PT-2024-7376 · Unknown · Edonline Ems

Name of the Vulnerable Software and Affected Versions: EdOnline EMS affected versions not specified Description: The issue is related to the lack of protection for the SQL query structure in EdOnline EMS, which could allow a remote attacker to disclose protected information. Recommendations: At t...

The vulnerability of the multi-site content management system UMI CMS, related to the lack of measures taken to protect the SQL query structure, allows for the execution of arbitrary SQL queries.

The vulnerability of the multi-site content management system UMI CMS is related to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL queries through the comment creation function of the forum...

The vulnerability of the Zohocorp ManageEngine Exchange Reporter Plus software, which is related to the lack of measures taken to protect the SQL query structure, allows attackers to execute arbitrary SQL queries against the database.

The vulnerability of the monitoring, analysis, and reporting software Zohocorp ManageEngine Exchange Reporter Plus is related to the lack of security measures for SQL query structures. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL queries against the database...

The vulnerability of the 1Panel Linux server control panel, related to the lack of security measures for SQL query structures, allows attackers to gain unauthorized access to protected information and execute arbitrary code.

The vulnerability of the 1Panel Linux server’s control panel is related to the lack of measures taken to protect the SQL query structure when processing the orderBy parameter. Exploiting this vulnerability allows an attacker to gain unauthorized access to protected information and execute arbitra...

The vulnerability of the setgeneral.php file in the Tailoring Management System (TMS) allows a hacker to execute arbitrary SQL code, gain unauthorized access to read, modify, or delete data, or cause service interruptions.

The vulnerability of the setgeneral.php file in the Tailoring Management System TMS involves a lack of security measures for the SQL query structure. Exploiting this vulnerability allows an attacker to execute arbitrary SQL code, gain unauthorized access to read, modify, or delete data, or cause ...

The vulnerability of the Arfa-CMS content management system lies in the lack of measures taken to protect the SQL query structure, allowing for the execution of arbitrary SQL queries.

The vulnerability of the Arfa-CMS content management system is related to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL queries remotely...

The vulnerability of the gin-vue-admin administrative panel software lies in the lack of measures taken to protect the SQL query structure, allowing attackers to execute arbitrary SQL queries.

The vulnerability of the gin-vue-admin administrative panel-related software lies in the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows a remote attacker to execute arbitrary SQL queries...

The vulnerability of microprogrammed software in biometric terminal models ZkTeco ProFace X, Smartec ST-FR043, and Smartec ST-FR041ME arises from the lack of protective measures for the SQL query structure. This allows attackers to execute arbitrary SQL code, circumvent security restrictions, and gain unauthorized access to protected information.

The vulnerability of microprogrammed software in biometric terminal devices such as ZkTeco ProFace X, Smartec ST-FR043, and Smartec ST-FR041ME is related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows attackers to execute arbitrary SQL code,...

The vulnerability of the query_contract_result function in the MCUDBHelper component of the corporate version of the PowerPanel Enterprise monitoring and control system allows a perpetrator to disclose protected information.

The vulnerability of the querycontractresult function in the MCUDBHelper component of the corporate version of the PowerPanel Enterprise monitoring and power source management system is related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability can allow...

The vulnerability of the Mura/Masa CMS system, related to the lack of measures taken to protect the SQL query structure, allows attackers to access the protected information.

The vulnerability of the Mura/Masa CMS system is related to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability can allow an attacker, operating remotely, to gain access to the protected information...

The vulnerability of the login.php file of the Loan Management System allows a perpetrator to execute arbitrary SQL code.

The vulnerability of the login.php file of the Loan Management System is related to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows an attacker who operates remotely to execute arbitrary SQL code through the username parameter...

The vulnerability of the software for coordinating the operation of security systems and for managing incident responses in real-time with Fortinet FortiSOAR lies in the lack of protection for the SQL query structure, allowing attackers to execute arbitrary code.

The vulnerability of the software for coordinating the operation of security systems and for managing incident responses in real-time with Fortinet FortiSOAR is related to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to...

The vulnerability of the Fortinet FortiPortal security analysis and management tool lies in the lack of protective measures for the SQL query structure, allowing attackers to disclose protected information.

The vulnerability of the Fortinet FortiPortal security analysis and management tool is related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor to disclose the protected information...

The vulnerability of the GetRulesetsSQL method in the Ivanti Endpoint Manager software for managing endpoints in information networks allows a hacker to execute arbitrary code.

The vulnerability of the GetRulesetsSQL method in the Ivanti Endpoint Manager software for managing endpoints in information networks relates to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using a...

The vulnerability of the RecordGoodApp method in the Ivanti Endpoint Manager software for managing endpoints in information networks allows a hacker to execute arbitrary code.

The vulnerability of the RecordGoodApp method in the Ivanti Endpoint Manager software for managing endpoints in information networks relates to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using a...

The vulnerability of the `BaproductzoommagnifierZoomModuleFrontController::run()` method in the Best Zoom Magnifier Effect module – BAZoom Magnifier, a open-source e-commerce web application for PrestaShop. This vulnerability allows an attacker to elevate their privileges and gain access to read, modify, or delete data.

The vulnerability of the BaproductzoommagnifierZoomModuleFrontController::run method in the Best Zoom Magnifier Effect – BAZoom Magnifier web application for e-commerce with open-source PrestaShop is related to the lack of protective measures for the SQL query structure. Exploiting this...

The vulnerability in the projets.php script of the SOPlanning CMS system allows a hacker to execute arbitrary SQL queries.

The vulnerability of the projets.php script within the SOPlanning CMS system is related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL queries remotely...

The vulnerability of the GLPI system’s request, incident, and computer equipment inventory management processes, related to the failure to protect the SQL request structure, allows attackers to execute arbitrary SQL queries.

The vulnerability of the GLPI system’s request, incident, and computer equipment inventory management functions is related to the lack of measures taken to protect the SQL request structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL queries remotely...

The vulnerability of the Advantech WebAccess remote monitoring software lies in the lack of security measures for SQL query structures, allowing attackers to execute arbitrary SQL queries against the database.

The vulnerability of the Advantech WebAccess remote monitoring software lies in the lack of security measures for SQL query structures. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL queries against the database remotely...

PT-2024-2354 · Advantech · Advantech Webaccess/Scada

Name of the Vulnerable Software and Affected Versions: Advantech WebAccess/SCADA affected versions not specified Description: The issue is related to a lack of protection against SQL query structure attacks, allowing a remote attacker to execute arbitrary SQL queries on the database. This can...