Lucene search
K

8282 matches found

CNNVD
CNNVD
added 2025/03/03 12:0 a.m.4 views

PHPGurukul News Portal 注入漏洞

News Portal is a news portal. News Portal suffers from a SQL injection vulnerability that stems from a lack of validation of externally entered SQL statements in the login.php file. An attacker can exploit this vulnerability to execute illegal SQL commands to steal sensitive database data...

9.8CVSS7.9AI score0.00451EPSS
Exploits1References6
BDU FSTEC
BDU FSTEC
added 2025/03/03 12:0 a.m.5 views

The vulnerability of the template function in the Cacti network monitoring software’s host_templates.php file allows a hacker to access confidential data.

The vulnerability of the template function in the Cacti network monitoring software’s hosttemplates.php file is related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability can allow an attacker to gain access to confidential data...

8CVSS7.3AI score0.00447EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2025/03/02 9:15 p.m.3 views

CVE-2025-1832

A vulnerability classified as critical was found in zj1983 zz up to 2024-8. Affected by this vulnerability is the function getUserList of the file src/main/java/com/futvan/z/system/zrole/ZroleAction.java. The manipulation of the argument roleid leads to sql injection. The attack can be launched...

8.8CVSS5.6AI score0.00474EPSS
Exploits1References4
Patchstack
Patchstack
added 2025/03/01 8:33 p.m.3 views

WordPress Bitcoin / AltCoin Payment Gateway for WooCommerce & Multivendor store / shop plugin <= 1.7.6 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Trương Hữu Phúc truonghuuphuc in WordPress Plugin Bitcoin / AltCoin Payment Gateway for WooCommerce versions = 1.7.6...

9.3CVSS8.1AI score0.00464EPSS
Exploits0Affected Software1
CNVD
CNVD
added 2025/02/28 12:0 a.m.4 views

Nipah Virus Testing Management System /search-report-result.php File SQL Injection Vulnerability

Nipah Virus Testing Management System is an online virus diagnostic platform. The Nipah Virus Testing Management System suffers from a SQL injection vulnerability that originates from a lack of validation of externally entered SQL statements in the /search-report-result.php file. An attacker can...

9.8CVSS8.2AI score0.00439EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/02/28 12:0 a.m.3 views

Loggrove 安全漏洞

Loggrove is a web platform service by olajowon individual developer. A security vulnerability exists in Loggrove v1.0, which stems from an SQL injection in the read.py file...

5.1CVSS7.8AI score0.002EPSS
Exploits1References2
CNNVD
CNNVD
added 2025/02/27 12:0 a.m.2 views

Yukseloglu Filter B2B Login Platform SQL注入漏洞

Yukseloglu Filter B2B Login Platform is a B2B login platform from Yukseloglu Filter, Inc. A SQL injection vulnerability exists in Yukseloglu Filter B2B Login Platform versions prior to 16.01.2025, which stems from improper neutralization of special elements...

9.8CVSS7.8AI score0.00377EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2025/02/26 12:0 a.m.15 views

The vulnerability of the web management console of the IP-ATC Agat CU-7214, related to the lack of measures taken to protect the SQL query structure, allows a hacker to execute arbitrary SQL code.

The vulnerability of the IP-ATC Agat CU-7214 web management console relates to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows a remote attacker to execute arbitrary SQL code...

9CVSS6.1AI score
Exploits0Affected Software1
OSV
OSV
added 2025/02/25 3:15 p.m.3 views

CVE-2025-26971

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in ays-pro Poll Maker allows Blind SQL Injection. This issue affects Poll Maker: from n/a through 5.6.5...

9.8CVSS7.3AI score
Exploits0References1
OSV
OSV
added 2025/02/25 6:15 a.m.4 views

CVE-2025-22210

A SQL injection vulnerability in the Hikashop component versions 3.3.0-5.1.4 for Joomla allows authenticated attackers administrator to execute arbitrary SQL commands in the category management area in backend...

