PT-2024-36440 · Unknown · Kashipara E-Learning Management System

Name of the Vulnerable Software and Affected Versions: kashipara E-learning Management System version 1.0 Description: A SQL Injection issue was found in the /admin/edit user.php file, allowing remote attackers to execute arbitrary SQL commands and gain unauthorized access to the database via the...

CVE-2024-54921

A SQL Injection was found in /studentsignup.php in kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the username, firstname, lastname, and classid parameters...

PT-2024-34342 · Unknown · Elefant Firebird

Name of the Vulnerable Software and Affected Versions: Elefant Firebird database versions prior to 24.03.03 Description: An unauthenticated attacker with access to the local network of a medical office can use known default credentials to gain remote DBA access to the Elefant Firebird database...

CVE-2024-48280

A SQL Injection vulnerability was found in /search-result.php of PHPGurukul User Registration & Login and User Management System 3.2, which allows remote attackers to execute arbitrary SQL command via the fromdate parameter in a POST HTTP request...

PT-2024-39974 · Code Projects · Code-Projects Pharmacy Management System

Name of the Vulnerable Software and Affected Versions: code-projects Pharmacy Management System version 1.0 Description: A critical issue has been discovered, affecting the file /php/manage customer.php. The manipulation of the text argument leads to SQL injection. This issue can be exploited...

PT-2024-33068 · Unknown · Phpgurukul User Registration & Login/User Management System

Name of the Vulnerable Software and Affected Versions: PHPGurukul User Registration & Login and User Management System version 3.2 Description: A SQL Injection issue was found in the /password-recovery.php file, allowing remote attackers to execute arbitrary SQL commands and gain unauthorized...

PT-2024-39840 · Unknown · Lylme Spage

Name of the Vulnerable Software and Affected Versions: LyLme spage version 1.9.5 Description: A critical issue affects the processing of the file /admin/apply.php. The manipulation of the id argument leads to SQL injection. The attack can be initiated remotely. Recommendations: For LyLme spage...

PT-2024-39577 · Sourcecodester · Sourcecodester Advocate Office Management System

Name of the Vulnerable Software and Affected Versions: SourceCodester Advocate Office Management System version 1.0 Description: A critical issue affects the processing of the file /control/edit client.php, where the manipulation of the id argument leads to SQL injection. The attack can be...

CVE-2024-7499

A vulnerability was found in itsourcecode Airline Reservation System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file flights.php. The manipulation of the argument departureairportid leads to sql injection. The attack can be launched...

CVE-2024-7278

A vulnerability was found in itsourcecode Alton Management System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/teamsave.php. The manipulation of the argument team leads to sql injection. It is possible to initiate the attack remotely. The exploit has be...

The vulnerability of the templateadd.php file in the Tailoring Management System allows a malicious individual to execute arbitrary SQL code, gain unauthorized access to read, modify, or delete data, or cause service interruptions.

The vulnerability of the templateadd.php file in the Tailoring Management System relates to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows an attacker who operates remotely to execute arbitrary SQL code, gain unauthorized access to read, modify, ...

CVE-2024-5134

A vulnerability was found in SourceCodester Electricity Consumption Monitoring Tool 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /endpoint/delete-bill.php. The manipulation of the argument bill leads to sql injection. The attack can be initiated...

CVE-2024-5107

A vulnerability, which was classified as critical, has been found in Campcodes Complete Web-Based School Management System 1.0. This issue affects some unknown processing of the file /view/studentpaymentdetails2.php. The manipulation of the argument index leads to sql injection. The attack may be...

CVE-2024-4609

A vulnerability exists in the Rockwell Automation FactoryTalk® View SE Datalog function that could allow a threat actor to inject a malicious SQL statement if the SQL database has no authentication in place or if legitimate credentials were stolen. If exploited, the attack could result in...

CVE-2024-4609

A vulnerability exists in the Rockwell Automation FactoryTalk® View SE Datalog function that could allow a threat actor to inject a malicious SQL statement if the SQL database has no authentication in place or if legitimate credentials were stolen. If exploited, the attack could result in...

CVE-2024-4609 Rockwell Automation Datalog Function within in FactoryTalk® View SE contains SQL Injection Vulnerability

A vulnerability exists in the Rockwell Automation FactoryTalk® View SE Datalog function that could allow a threat actor to inject a malicious SQL statement if the SQL database has no authentication in place or if legitimate credentials were stolen. If exploited, the attack could result in...

CVE-2024-4609 Rockwell Automation Datalog Function within in FactoryTalk® View SE contains SQL Injection Vulnerability

A vulnerability exists in the Rockwell Automation FactoryTalk® View SE Datalog function that could allow a threat actor to inject a malicious SQL statement if the SQL database has no authentication in place or if legitimate credentials were stolen. If exploited, the attack could result in...

PT-2024-3630 · Rockwell Automation · Factorytalk View Se

Name of the Vulnerable Software and Affected Versions: Rockwell Automation FactoryTalk View SE Datalog function Description: A threat actor could inject a malicious SQL statement if the SQL database has no authentication in place or if legitimate credentials were stolen. This could result in...

ITB-GmbH TradePro 安全漏洞

ITB-GmbH TradePro is a complete B2B e-shop from ITB-GmbH. A security vulnerability exists in ITB-GmbH TradePro v9.5. A remote attacker exploits the vulnerability to run SQL queries via the oordershow component in the customer function...

CVE-2024-2453

There is an SQL injection vulnerability in Advantech WebAccess/SCADA software that allows an authenticated attacker to remotely inject SQL code in the database. Successful exploitation of this vulnerability could allow an attacker to read or modify data on the remote database...