Lucene search
K

8289 matches found

CNNVD
CNNVD
added 2024/11/22 12:0 a.m.2 views

ChurchCRM 安全漏洞

ChurchCRM is an open source CRM system built for churches by ChurchCRM Open Source. A security vulnerability exists in ChurchCRM version 5.7.0 that originates from parameters being inserted directly into SQL queries without proper cleanup or validation. An attacker can exploit this vulnerability ...

9.8CVSS7.7AI score0.00531EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2024/11/22 12:0 a.m.6 views

The vulnerability of the Ivanti Endpoint Manager software for managing endpoints in information networks lies in the lack of protective measures for SQL query structures, allowing attackers to execute arbitrary code.

The vulnerability of the Ivanti Endpoint Manager software for managing endpoints in information networks relates to the lack of security measures taken to protect the SQL query structure. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

9CVSS7.6AI score0.01667EPSS
Exploits0References3
OSV
OSV
added 2024/11/21 11:15 a.m.2 views

CVE-2024-9828

The Taskbuilder WordPress plugin before 3.0.5 does not sanitize user input into the 'loadorders' parameter and uses it in a SQL statement, allowing high privilege users such as admin to perform SQL Injection attacks...

4.1CVSS5.8AI score0.00495EPSS
Exploits1References1
CNNVD
CNNVD
added 2024/11/21 12:0 a.m.3 views

WordPress plugin Tutor LMS SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection...

7.5CVSS8.5AI score0.82589EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/11/21 12:0 a.m.3 views

Teknogis Informatics Closed Circuit Vehicle Tracking Software SQL注入漏洞

Teknogis Informatics Closed Circuit Vehicle Tracking Software is a closed circuit vehicle tracking software from Teknogis Informatics. Teknogis Informatics Closed Circuit Vehicle Tracking Software version 21.11.2024 and prior versions suffer from a SQL injection vulnerability that stems from...

7.5CVSS7.8AI score0.00613EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/11/21 12:0 a.m.4 views

PT-2024-38034 · Teknogis Informatics · Teknogis Informatics Closed Circuit Vehicle Tracking

Name of the Vulnerable Software and Affected Versions: Teknogis Informatics Closed Circuit Vehicle Tracking Software versions through 21.11.2024 Description: The issue is related to improper neutralization of special elements used in an SQL command, allowing SQL Injection and Blind SQL Injection...

7.5CVSS8AI score0.00613EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/11/20 12:0 a.m.1 views

WordPress plugin Post Ideas 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...

8.2CVSS8.6AI score0.00205EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/11/19 12:0 a.m.3 views

SourceCodester Sentiment Based Movie Rating System 安全漏洞

SourceCodester Sentiment Based Movie Rating System is an open source movie rating system from SourceCodester. A security vulnerability exists in SourceCodester Sentiment Based Movie Rating System version 1.0, which stems from vulnerability to SQL injection attacks...

9.8CVSS7.9AI score0.00495EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2024/11/19 12:0 a.m.4 views

PT-2024-35408 · Sourcecodester · Sourcecodester Sentiment Based Movie Rating System

Name of the Vulnerable Software and Affected Versions: SourceCodester Sentiment Based Movie Rating System version 1.0 Description: The issue concerns a SQL Injection vulnerability in the /msrps/movies.php endpoint. This allows an attacker to remotely manipulate database queries. Recommendations:...

9.8CVSS8.2AI score0.00495EPSS
Exploits1References5
CNNVD
CNNVD
added 2024/11/19 12:0 a.m.3 views

Weaver e-cology 安全漏洞

Weaver e-cology is a collaborative management application platform from China's Weaver. A security vulnerability exists in Weaver e-cology v9, which is prone to SQL injection attacks...

9.8CVSS7.8AI score0.00698EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/11/15 4:37 p.m.10 views

CVE-2021-1481 Cisco SD-WAN vManage Cypher Query Language Injection Vulnerability

A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct Cypher query language injection attacks on an affected system. This vulnerability is due to insufficient input validation by the web-based management...

