CVE-2021-25205

SQL injection vulnerability in SourceCodester E-Commerce Website V 1.0 allows remote attackers to execute arbitrary SQL statements, via the update parameter to empViewUpdate.php...

CVE-2010-1950

SQL injection vulnerability in the Online News Paper Manager comjnewspaper component 1.0 for Joomla!, when magicquotesgpc is disabled, allows remote attackers to execute arbitrary SQL commands via the dateinfo parameter to index.php. NOTE: the provenance of this information is unknown; the detail...

CVE-2013-5121

SQL injection vulnerability in PHPFox before 3.6.0 build6 allows remote attackers to execute arbitrary SQL commands via the searchsortby parameter to user/browse/view/...

CyberoamOS (CROS) SQL Injection Vulnerability

CyberoamOS CROS contains a SQL injection vulnerability in the WebAdmin that allows an unauthenticated attacker to execute arbitrary SQL statements remotely...

VulnCheck KEV: CVE-2020-29574

CyberoamOS CROS contains a SQL injection vulnerability in the WebAdmin that allows an unauthenticated attacker to execute arbitrary SQL statements remotely...

PT-2024-33193 · Sas · Sas Studio

Name of the Vulnerable Software and Affected Versions: SAS Studio version 9.4 Description: A SQL injection issue exists in the /SASStudio/sasexec/sessions/sessionID/sql endpoint of SAS Studio, allowing a remote attacker to execute arbitrary SQL commands via the POST body request. This issue is...

ROS-20240911-18

A vulnerability in the pgdump utility of the PostgreSQL database management system is related to the dereferencing of a null pointer due to competitive access to a resource race condition. pointer due to competitive access to a resource race condition. Exploitation of the vulnerability could allo...

Huachu Digital Easytest Online Test Platform 安全漏洞

Huachu Digital Easytest Online Test Platform is an online test platform from Huachu Digital. A security vulnerability exists in Huachu Digital Easytest Online Test Platform version 24E01 and earlier, which stems from improper handling of the uid parameter and could allow a remote attacker to...

Huachu Digital Easytest Online Test Platform 安全漏洞

Huachu Digital Easytest Online Test Platform is an online test platform from Huachu Digital. A security vulnerability exists in Huachu Digital Easytest Online Test Platform version 24E01 and prior versions, which originates from allowing remote authenticated users to execute arbitrary SQL command...

PT-2024-5296

Name of the Vulnerable Software and Affected Versions Zohocorp ManageEngine Exchange Reporter Plus versions 5717 and below Description The issue is related to the monitoring module of Zohocorp ManageEngine Exchange Reporter Plus, where the software fails to properly protect the SQL query structur...

SUSE CVE-2009-3165

SQL injection vulnerability in the Bug.create WebService function in Bugzilla 2.23.4 through 3.0.8, 3.1.1 through 3.2.4, and 3.3.1 through 3.4.1 allows remote attackers to execute arbitrary SQL commands via unspecified parameters...

CVE-2020-24770

SQL injection vulnerability in modrules.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the id parameter...

Vinades NukeViet SQL注入漏洞

Vinades NukeViet CMS is an open source content management system CMS from Vinades Vietnam.Vinades NukeViet CMS is vulnerable to SQL injection, which originates from the topicsid parameter of the product modules/news/admin/addtotopics.php page Fails to filter input special characters, and an...

CVE-2021-26229

SQL injection vulnerability in SourceCodester CASAP Automated Enrollment System v 1.0 allows remote attackers to execute arbitrary SQL statements, via the id parameter to editstud.php...

CVE-2020-35337

ThinkSAAS before 3.38 contains a SQL injection vulnerability through app/topic/action/admin/topic.php via the title parameter, which allows remote attackers to execute arbitrary SQL commands...

CVE-2019-18344

Sourcecodester Online Grading System 1.0 is vulnerable to unauthenticated SQL injection and can allow remote attackers to execute arbitrary SQL commands via the student, instructor, department, room, class, or user page id or classid parameter...

CVE-2017-18362

ConnectWise ManagedITSync integration through 2017 for Kaseya VSA is vulnerable to unauthenticated remote commands that allow full direct access to the Kaseya VSA database. In February 2019, attackers have actively exploited this in the wild to download and execute ransomware payloads on all...

CVE-2018-10351

A vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow a remote attacker to execute arbitrary SQL statements on vulnerable installations due to a flaw in the formRegistration2 class. Authentication is required to exploit this vulnerability...

WordPress Membership Simplified SQL Injection Vulnerability

WordPress Membership Simplified is a WordPress-specific membership plugin developed by American software developer William. A SQL injection vulnerability exists in the code of the membership-simplified-for-oap-members-only/updateDB.php file in WordPress Membership Simplified version 1.58, which...

Wordpress plugin image-gallery-with-slideshow SQL injection vulnerability

WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. Wordpress plugin image-gallery-with-slideshow SQL injection vulnerability, the vulnerability stems from the program failing t...