8282 matches found
WordPress plugin Fancy Product Designer SQL注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection vulnerability...
aEnrich a+HRD SQL注入漏洞
aEnrich a+HRD is an all-in-one human resource development solution from Acer China aEnrich. A SQL injection vulnerability exists in aEnrich a+HRD 7.5 and prior versions, which originates from allowing an attacker to inject arbitrary SQL commands to read, modify, and delete database content...
WeGIA SQL注入漏洞
WeGIA is a web manager for welfare organizations by the individual developer Nilson Lazarin. WeGIA suffers from a SQL injection vulnerability that originates from allowing an attacker to execute arbitrary SQL commands in the database, which could lead to unauthorized access to sensitive informati...
The vulnerability of the GraphQL Mutation Handler component of the software platform based on git for collaborative code development on GitLab allows a hacker to gain unauthorized access to protected information.
The vulnerability of the GraphQL Mutation Handler component in the software platform based on Git, which is used for collaborative code development in GitLab, involves the disclosure of information through registration files. Exploiting this vulnerability can allow attackers to gain unauthorized...
PT-2025-3958 · Zzcms · Zzcms
Name of the Vulnerable Software and Affected Versions: ZZCMS version 2023 Description: A critical issue has been found in the software, specifically a SQL injection flaw. This issue is related to the manipulation of the id argument in the "/index.php" file, allowing for remote attacks. The exploi...
WordPress plugin WP Extended SQL注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection...
itsourcecode Tailoring Management System 注入漏洞
itsourcecode Tailoring Management System is a tailoring management system from itsourcecode open source. An injection vulnerability exists in version 1.0 of itsourcecode Tailoring Management System, which stems from the parameter expcat in the file /expadd.php that can cause SQL injection...
WeGIA 安全漏洞
WeGIA is a web manager for welfare organizations by the individual developer Nilson Lazarin. A security vulnerability exists in WeGIA versions prior to 3.2.0 that stems from vulnerability to SQL injection attacks via the query parameter in querygeracaoauto.php...
CVE-2024-57775
JFinalOA before v2025.01.01 was discovered to contain a SQL injection vulnerability via the component getWorkFlowHis?insid...
BigAntSoft BigAnt office messenger SQL Injection Vulnerability
BigAntSoft BigAnt office messenger is a server/client instant messaging program for enterprise environments from BigAntSoft Australia. A SQL injection vulnerability exists in BigAntSoft BigAnt office messenger. The vulnerability can be exploited to conduct a SQL injection attack via the "devcode"...
WordPress plugin Passwords Manager SQL注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection vulnerabili...
Selesta Visual Access Manager SQL Injection Vulnerability (CNVD-2025-22658)
Selesta Visual Access Manager is a visual access manager from Selesta. Selesta Visual Access Manager suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in /common/vamSql.php. An attacker can exploit this vulnerability to perform...
WordPress plugin Easy Code Snippets SQL注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A SQL injection vulnerability exist...
PT-2025-5086 · Alphabpo · Alphabpo Easy Code Snippets
Name of the Vulnerable Software and Affected Versions: AlphaBPO Easy Code Snippets versions 1.0.2 and earlier Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL Injection, potentially...
Selesta Visual Access Manager SQL Injection Vulnerability
Selesta Visual Access Manager is a visual access manager from Selesta. A SQL injection vulnerability exists in Selesta Visual Access Manager, which can be exploited by an attacker to perform SQL injection in multiple POST parameters of /monitor/sscheduledfile.php...
PT-2025-3891 · Netvision Information · Airpass
Name of the Vulnerable Software and Affected Versions: airPASS versions affected versions not specified Description: The airPASS from NetVision Information has a SQL Injection issue, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database...
WordPress plugin WordPress Google Map Professional SQL注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin...
Selesta Visual Access Manager SQL Injection Vulnerability
Selesta Visual Access Manager is a visual access manager from Selesta. Selesta Visual Access Manager suffers from a SQL injection vulnerability that stems from a lack of validation of the GET parameter of /common/ajaxfunction.php against an externally entered SQL statement. An attacker can exploi...
The vulnerability of the GLPI system’s request, incident, and computer equipment inventory management processes, related to the failure to protect the SQL request structure, allows attackers to execute SQL injections.
The vulnerability of the GLPI system’s request, incident, and computer equipment inventory management processes is related to the lack of measures taken to protect the SQL request structure. Exploiting this vulnerability allows a malicious actor to execute SQL injections remotely...
dingfanzu 安全漏洞
dingfanzu is a php based takeaway ordering website. A SQL injection vulnerability exists in dingfanzu v1.0, which stems from the application's lack of validation of externally entered SQL statements. A local attacker can exploit this vulnerability to execute arbitrary code via the contents of the...