Lucene search
K

8282 matches found

CNNVD
CNNVD
added 2025/01/21 12:0 a.m.8 views

WordPress plugin Fancy Product Designer SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection vulnerability...

9.3CVSS9.4AI score0.16259EPSS
Exploits2References2
CNNVD
CNNVD
added 2025/01/20 12:0 a.m.4 views

aEnrich a+HRD SQL注入漏洞

aEnrich a+HRD is an all-in-one human resource development solution from Acer China aEnrich. A SQL injection vulnerability exists in aEnrich a+HRD 7.5 and prior versions, which originates from allowing an attacker to inject arbitrary SQL commands to read, modify, and delete database content...

9.8CVSS8.2AI score0.00712EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/01/20 12:0 a.m.3 views

WeGIA SQL注入漏洞

WeGIA is a web manager for welfare organizations by the individual developer Nilson Lazarin. WeGIA suffers from a SQL injection vulnerability that originates from allowing an attacker to execute arbitrary SQL commands in the database, which could lead to unauthorized access to sensitive informati...

10CVSS8.2AI score0.00579EPSS
Exploits1References3
BDU FSTEC
BDU FSTEC
added 2025/01/20 12:0 a.m.5 views

The vulnerability of the GraphQL Mutation Handler component of the software platform based on git for collaborative code development on GitLab allows a hacker to gain unauthorized access to protected information.

The vulnerability of the GraphQL Mutation Handler component in the software platform based on Git, which is used for collaborative code development in GitLab, involves the disclosure of information through registration files. Exploiting this vulnerability can allow attackers to gain unauthorized...

4CVSS5.5AI score0.00212EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2025/01/19 12:0 a.m.3 views

PT-2025-3958 · Zzcms · Zzcms

Name of the Vulnerable Software and Affected Versions: ZZCMS version 2023 Description: A critical issue has been found in the software, specifically a SQL injection flaw. This issue is related to the manipulation of the id argument in the "/index.php" file, allowing for remote attacks. The exploi...

9.8CVSS8AI score0.0139EPSS
Exploits1References11
CNNVD
CNNVD
added 2025/01/18 12:0 a.m.1 views

WordPress plugin WP Extended SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection...

7.5CVSS8.6AI score0.00517EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/01/17 12:0 a.m.4 views

itsourcecode Tailoring Management System 注入漏洞

itsourcecode Tailoring Management System is a tailoring management system from itsourcecode open source. An injection vulnerability exists in version 1.0 of itsourcecode Tailoring Management System, which stems from the parameter expcat in the file /expadd.php that can cause SQL injection...

9.8CVSS7AI score0.0053EPSS
Exploits1References6
CNNVD
CNNVD
added 2025/01/17 12:0 a.m.4 views

WeGIA 安全漏洞

WeGIA is a web manager for welfare organizations by the individual developer Nilson Lazarin. A security vulnerability exists in WeGIA versions prior to 3.2.0 that stems from vulnerability to SQL injection attacks via the query parameter in querygeracaoauto.php...

9.8CVSS7.6AI score0.00596EPSS
Exploits1References3
OSV
OSV
added 2025/01/16 6:15 p.m.4 views

CVE-2024-57775

JFinalOA before v2025.01.01 was discovered to contain a SQL injection vulnerability via the component getWorkFlowHis?insid...

8.8CVSS5.8AI score0.00568EPSS
Exploits1References1
CNVD
CNVD
added 2025/01/16 12:0 a.m.2 views

BigAntSoft BigAnt office messenger SQL Injection Vulnerability

BigAntSoft BigAnt office messenger is a server/client instant messaging program for enterprise environments from BigAntSoft Australia. A SQL injection vulnerability exists in BigAntSoft BigAnt office messenger. The vulnerability can be exploited to conduct a SQL injection attack via the "devcode"...

6.3CVSS8AI score0.01729EPSS
Exploits6References1
CNNVD
CNNVD
added 2025/01/16 12:0 a.m.2 views

WordPress plugin Passwords Manager SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection vulnerabili...

6.5CVSS8.9AI score0.00472EPSS
Exploits0References4
CNVD
CNVD
added 2025/01/16 12:0 a.m.1 views

Selesta Visual Access Manager SQL Injection Vulnerability (CNVD-2025-22658)

Selesta Visual Access Manager is a visual access manager from Selesta. Selesta Visual Access Manager suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in /common/vamSql.php. An attacker can exploit this vulnerability to perform...

5.4CVSS8.1AI score0.00231EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/01/16 12:0 a.m.2 views

WordPress plugin Easy Code Snippets SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A SQL injection vulnerability exist...

7.6CVSS8.9AI score0.00599EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/01/16 12:0 a.m.3 views

PT-2025-5086 · Alphabpo · Alphabpo Easy Code Snippets

Name of the Vulnerable Software and Affected Versions: AlphaBPO Easy Code Snippets versions 1.0.2 and earlier Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL Injection, potentially...

7.6CVSS9.7AI score0.00599EPSS
Exploits0References3
CNVD
CNVD
added 2025/01/16 12:0 a.m.2 views

Selesta Visual Access Manager SQL Injection Vulnerability

Selesta Visual Access Manager is a visual access manager from Selesta. A SQL injection vulnerability exists in Selesta Visual Access Manager, which can be exploited by an attacker to perform SQL injection in multiple POST parameters of /monitor/sscheduledfile.php...

3.8CVSS8.1AI score0.00232EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/01/16 12:0 a.m.4 views

PT-2025-3891 · Netvision Information · Airpass

Name of the Vulnerable Software and Affected Versions: airPASS versions affected versions not specified Description: The airPASS from NetVision Information has a SQL Injection issue, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database...

9.8CVSS8.4AI score0.0053EPSS
Exploits0References8
CNNVD
CNNVD
added 2025/01/16 12:0 a.m.3 views

WordPress plugin WordPress Google Map Professional SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin...

8.5CVSS8.9AI score0.00491EPSS
Exploits0References2
CNVD
CNVD
added 2025/01/16 12:0 a.m.3 views

Selesta Visual Access Manager SQL Injection Vulnerability

Selesta Visual Access Manager is a visual access manager from Selesta. Selesta Visual Access Manager suffers from a SQL injection vulnerability that stems from a lack of validation of the GET parameter of /common/ajaxfunction.php against an externally entered SQL statement. An attacker can exploi...

3.8CVSS8.3AI score0.00309EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2025/01/16 12:0 a.m.5 views

The vulnerability of the GLPI system’s request, incident, and computer equipment inventory management processes, related to the failure to protect the SQL request structure, allows attackers to execute SQL injections.

The vulnerability of the GLPI system’s request, incident, and computer equipment inventory management processes is related to the lack of measures taken to protect the SQL request structure. Exploiting this vulnerability allows a malicious actor to execute SQL injections remotely...

9CVSS5.7AI score0.00524EPSS
Exploits0References3Affected Software2
CNNVD
CNNVD
added 2025/01/15 12:0 a.m.3 views

dingfanzu 安全漏洞

dingfanzu is a php based takeaway ordering website. A SQL injection vulnerability exists in dingfanzu v1.0, which stems from the application's lack of validation of externally entered SQL statements. A local attacker can exploit this vulnerability to execute arbitrary code via the contents of the...

7.1CVSS8.3AI score0.00204EPSS
Exploits0References2
Rows per page
Query Builder