PT-2022-17099 · WordPress · Wp Statistics

Name of the Vulnerable Software and Affected Versions: WP Statistics versions up to and including 13.1.5 Description: The issue is related to SQL Injection due to insufficient escaping and parameterization of the current page id parameter found in the /includes/class-wp-statistics-hits.php file...

vulhub

This is a pre-built vulnerable environment based on Docker-Compose, maintained by the Vulhub project. The repository contains a collection of vulnerable applications and services, including CouchDB, FFmpeg, Git, and more, which can be used for testing and training purposes. The environment is...

PT-2022-11936 · Synology · Synology Diskstation Manager

Name of the Vulnerable Software and Affected Versions: Synology DiskStation Manager DSM versions prior to 7.0.1-42218-2 Description: The issue is related to improper neutralization of special elements used in an SQL command, also known as SQL Injection, in the Security Management functionality...

CVE-2021-46198

An SQL Injection vulnerability exists in Sourceodester Courier Management System 1.0 via the email parameter in /cms/ajax.php app...

PT-2022-12632 · Sourcecodester · Employee/Visitor Gate Pass Logging System

Name of the Vulnerable Software and Affected Versions: Sourcecodester Employee and Visitor Gate Pass Logging System version 1.0 Description: An SQL Injection issue exists via the username parameter. Recommendations: For version 1.0, avoid using the username parameter in the affected API endpoint...

Sourcecodester Simple Music Clour Community System SQL注入漏洞

Sourcecodester Simple Music Clour Community System is a simple music cloud community system. sourcecodester Simple Music Clour Community System has a SQL injection vulnerability in version v1.0, which originates from the product / music/ajax.php page fails to properly filter the email parameter f...

Vulnerabilities fixed in WordPress

WordPress developers have fixed several vulnerabilities fixed. A remote malicious party could remotely exploit these vulnerabilities potentially exploit them to perform a Cross-Site Scripting XSS attack and perform SQL Injection. WordPress developers have released updates to fix the...

panorama Mobile One Time Password SQL注入漏洞

panorama Mobile One Time Password MOTP is a mobile dynamic password system of China Panorama. With a solid two-factor authentication mechanism, through the OTP dynamic password constantly changing characteristics, effectively solve the problem of account, password theft, to ensure the security of...

PT-2021-24187 · Unknown · Phpgurukul Employee Record Management System

Name of the Vulnerable Software and Affected Versions: PHPGURUKUL Employee Record Management System version 1.2 Description: The issue allows an attacker to bypass authentication via SQL injection in the index.php file, potentially granting access to an admin account. This could enable the attack...

Genesys Intelligent Workload Distribution SQL注入漏洞

Genesys Intelligent Workload Distribution Iwd is an application from Genesys, Inc. It can be used with the Genesys Customer Interaction Management Cim platform to assign tasks to the resources best suited to handle them. A SQL injection vulnerability exists in Genesys Intelligent Workload...

WordPress和WordPress 插件 SQL注入漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an open source application plugin for WordPress. A SQL injection vulnerability exists in The Email Before...

CVE-2021-24758

The Email Log WordPress plugin before 2.4.7 does not properly validate, sanitise and escape the "orderby" and "order" GET parameters before using them in SQL statement in the admin dashboard, leading to SQL injections...

PT-2021-23073 · Zoho · Zoho Manageengine Network Configuration Manager

Name of the Vulnerable Software and Affected Versions: Zoho ManageEngine Network Configuration Manager versions prior to 125465 Description: The issue is related to SQL Injection in the hardware details search function. Recommendations: For versions prior to 125465, update to a version that...

CVE-2021-33701

DMIS Mobile Plug-In or SAP S/4HANA, versions - DMIS 20111620, 20111640, 20111700, 20111710, 20111730, 710, 20111731, 710, 20111752, 2020, SAPSCORE 125, S4CORE 102, 102, 103, 104, 105, allows an attacker with access to highly privileged account to execute manipulated query in NDZT tool to gain...

CVE-2020-7819

A SQL-Injection vulnerability in the nTracker USB Enterprisesecure USB management solution allows a remote unauthenticated attacker to perform SQL query to access username password and other session related information...

exploits

exploits Published PoCs can be found at exploitdb.comh...

CVE-2021-36351

SQL Injection Vulnerability in Care2x Open Source Hospital Information Management 2.7 Alpha via the 1 pday, 2 pmonth, and 3 pyear parameters in GET requests sent to /modules/nursing/nursing-station.php...

Claroty Secure Remote Access SQL注入漏洞

Claroty Secure Remote Access is a core component of the Claroty Platform from Claroty, Inc. that provides frictionless, reliable and highly secure remote access for OT environments. A SQL injection vulnerability exists in Claroty Secure Remote Access that stems from an SQL injection vulnerability...

LMA-ISIDA Retriever SQL Injection Vulnerability

LMA-ISIDA Retriever is an application of the Russian company LMA-ISIDA. It provides management and information support on enterprise, regional scale. A security vulnerability exists in LMA ISIDA Retriever 5.2, which arises from a lack of proper validation of user-entered data by a network system ...

Vulnerabilities fixed in Aruba ClearPass Policy Manager

Vulnerabilities have been fixed in Aruba ClearPass Policy Manager. The vulnerabilities allow a malicious party to conduct attacks execute attacks that result in the following categories of damage: Cross-Site Scripting XSS. Remote code execution Administrator/Root privileges SQL Injection Increase...