EUVD-2019-20064

SuiteCRM 7.10.7 contains a time-based SQL injection vulnerability in the record parameter of the Users module DetailView action that allows authenticated attackers to manipulate database queries. Attackers can append SQL code to the record parameter in GET requests to the index.php endpoint to...

CVE-2019-25664

SuiteCRM 7.10.7 contains a time-based SQL injection vulnerability in the record parameter of the Users module DetailView action that allows authenticated attackers to manipulate database queries. Attackers can append SQL code to the record parameter in GET requests to the index.php endpoint to...

CVE-2019-25664

CVE-2019-25664 affects SuiteCRM 7.10.7. A time-based SQL injection exists in the Records parameter of the Users module DetailView, enabling authenticated attackers to influence database queries by appending SQL to the record parameter in GET requests to index.php. This can be used to extract sens...

CVE-2019-25664 SuiteCRM 7.10.7 SQL Injection via record Parameter

SuiteCRM 7.10.7 contains a time-based SQL injection vulnerability in the record parameter of the Users module DetailView action that allows authenticated attackers to manipulate database queries. Attackers can append SQL code to the record parameter in GET requests to the index.php endpoint to...

CVE-2019-25664 SuiteCRM 7.10.7 SQL Injection via record Parameter

SuiteCRM 7.10.7 contains a time-based SQL injection vulnerability in the record parameter of the Users module DetailView action that allows authenticated attackers to manipulate database queries. Attackers can append SQL code to the record parameter in GET requests to the index.php endpoint to...

PT-2026-30473

SuiteCRM 7.10.7 contains a time-based SQL injection vulnerability in the record parameter of the Users module DetailView action that allows authenticated attackers to manipulate database queries. Attackers can append SQL code to the record parameter in GET requests to the index.php endpoint to...

EUVD-2020-30917

berliCRM 1.0.24 contains a SQL injection vulnerability in the 'srcrecord' parameter that allows remote attackers to manipulate database queries. Attackers can inject malicious SQL code through a crafted POST request to the index.php endpoint to potentially extract or modify database information...

CVE-2020-37006 berliCRM 1.0.24 - 'src_record' SQL Injection

berliCRM 1.0.24 contains a SQL injection vulnerability in the 'srcrecord' parameter that allows remote attackers to manipulate database queries. Attackers can inject malicious SQL code through a crafted POST request to the index.php endpoint to potentially extract or modify database information...

BerliCRM SQL Injection Vulnerability

berliCRM is a customer management system developed by the German company berliCRM. Version 1.0.24 of berliCRM contains a SQL injection vulnerability. This vulnerability stems from the srcrecord parameter in the index.php endpoint, which may lead to manipulative database queries...

PT-2026-5281

berliCRM 1.0.24 contains a SQL injection vulnerability in the 'src record' parameter that allows remote attackers to manipulate database queries. Attackers can inject malicious SQL code through a crafted POST request to the index.php endpoint to potentially extract or modify database information...

PT-2025-52728

Name of the Vulnerable Software and Affected Versions itsourcecode Student Management System version 1.0 Description A security flaw exists in itsourcecode Student Management System 1.0. The issue involves SQL injection within the /record.php file, triggered by manipulating the ID argument. This...

CVE-2024-12938

A vulnerability has been found in code-projects Simple Admin Panel 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file updateOrderStatus.php. The manipulation of the argument record leads to sql injection. The attack can be launched remotely. The...

Code-Projects Simple Admin Panel 安全漏洞

Code-Projects Simple Admin Panel is a simple admin panel for Code-Projects open source. A security vulnerability exists in Code-Projects Simple Admin Panel version 1.0, which stems from a SQL injection vulnerability in the record parameter of the editItemForm.php file...

Code-Projects Simple Admin Panel 注入漏洞

Code-Projects Simple Admin Panel is a simple admin panel for Code-Projects open source. An injection vulnerability exists in Code-Projects Simple Admin Panel version 1.0, which stems from an SQL injection vulnerability in the record parameter of the updateOrderStatus.php file...

PT-2024-28811 · Idccms · Idccms

Name of the Vulnerable Software and Affected Versions: idccms version 1.35 Description: A Cross-Site Request Forgery CSRF issue was discovered in idccms. The vulnerability can be exploited via the "/admin/moneyRecord deal.php" endpoint, specifically when the mudi parameter is set to "delRecord"...

Student Management System 跨站脚本漏洞

Student Management System is a simple web-based student management software. A cross-site scripting vulnerability exists in Student Management System version 1.0, which stems from the lack of effective filtering and escaping of user-supplied data in the FirstRecord parameter of the unitsview.php...

PT-2024-26431 · Campcodes · Campcodes Complete Online Student Management System

Name of the Vulnerable Software and Affected Versions: Campcodes Complete Online Student Management System version 1.0 Description: A problematic vulnerability has been found in the attendance view.php file, where the manipulation of the FirstRecord argument leads to cross-site scripting. This...

CVE-2007-3598

index.php in vtiger CRM before 5.0.3 allows remote authenticated users to obtain all users' names and e-mail addresses, and possibly change user settings, via a modified record parameter in a DetailView action to the Users module. NOTE: the vendor disputes the changing of settings, reporting that...