4.3CVSS7.2AI score0.00818EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/11/15 4:37 p.m.14 views

CVE-2021-1481 Cisco SD-WAN vManage Cypher Query Language Injection Vulnerability

A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct Cypher query language injection attacks on an affected system. This vulnerability is due to insufficient input validation by the web-based management...

4.3CVSS0.00818EPSS
Exploits0References2
OSV
OSV
added 2024/11/15 4:15 p.m.2 views

CVE-2024-11245

A vulnerability, which was classified as critical, has been found in code-projects Farmacia 1.0. This issue affects some unknown processing of the file /editar-produto.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been...

7.5CVSS5.8AI score0.00558EPSS
Exploits1References5
CNNVD
CNNVD
added 2024/11/15 12:0 a.m.3 views

JeeWMS 注入漏洞

JeeWMS is JeeWMS open source a JAVA-based warehouse management system . JeeWMS 20241108 and earlier versions have an injection vulnerability that stems from the parameter begindate in the file cgReportController.do can lead to SQL injection...

8.8CVSS7AI score0.00506EPSS
Exploits1References3
BDU FSTEC
BDU FSTEC
added 2024/11/15 12:0 a.m.4 views

The vulnerability of the Fortinet FortiManager software, which is used for centralized device management, and the Fortinet FortiAnalyzer software, which is used for event monitoring and analysis, stems from improper validation of input data. This vulnerability allows an attacker to gain access to information about the file system.

The vulnerability of the Fortinet FortiManager software, which is used for centralized device management, and the Fortinet FortiAnalyzer software, which is used for event monitoring and analysis, is related to improper validation of input data. Exploiting this vulnerability can allow attackers to...

7.1CVSS6AI score0.00187EPSS
Exploits0References3Affected Software2
CNVD
CNVD
added 2024/11/15 12:0 a.m.2 views

Ivanti Endpoint Manager SQL Injection Vulnerability (CNVD-2025-28690)

Ivanti Endpoint Manager is a comprehensive endpoint management solution developed by Ivanti to unify the management of all types of devices in an enterprise network, including Windows, macOS, Linux, ChromeOS, mobile devices and IoT devices. Ivanti Endpoint Manager suffers from a SQL injection...

7.2CVSS8.2AI score0.25814EPSS
Exploits0References1
CNVD
CNVD
added 2024/11/15 12:0 a.m.2 views

Ivanti Endpoint Manager SQL Injection Vulnerability (CNVD-2025-28688)

Ivanti Endpoint Manager is a comprehensive endpoint management solution developed by Ivanti to unify the management of all types of devices in an enterprise network, including Windows, macOS, Linux, ChromeOS, mobile devices and IoT devices. Ivanti Endpoint Manager suffers from a SQL injection...

7.2CVSS8.2AI score0.01024EPSS
Exploits0References1
CNVD
CNVD
added 2024/11/15 12:0 a.m.2 views

Ivanti Endpoint Manager SQL Injection Vulnerability (CNVD-2025-18160)

Ivanti Endpoint Manager is a comprehensive endpoint management solution developed by Ivanti to manage all endpoint devices in an enterprise network. A SQL injection vulnerability exists in Ivanti Endpoint Manager. An attacker could exploit this vulnerability to remotely execute code...

7.2CVSS8.1AI score0.01667EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/11/15 12:0 a.m.6 views

PT-2024-16852 · Zzcms · Zzcms

Name of the Vulnerable Software and Affected Versions: ZZCMS version 2023 Description: A critical issue affects some unknown functionality of the file /admin/ad list.php?action=pass of the component Keyword Filtering. The manipulation of the keyword argument leads to SQL injection. The attack may...

7.2CVSS5.7AI score0.0054EPSS
Exploits1References7
CNVD
CNVD
added 2024/11/15 12:0 a.m.3 views

Ivanti Endpoint Manager SQL Injection Vulnerability (CNVD-2025-28685)

Ivanti Endpoint Manager is a comprehensive endpoint management solution developed by Ivanti to unify the management of all types of devices in an enterprise network, including Windows, macOS, Linux, ChromeOS, mobile devices and IoT devices. An SQL injection vulnerability exists in Ivanti Endpoint...

7.8CVSS8.5AI score0.00665EPSS
Exploits0References1
Rows per page
Query Builder