8282 matches found
PHPGurukul News Portal 注入漏洞
News Portal is a news portal. News Portal suffers from a SQL injection vulnerability that stems from a lack of validation of externally entered SQL statements in the login.php file. An attacker can exploit this vulnerability to execute illegal SQL commands to steal sensitive database data...
The vulnerability of the template function in the Cacti network monitoring software’s host_templates.php file allows a hacker to access confidential data.
The vulnerability of the template function in the Cacti network monitoring software’s hosttemplates.php file is related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability can allow an attacker to gain access to confidential data...
CVE-2025-1832
A vulnerability classified as critical was found in zj1983 zz up to 2024-8. Affected by this vulnerability is the function getUserList of the file src/main/java/com/futvan/z/system/zrole/ZroleAction.java. The manipulation of the argument roleid leads to sql injection. The attack can be launched...
WordPress Bitcoin / AltCoin Payment Gateway for WooCommerce & Multivendor store / shop plugin <= 1.7.6 - SQL Injection vulnerability
SQL Injection vulnerability discovered by Trương Hữu Phúc truonghuuphuc in WordPress Plugin Bitcoin / AltCoin Payment Gateway for WooCommerce versions = 1.7.6...
Nipah Virus Testing Management System /search-report-result.php File SQL Injection Vulnerability
Nipah Virus Testing Management System is an online virus diagnostic platform. The Nipah Virus Testing Management System suffers from a SQL injection vulnerability that originates from a lack of validation of externally entered SQL statements in the /search-report-result.php file. An attacker can...
Loggrove 安全漏洞
Loggrove is a web platform service by olajowon individual developer. A security vulnerability exists in Loggrove v1.0, which stems from an SQL injection in the read.py file...
Yukseloglu Filter B2B Login Platform SQL注入漏洞
Yukseloglu Filter B2B Login Platform is a B2B login platform from Yukseloglu Filter, Inc. A SQL injection vulnerability exists in Yukseloglu Filter B2B Login Platform versions prior to 16.01.2025, which stems from improper neutralization of special elements...
The vulnerability of the web management console of the IP-ATC Agat CU-7214, related to the lack of measures taken to protect the SQL query structure, allows a hacker to execute arbitrary SQL code.
The vulnerability of the IP-ATC Agat CU-7214 web management console relates to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows a remote attacker to execute arbitrary SQL code...
CVE-2025-26971
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in ays-pro Poll Maker allows Blind SQL Injection. This issue affects Poll Maker: from n/a through 5.6.5...
CVE-2025-22210
A SQL injection vulnerability in the Hikashop component versions 3.3.0-5.1.4 for Joomla allows authenticated attackers administrator to execute arbitrary SQL commands in the category management area in backend...
Benner ModernaNet 注入漏洞
Benner ModernaNet is a diagnostic center application from Benner. An injection vulnerability exists in Benner ModernaNet version 1.1.0 and prior versions, which stems from the /Home/JSCarregaCombo file containing an SQL injection issue...
SeaCMS 安全漏洞
SeaCMS is a free, open source web content management system written in PHP by SeaCMS, Inc. The system is primarily designed to manage video-on-demand resources. A security vulnerability exists in SeaCMS version 13.3, which stems from an SQL injection in the admincollectnews.php file...
Benner ModernaNet 注入漏洞
Benner ModernaNet is a diagnostic center application from Benner. An injection vulnerability exists in Benner ModernaNet version 1.1.0 and prior versions, which stems from the /AGE0000700/GetHorariosDoDia file containing a SQL injection issue...
PT-2025-7824
Name of the Vulnerable Software and Affected Versions Dell Secure Connect Gateway SCG Application and Appliance versions prior to 5.28 Description The issue is due to improper neutralization of special elements used in an SQL command, leading to a SQL injection vulnerability. This can be exploite...
RAGFlow SQL注入漏洞
RAGFlow is an open source RAG engine based on deep document understanding from InfiniFlow Open Source. A SQL injection vulnerability exists in RAGFlow version 0.15.1 and prior versions, which stems from the ExeSQL component extracting SQL statements from input and sending them directly to a...
WordPress plugin Easy Quotes SQL注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection...
PT-2025-7904 · Ragflow · Ragflow
Name of the Vulnerable Software and Affected Versions: RAGFlow versions 0.15.1 and prior Description: RAGFlow is an open-source RAG Retrieval-Augmented Generation engine. The ExeSQL component extracts the SQL statement from the input and sends it directly to the database query, making it vulnerab...
JoomShopping SQL注入漏洞
JoomShopping is a lightweight, free shopping solution for Joomla by JoomShopping, Inc. A SQL injection vulnerability exists in JoomShopping versions 1.0.0 through 1.4.3, which stems from a vulnerability that could allow an administrator to execute arbitrary SQL commands...
CVE-2024-12918
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Agito Computer Health4All allows SQL Injection. This issue affects Health4All: before 10.01.2025...
The vulnerability of the Mongoose library, related to the lack of protection for SQL query structures, allows attackers to execute arbitrary code and gain access to read and modify data.
The vulnerability of the Mongoose library relates to the lack of protection for the SQL query structure when the $where operator is used. Exploiting this vulnerability allows an attacker to execute arbitrary code and gain access to read and modify data...