AI score0.00321EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2025/03/05 12:0 a.m.5 views

The vulnerability of the IBM Engineering Lifecycle Optimization - Publishing software lies in the lack of protective measures for the SQL query structure, allowing attackers to gain unauthorized access to protected information.

The vulnerability of IBM Engineering Lifecycle Optimization - Publishing software relates to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information...

7.5CVSS5.6AI score0.00303EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2025/03/04 12:0 a.m.3 views

PHPGurukul Human Metapneumovirus Testing Management System 注入漏洞

Human Metapneumovirus Testing Management System is a human subpneumovirus testing management system. Human Metapneumovirus Testing Management System is vulnerable to a SQL injection vulnerability that affects the username parameter in the /login.php file. No details of the vulnerability are...

9.8CVSS7.8AI score0.00554EPSS
Exploits1References7
CNNVD
CNNVD
added 2025/03/04 12:0 a.m.4 views

Wind Media E-Commerce Website Template SQL注入漏洞

Wind Media E-Commerce Website Template is an e-commerce template from Wind Media, Inc. A SQL injection vulnerability exists in Wind Media E-Commerce Website Template versions prior to v1.5, which stems from susceptibility to SQL injection attacks...

8.6CVSS7.9AI score0.00286EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/03/04 12:0 a.m.3 views

PHPGurukul Restaurant Table Booking System 注入漏洞

Restaurant Table Booking System is a restaurant table reservation system. Restaurant Table Booking System suffers from a SQL injection vulnerability that stems from incorrect manipulation of the searchdata parameter in the /search-result.php file that can lead to SQL injection. No details of the...

9.8CVSS7.9AI score0.0054EPSS
Exploits1References6
CNNVD
CNNVD
added 2025/03/04 12:0 a.m.4 views

Codezips Online Shopping Website 安全漏洞

Codezips Online Shopping Website is a Codezips open source online store system. A security vulnerability exists in Codezips Online Shopping Website version 1.0, which stems from an incorrect manipulation of the parameter id that can lead to SQL injection...

9.8CVSS7.7AI score0.00611EPSS
Exploits1References6
Rows per page
Query Builder