7.2CVSS6AI score0.00468EPSS
Exploits1References2
CNNVD
CNNVD
added 2025/02/25 12:0 a.m.5 views

Benner ModernaNet 注入漏洞

Benner ModernaNet is a diagnostic center application from Benner. An injection vulnerability exists in Benner ModernaNet version 1.1.0 and prior versions, which stems from the /Home/JSCarregaCombo file containing an SQL injection issue...

9.8CVSS7.9AI score0.0059EPSS
Exploits1References5
CNNVD
CNNVD
added 2025/02/25 12:0 a.m.3 views

SeaCMS 安全漏洞

SeaCMS is a free, open source web content management system written in PHP by SeaCMS, Inc. The system is primarily designed to manage video-on-demand resources. A security vulnerability exists in SeaCMS version 13.3, which stems from an SQL injection in the admincollectnews.php file...

6.5CVSS7.8AI score0.00279EPSS
Exploits1References3
CNNVD
CNNVD
added 2025/02/25 12:0 a.m.3 views

Benner ModernaNet 注入漏洞

Benner ModernaNet is a diagnostic center application from Benner. An injection vulnerability exists in Benner ModernaNet version 1.1.0 and prior versions, which stems from the /AGE0000700/GetHorariosDoDia file containing a SQL injection issue...

9.8CVSS7.9AI score0.0059EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2025/02/25 12:0 a.m.4 views

PT-2025-7824

Name of the Vulnerable Software and Affected Versions Dell Secure Connect Gateway SCG Application and Appliance versions prior to 5.28 Description The issue is due to improper neutralization of special elements used in an SQL command, leading to a SQL injection vulnerability. This can be exploite...

2.3CVSS5.6AI score0.00182EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/02/25 12:0 a.m.3 views

RAGFlow SQL注入漏洞

RAGFlow is an open source RAG engine based on deep document understanding from InfiniFlow Open Source. A SQL injection vulnerability exists in RAGFlow version 0.15.1 and prior versions, which stems from the ExeSQL component extracting SQL statements from input and sending them directly to a...

9.8CVSS7.8AI score0.00574EPSS
Exploits1References2
CNNVD
CNNVD
added 2025/02/25 12:0 a.m.2 views

WordPress plugin Easy Quotes SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection...

9.3CVSS9.3AI score0.00468EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/02/25 12:0 a.m.5 views

PT-2025-7904 · Ragflow · Ragflow

Name of the Vulnerable Software and Affected Versions: RAGFlow versions 0.15.1 and prior Description: RAGFlow is an open-source RAG Retrieval-Augmented Generation engine. The ExeSQL component extracts the SQL statement from the input and sends it directly to the database query, making it vulnerab...

9.8CVSS7.9AI score0.00574EPSS
Exploits1References10
CNNVD
CNNVD
added 2025/02/25 12:0 a.m.4 views

JoomShopping SQL注入漏洞

JoomShopping is a lightweight, free shopping solution for Joomla by JoomShopping, Inc. A SQL injection vulnerability exists in JoomShopping versions 1.0.0 through 1.4.3, which stems from a vulnerability that could allow an administrator to execute arbitrary SQL commands...

3.4CVSS8.2AI score0.00337EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2025/02/24 3:15 p.m.6 views

CVE-2024-12918

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Agito Computer Health4All allows SQL Injection. This issue affects Health4All: before 10.01.2025...

8.8CVSS5.8AI score0.00385EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2025/02/24 12:0 a.m.8 views

The vulnerability of the Mongoose library, related to the lack of protection for SQL query structures, allows attackers to execute arbitrary code and gain access to read and modify data.

The vulnerability of the Mongoose library relates to the lack of protection for the SQL query structure when the $where operator is used. Exploiting this vulnerability allows an attacker to execute arbitrary code and gain access to read and modify data...

9.4CVSS8.5AI score0.03988EPSS
Exploits3References6Affected Software1
Rows per page
Query Builder