PT-2024-33193 · Sas · Sas Studio

Name of the Vulnerable Software and Affected Versions: SAS Studio version 9.4 Description: A SQL injection issue exists in the /SASStudio/sasexec/sessions/sessionID/sql endpoint of SAS Studio, allowing a remote attacker to execute arbitrary SQL commands via the POST body request. This issue is...

CVE-2024-10416

A vulnerability was found in code-projects Blood Bank Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /file/cancel.php. The manipulation of the argument reqid leads to sql injection. The attack may be initiated remotely. The exploit has bee...

CVE-2024-10376

A vulnerability was found in ESAFENET CDG 5. It has been declared as critical. This vulnerability affects the function actionPassOrNotAutoSign of the file /com/esafenet/servlet/service/processsign/AutoSignService.java. The manipulation of the argument UniqueId leads to sql injection. The attack c...

CVE-2024-10349

A vulnerability was found in SourceCodester Best House Rental Management System 1.0 and classified as critical. Affected by this issue is the function deletetenant of the file /ajax.php?action=deletetenant. The manipulation of the argument id leads to sql injection. The attack may be launched...

CVE-2024-10337

A vulnerability classified as critical has been found in SourceCodeHero Clothes Recommendation System 1.0. Affected is an unknown function of the file /admin/home.php?con=add. The manipulation of the argument cat/subcat/ t1/t2/text leads to sql injection. It is possible to launch the attack...

CVE-2024-10195

A vulnerability was found in Tecno 4G Portable WiFi TR118 V008-20220830. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /goform/goformgetcmdprocess of the component SMS Check. The manipulation of the argument orderby leads to sql injection...

CVE-2024-10133

A vulnerability has been found in ESAFENET CDG 5 and classified as critical. Affected by this vulnerability is the function updateNetSecPolicyPriority of the file /com/esafenet/servlet/ajax/NetSecPolicyAjax.java. The manipulation of the argument id/frontId leads to sql injection. The attack can b...

CVE-2024-9974

A vulnerability was found in SourceCodester Online Eyewear Shop 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file classes/Master.php?f=addtocard of the component POST Request Handler. The manipulation of the argument productid leads to s...

CVE-2024-9317

The CVE-2024-9317 affects SourceCodester Online Eyewear Shop 1.0, specifically the function delete_category in /classes/Master.php?f=delete_category. The vulnerability is an SQL injection triggered by manipulating the id argument, allowing remote exploitation. The public disclosure is noted in th...

CVE-2024-9085

A vulnerability was found in code-projects Restaurant Reservation System 1.0. It has been rated as critical. This issue affects some unknown processing of the file index.php. The manipulation of the argument date leads to sql injection. The attack may be initiated remotely. The exploit has been...

CVE-2024-8762

CVE-2024-8762 affects code-projects Crud Operation System 1.0. The vulnerability is an SQL injection in the /updatedata.php file caused by unsafe handling of the sid parameter, exploitable remotely. Multiple sources corroborate that the impact can compromise confidentiality, integrity, and availa...

ROS-20240911-18

A vulnerability in the pgdump utility of the PostgreSQL database management system is related to the dereferencing of a null pointer due to competitive access to a resource race condition. pointer due to competitive access to a resource race condition. Exploitation of the vulnerability could allo...

CVE-2024-8564

A vulnerability was found in SourceCodester PHP CRUD 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /endpoint/update.php. The manipulation of the argument tblpersonid/firstname/middlename/lastname leads to sql injection. The attack can be initiated...

CVE-2024-8561

CVE-2024-8561 affects SourceCodester PHP CRUD 1.0, specifically the Delete Person Handler in /endpoint/delete.php. The vulnerability arises from manipulating the person parameter, leading to SQL injection that can be exploited remotely. The connected sources confirm the affected component and att...

CVE-2024-8416

SourceCodester Food Ordering Management System 1.0 contains a SQL injection in /routers/ticket-status.php via the ticket_id parameter. The vulnerability is exploitable remotely and has been disclosed publicly. Root cause: improper handling of the ticket_id input leading to SQL injection. Impact r...

Huachu Digital Easytest Online Test Platform 安全漏洞

Huachu Digital Easytest Online Test Platform is an online test platform from Huachu Digital. A security vulnerability exists in Huachu Digital Easytest Online Test Platform version 24E01 and earlier, which stems from improper handling of the uid parameter and could allow a remote attacker to...

Huachu Digital Easytest Online Test Platform 安全漏洞

Huachu Digital Easytest Online Test Platform is an online test platform from Huachu Digital. A security vulnerability exists in Huachu Digital Easytest Online Test Platform version 24E01 and prior versions, which originates from allowing remote authenticated users to execute arbitrary SQL command...

CVE-2024-8301

A vulnerability was found in dingfanzu CMS up to 29d67d9044f6f93378e6eb6ff92272217ff7225c. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /ajax/checkin.php. The manipulation of the argument username leads to sql injection. The attack can b...

CVE-2024-8147

The CVE-2024-8147 entry concerns the code-projects Pharmacy Management System version 1.0. The vulnerability arises in the handling of the parameter id in the endpoint "/index.php?action=editPharmacist", where unsanitized input leads to SQL injection . This can be exploited remotely and is classi...

CVE-2024-8146

A vulnerability has been found in code-projects Pharmacy Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /index.php?action=editSalesman. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The...