CVE-2022-36669

Hospital Information System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass...

CVE-2022-39817

In NOKIA 1350 OMS R14.2, multiple SQL Injection vulnerabilities occurs. Exploitation requires an authenticated attacker. Through the injection of arbitrary SQL statements, a potential authenticated attacker can modify query syntax and perform unauthorized and unexpected operations against the...

Sql injection

In NOKIA 1350 OMS R14.2, multiple SQL Injection vulnerabilities occurs. Exploitation requires an authenticated attacker. Through the injection of arbitrary SQL statements, a potential authenticated attacker can modify query syntax and perform unauthorized and unexpected operations against the...

NOKIA 1350 OMS SQL注入漏洞

NOKIA 1350 OMS is an optical management system from Nokia Finland. A SQL injection vulnerability exists in NOKIA 1350 OMS version R14.2, which can be exploited by an attacker to inject arbitrary SQL statements, modify query syntax and perform unauthorized operations on a remote database...

Readymade Job Portal Script SQL Injection Vulnerability

Readymade Job Portal Script suffers from a remote SQL injection vulnerability. The researcher requested version information from the vendor while reporting the vulnerability but the company has been unresponsive. ┌──── From The Ashes and Dust Rises An Unimaginable crack.... ────┐...

Matrimonial PHP Script 1.0 SQL Injection

┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...

CVE-2017-20029

A vulnerability was found in PHPList 3.2.6 and classified as critical. This issue affects some unknown processing of the file /lists/index.php of the component Edit Subscription. The manipulation leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the...

CVE-2022-28862

In Archibus Web Central before 26.2, multiple SQL Injection vulnerabilities occur in dwr/call/plaincall/workflow.runWorkflowRule.dwr. Through the injection of arbitrary SQL statements, a potential attacker can modify query syntax and perform unauthorized and unexpected operations against the remo...

CVE-2022-28862

In Archibus Web Central before 26.2, multiple SQL Injection vulnerabilities occur in dwr/call/plaincall/workflow.runWorkflowRule.dwr. Through the injection of arbitrary SQL statements, a potential attacker can modify query syntax and perform unauthorized and unexpected operations against the remo...

Sql injection

In Archibus Web Central before 26.2, multiple SQL Injection vulnerabilities occur in dwr/call/plaincall/workflow.runWorkflowRule.dwr. Through the injection of arbitrary SQL statements, a potential attacker can modify query syntax and perform unauthorized and unexpected operations against the remo...

DEBIAN-CVE-2021-43008

Improper Access Control in Adminer versions 1.12.0 to 4.6.2 fixed in version 4.6.3 allows an attacker to achieve Arbitrary File Read on the remote server by requesting the Adminer to connect to a remote MySQL database...

UBUNTU-CVE-2021-43008

Improper Access Control in Adminer versions 1.12.0 to 4.6.2 fixed in version 4.6.3 allows an attacker to achieve Arbitrary File Read on the remote server by requesting the Adminer to connect to a remote MySQL database...

PT-2022-11760 · Adminer · Adminer

Name of the Vulnerable Software and Affected Versions: Adminer versions 1.12.0 through 4.6.2 Description: The issue allows an attacker to achieve arbitrary file read on a remote server by requesting Adminer to connect to a remote MySQL database, due to improper access control. Recommendations: Fo...

CVE-2021-44249

Online Motorcycle Bike Rental System 1.0 is vulnerable to a Blind Time-Based SQL Injection attack within the login portal. This can lead attackers to remotely dump MySQL database credentials...

Apache Log4j 代码问题漏洞

Apache Log4j is a Java-based open source logging tool from the Apache Foundation. Apache log4j Chainsaw is vulnerable to deserialized code execution. The vulnerability stems from insufficient cleanup of user-supplied data in JDBCAppender in a non-default configuration with JDBCAppender enabled. A...

The vulnerability of the “company_filter” parameter in the “user_list” component of the Advantech R-SeeNet monitoring software allows a hacker to execute arbitrary SQL queries.

The vulnerability of the “companyfilter” parameter in the “userlist” component of the Advantech R-SeeNet monitoring software for router status and functions is related to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to execu...

Bus Pass Management System 1.0 - (Search) SQL injection Vulnerability

Exploit Title: Bus Pass Management System 1.0 - 'Search' SQL injection Exploit Author: Abhijeet Singh Vendor Homepage: https://phpgurukul.com/ Software Link: https://phpgurukul.com/bus-pass-management-system-using-php-and-mysql/ Version: v-1.0 Default Tested on: macOS MontereyVersion 12.0.1 SQL...

The vulnerability of the Zabbix universal monitoring system, related to improper cleaning of user data in the “hostinventoriesoverview.php” script, allows a hacker to execute arbitrary SQL commands.

The vulnerability of the Zabbix universal monitoring system is related to improper cleaning of user data in the script “hostinventoriesoverview.php”. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL commands by sending specially crafted queries remotely...

Eaglesoft 信任管理问题漏洞

Eaglesoft is a software application.Eaglesoft is dental software that we call PMS or Practice Management Software. It contains charting information, insurance, patient information, scheduling, scanned documents, and in some cases X-rays if the office is licensed for imaging. Patterson Eaglesoft A...

PT-2021-17127 · Unknown · Phpgurukul Student Record System

Name of the Vulnerable Software and Affected Versions: PHPGurukul Student Record System version 4.0 Description: The issue allows remote attackers to execute arbitrary SQL statements. This is achieved via the cid parameter to the "edit-course.php" endpoint. Recommendations: For PHPGurukul Student...