Lucene search
K

8282 matches found

CNNVD
CNNVD
added 2025/02/11 12:0 a.m.5 views

1000 Projects Bookstore Management System SQL注入漏洞

1000 Projects Bookstore Management System is an open source bookstore management system from 1000 Projects. A SQL injection vulnerability exists in 1000 Projects Bookstore Management System version 1.0, which stems from a parameter id in the file processusersdel.php that can lead to SQL injection...

7.2CVSS5.8AI score0.00602EPSS
Exploits1References5
CNNVD
CNNVD
added 2025/02/07 12:0 a.m.6 views

JeecgBoot 安全漏洞

JeecgBoot is a Java low-code platform for enterprise web applications from China National Torch Jeecg. A security vulnerability exists in JeecgBoot version v.3.7.2, which originated from the inclusion of a SQL injection vulnerability that allows remote attackers to obtain sensitive information vi...

7.5CVSS7.3AI score0.00533EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/02/05 8:13 a.m.4 views

CVE-2024-29822

An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code...

9.6CVSS10AI score0.6439EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 8:2 a.m.4 views

CVE-2024-29830

An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an authenticated attacker within the same network to execute arbitrary code...

8.4CVSS8.9AI score0.08484EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 7:54 a.m.2 views

CVE-2024-29823

An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code...

9.6CVSS9.9AI score0.9986EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 5:2 a.m.4 views

CVE-2024-10733

A vulnerability was found in code-projects Restaurant Order System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /login.php. The manipulation of the argument uid leads to sql injection. The attack may be launched remotely. The exploit has been...

9.8CVSS7.2AI score0.0062EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/02/05 3:2 a.m.7 views

CVE-2024-6748

Zohocorp ManageEngine OpManager, OpManager Plus, OpManager MSP and RMM versions 128317 and below are vulnerable to authenticated SQL injection in the URL monitoring...

8.3CVSS7.9AI score0.23784EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 1:49 a.m.2 views

CVE-2024-11773

SQL injection in the admin web console of Ivanti CSA before version 5.0.3 allows a remote authenticated attacker with admin privileges to run arbitrary SQL statements...

9.1CVSS7.8AI score0.23598EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/02/03 8:24 p.m.5 views

WordPress Distance Rate Shipping for WooCommerce plugin <= 1.3.4 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Jingle Bells in WordPress Plugin Distance Rate Shipping for WooCommerce versions = 1.3.4...

8.5CVSS8.1AI score0.00338EPSS
Exploits0Affected Software1
CNNVD
CNNVD
added 2025/02/03 12:0 a.m.6 views

Zimbra Collaboration Suite 安全漏洞

Zimbra Collaboration Suite ZCS is an open source collaboration suite from Zimbra. The product includes WebMail, Calendar, Address Book and more. A security vulnerability exists in Zimbra Collaboration Suite version 10.0.x up to and including version 10.0.12 and version 10.1.x up to and including...

8.8CVSS9.8AI score0.34355EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2025/02/03 12:0 a.m.5 views

The vulnerability of the get_discovery_results() function in the Cacti network monitoring software allows a hacker to execute arbitrary code.

The vulnerability of the getdiscoveryresults function in the Cacti network monitoring software is related to the lack of security measures for the SQL query structure. Exploiting this vulnerability allows an attacker who operates remotely to execute arbitrary code...

6.5CVSS8.2AI score0.00657EPSS
Exploits1References3Affected Software1
CNNVD
CNNVD
added 2025/02/03 12:0 a.m.3 views

Advantive VeraCore 安全漏洞

Advantive VeraCore is a SaaS order and warehouse management software from Advantive. A security vulnerability exists in Advantive VeraCore version 2025.1.0 and earlier, which stems from the presence of an SQL injection in timeoutWarning.asp that allows remote attackers to execute arbitrary SQL...

7.5CVSS10AI score0.50378EPSS
Exploits1References2
CNNVD
CNNVD
added 2025/02/03 12:0 a.m.5 views

WeGIA SQL注入漏洞

WeGIA is a web manager for welfare organizations by the individual developer Nilson Lazarin. An SQL injection vulnerability exists in WeGIA 3.2.11 and prior versions that originates from allowing an authorized attacker to execute arbitrary SQL queries that could allow access to or delete sensitiv...

10CVSS8AI score0.00541EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2025/02/03 12:0 a.m.3 views

PT-2025-5598 · Wegia · Wegia

Name of the Vulnerable Software and Affected Versions: WeGIA versions prior to 3.2.12 Description: A SQL Injection vulnerability was discovered in the WeGIA application, salvar cargo.php endpoint. This vulnerability could allow an authorized attacker to execute arbitrary SQL queries, allowing...

9.4CVSS8.6AI score0.00539EPSS
Exploits1References12
CNNVD
CNNVD
added 2025/02/01 12:0 a.m.3 views

itsourcecode Tailoring Management System 注入漏洞

itsourcecode Tailoring Management System is a tailoring management system from itsourcecode open source. An injection vulnerability exists in version 1.0 of itsourcecode Tailoring Management System, which stems from a parameter id in the file deldoc.php that can lead to SQL injection...

9.8CVSS7AI score0.0053EPSS
Exploits1References5
Patchstack
Patchstack
added 2025/01/31 11:37 p.m.5 views

WordPress MultiLoca plugin <= 4.1.11 - Authenticated (Subscriber+) SQL Injection vulnerability

Authenticated Subscriber+ SQL Injection vulnerability discovered by Aiden Thái An in WordPress Plugin MultiLoca versions = 4.1.11...

6.5CVSS8.1AI score0.00462EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/01/31 1:37 p.m.6 views

WordPress Traveler Code plugin < 3.1.2 - Unauthenticated Arbitrary SQL Execution vulnerability

Unauthenticated Arbitrary SQL Execution vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin Traveler Code versions 3.1.2...

9CVSS7.9AI score0.00351EPSS
Exploits0Affected Software1
BDU FSTEC
BDU FSTEC
added 2025/01/30 12:0 a.m.6 views

The vulnerability of the software for managing traffic in hybrid and multi-cloud environments, such as VMware Avi Load Balancer, stems from insufficient measures taken to protect the SQL query structure. This allows attackers to gain access to the internal database.

The vulnerability of the software for managing traffic in hybrid and multi-cloud environments of VMware Avi Load Balancer is related to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability can allow a malicious actor to gain access to the internal database...

8.6CVSS8.1AI score0.00633EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2025/01/30 12:0 a.m.4 views

PT-2025-4086 · Unknown · Code-Projects Chat System

Name of the Vulnerable Software and Affected Versions: code-projects Chat System versions 1.0 and earlier Description: A critical issue has been found in the code-projects Chat System, affecting an unknown functionality of the file /user/addnewmember.php. The manipulation of the user argument lea...

7.5CVSS7.2AI score0.0043EPSS
Exploits1References9
CNNVD
CNNVD
added 2025/01/30 12:0 a.m.6 views

1000 Projects Employee Task Management System SQL注入漏洞

1000 Projects Employee Task Management System is an open source employee task management system from 1000 Projects. A SQL injection vulnerability exists in 1000 Projects Employee Task Management System version 1.0, which is caused by SQL injection due to parameter email...

9.8CVSS7.9AI score0.00588EPSS
Exploits1References5
Rows per page
Query Builder