CVE-2024-2453

CVE-2024-2453 affects Advantech WebAccess/SCADA (browser-based SCADA). The vulnerability is an SQL Injection in WebAccess/SCADA: an authenticated attacker can remotely inject SQL code into the database, potentially reading or modifying data on the remote database. Affected product/version: WebAcc...

The vulnerability of the monitoringwizard.php file, a monitoring tool for IT infrastructure, allows a malicious actor to execute arbitrary SQL queries.

The vulnerability of the monitoringwizard.php file, a tool for monitoring IT infrastructure, relates to the possibility of embedding commands. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL queries remotely...

PT-2024-20422 · Unknown · Employee Management System

Name of the Vulnerable Software and Affected Versions: Employee Management System version 1.0 Description: The issue allows a remote attacker to execute arbitrary SQL commands via the txtusername and txtpassword parameters in the "login.php" component. This enables the attacker to manipulate the...

PT-2024-15600 · Taokeyun · Taokeyun

Name of the Vulnerable Software and Affected Versions: Taokeyun versions up to 1.0.5 Description: A critical issue was found in the HTTP POST Request Handler component, specifically affecting the function index of the file application/index/controller/app/Task.php. The manipulation of the cid...

CVE-2024-0287

A vulnerability was found in Kashipara Food Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file itemBillPdf.php. The manipulation of the argument printid leads to sql injection. The attack may be launched remotely. The exploit has...

VulnCheck KEV: CVE-2022-38130

The com.keysight.tentacle.config.ResourceManager.smsRestoreDatabaseZip method is used to restore the HSQLDB database used in SMS. It takes the path of the zipped database file as the single parameter. An unauthenticated, remote attacker can specify an UNC path for the database file i.e.,...

CVE-2022-36276

TCMAN GIM v8.0.1 is vulnerable to a SQL injection via the 'SqlWhere' parameter inside the function 'BuscarESM'. The exploitation of this vulnerability might allow a remote attacker to directly interact with the database...

PT-2023-5692 · D Link · D-Link D-View

Name of the Vulnerable Software and Affected Versions: D-Link D-View affected versions not specified Description: This issue allows remote attackers to bypass authentication on affected installations of D-Link D-View. The specific flaw exists within the InstallApplication class, which contains a...

CVE-2023-5152

UNSUPPORTED WHEN ASSIGNED A vulnerability, which was classified as critical, has been found in D-Link DAR-7000 and DAR-8000 up to 20151231. Affected by this issue is some unknown functionality of the file /importexport.php. The manipulation of the argument sql leads to sql injection. The attack m...

CVE-2023-3534

A vulnerability was found in SourceCodester Shopping Website 1.0. It has been classified as critical. Affected is an unknown function of the file checkavailability.php. The manipulation of the argument email leads to sql injection. It is possible to launch the attack remotely. The exploit has bee...

PT-2023-20839 · Unknown · Sourcecodester Billing Management System

Name of the Vulnerable Software and Affected Versions: SourceCodester Billing Management System version 1.0 Description: A critical vulnerability was found in the SourceCodester Billing Management System. This issue affects the file editproduct.php of the component GET Parameter Handler. The...

MariaDB 10.8.0 < 10.8.8

The version of MariaDB installed on the remote host is prior to 10.8.8. It is, therefore, affected by a vulnerability as referenced in the 10.8.8 advisory. - MariaDB Server before 10.3.34 thru 10.9.3 is vulnerable to Denial of Service. It is possible for function spiderdbmbase::printwarnings to...

PT-2023-9169 · Unknown · Schuhfried

Name of the Vulnerable Software and Affected Versions: SCHUHFRIED version 8.22.00 Description: The issue is related to the use of hardcoded credentials in the SCHUHFRIED system, which can be exploited by a remote attacker to obtain access to protected information using a specially crafted curl...

CVE-2023-1058

A vulnerability classified as critical has been found in SourceCodester Doctors Appointment System 1.0. This affects an unknown part of the file create-account.php. The manipulation of the argument newemail leads to sql injection. It is possible to initiate the attack remotely. The exploit has be...

SUSE CVE-2005-2148

Cacti 0.8.6e and earlier does not perform proper input validation to protect against common attacks, which allows remote attackers to execute arbitrary commands or SQL by sending a legitimate value in a POST request or cookie, then specifying the attack string in the URL, which causes the...

SUSE CVE-2016-5843

Multiple SQL injection vulnerabilities in the FAQ package 2.x before 2.3.6, 4.x before 4.0.5, and 5.x before 5.0.5 in Open Ticket Request System OTRS allow remote attackers to execute arbitrary SQL commands via crafted search parameters...

CVE-2023-0534

A vulnerability, which was classified as critical, was found in SourceCodester Online Tours & Travels Management System 1.0. This affects an unknown part of the file admin/expensereport.php. The manipulation of the argument todate leads to sql injection. It is possible to initiate the attack...

PT-2023-15094 · Nexusphp · Nexusphp

Name of the Vulnerable Software and Affected Versions: NexusPHP versions prior to 1.7.33 Description: The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via the conuser parameter in "takeconfirm.php", the delcheater parameter in "cheaterbox.php", or the user...

CVE-2022-45444

Sewio’s Real-Time Location System RTLS Studio version 2.0.0 up to and including version 2.6.2 contains hard-coded passwords for select users in the application’s database. This could allow a remote attacker to login to the database with unrestricted access...

CVE-2022-4277

A vulnerability was found in Shaoxing Background Management System. It has been declared as critical. This vulnerability affects unknown code of the file /Default/Bd. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed t...