8289 matches found
ChurchCRM 安全漏洞
ChurchCRM is an open source CRM system built for churches by ChurchCRM Open Source. A security vulnerability exists in ChurchCRM version 5.7.0 that originates from parameters being inserted directly into SQL queries without proper cleanup or validation. An attacker can exploit this vulnerability ...
The vulnerability of the Ivanti Endpoint Manager software for managing endpoints in information networks lies in the lack of protective measures for SQL query structures, allowing attackers to execute arbitrary code.
The vulnerability of the Ivanti Endpoint Manager software for managing endpoints in information networks relates to the lack of security measures taken to protect the SQL query structure. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
CVE-2024-9828
The Taskbuilder WordPress plugin before 3.0.5 does not sanitize user input into the 'loadorders' parameter and uses it in a SQL statement, allowing high privilege users such as admin to perform SQL Injection attacks...
WordPress plugin Tutor LMS SQL注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection...
Teknogis Informatics Closed Circuit Vehicle Tracking Software SQL注入漏洞
Teknogis Informatics Closed Circuit Vehicle Tracking Software is a closed circuit vehicle tracking software from Teknogis Informatics. Teknogis Informatics Closed Circuit Vehicle Tracking Software version 21.11.2024 and prior versions suffer from a SQL injection vulnerability that stems from...
PT-2024-38034 · Teknogis Informatics · Teknogis Informatics Closed Circuit Vehicle Tracking
Name of the Vulnerable Software and Affected Versions: Teknogis Informatics Closed Circuit Vehicle Tracking Software versions through 21.11.2024 Description: The issue is related to improper neutralization of special elements used in an SQL command, allowing SQL Injection and Blind SQL Injection...
WordPress plugin Post Ideas 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...
SourceCodester Sentiment Based Movie Rating System 安全漏洞
SourceCodester Sentiment Based Movie Rating System is an open source movie rating system from SourceCodester. A security vulnerability exists in SourceCodester Sentiment Based Movie Rating System version 1.0, which stems from vulnerability to SQL injection attacks...
PT-2024-35408 · Sourcecodester · Sourcecodester Sentiment Based Movie Rating System
Name of the Vulnerable Software and Affected Versions: SourceCodester Sentiment Based Movie Rating System version 1.0 Description: The issue concerns a SQL Injection vulnerability in the /msrps/movies.php endpoint. This allows an attacker to remotely manipulate database queries. Recommendations:...
Weaver e-cology 安全漏洞
Weaver e-cology is a collaborative management application platform from China's Weaver. A security vulnerability exists in Weaver e-cology v9, which is prone to SQL injection attacks...
CVE-2021-1481 Cisco SD-WAN vManage Cypher Query Language Injection Vulnerability
A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct Cypher query language injection attacks on an affected system. This vulnerability is due to insufficient input validation by the web-based management...
CVE-2021-1481 Cisco SD-WAN vManage Cypher Query Language Injection Vulnerability
A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct Cypher query language injection attacks on an affected system. This vulnerability is due to insufficient input validation by the web-based management...
CVE-2024-11245
A vulnerability, which was classified as critical, has been found in code-projects Farmacia 1.0. This issue affects some unknown processing of the file /editar-produto.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been...
JeeWMS 注入漏洞
JeeWMS is JeeWMS open source a JAVA-based warehouse management system . JeeWMS 20241108 and earlier versions have an injection vulnerability that stems from the parameter begindate in the file cgReportController.do can lead to SQL injection...
The vulnerability of the Fortinet FortiManager software, which is used for centralized device management, and the Fortinet FortiAnalyzer software, which is used for event monitoring and analysis, stems from improper validation of input data. This vulnerability allows an attacker to gain access to information about the file system.
The vulnerability of the Fortinet FortiManager software, which is used for centralized device management, and the Fortinet FortiAnalyzer software, which is used for event monitoring and analysis, is related to improper validation of input data. Exploiting this vulnerability can allow attackers to...
Ivanti Endpoint Manager SQL Injection Vulnerability (CNVD-2025-28690)
Ivanti Endpoint Manager is a comprehensive endpoint management solution developed by Ivanti to unify the management of all types of devices in an enterprise network, including Windows, macOS, Linux, ChromeOS, mobile devices and IoT devices. Ivanti Endpoint Manager suffers from a SQL injection...
Ivanti Endpoint Manager SQL Injection Vulnerability (CNVD-2025-28688)
Ivanti Endpoint Manager is a comprehensive endpoint management solution developed by Ivanti to unify the management of all types of devices in an enterprise network, including Windows, macOS, Linux, ChromeOS, mobile devices and IoT devices. Ivanti Endpoint Manager suffers from a SQL injection...
Ivanti Endpoint Manager SQL Injection Vulnerability (CNVD-2025-18160)
Ivanti Endpoint Manager is a comprehensive endpoint management solution developed by Ivanti to manage all endpoint devices in an enterprise network. A SQL injection vulnerability exists in Ivanti Endpoint Manager. An attacker could exploit this vulnerability to remotely execute code...
PT-2024-16852 · Zzcms · Zzcms
Name of the Vulnerable Software and Affected Versions: ZZCMS version 2023 Description: A critical issue affects some unknown functionality of the file /admin/ad list.php?action=pass of the component Keyword Filtering. The manipulation of the keyword argument leads to SQL injection. The attack may...
Ivanti Endpoint Manager SQL Injection Vulnerability (CNVD-2025-28685)
Ivanti Endpoint Manager is a comprehensive endpoint management solution developed by Ivanti to unify the management of all types of devices in an enterprise network, including Windows, macOS, Linux, ChromeOS, mobile devices and IoT devices. An SQL injection vulnerability exists in Ivanti Endpoint...