WordPress Zoho Marketing Automation plugin <= 1.2.7 - SQL Injection vulnerability

SQL Injection vulnerability discovered by LVT-tholv2k Patchstack Alliance in WordPress Plugin Zoho Marketing Automation versions = 1.2.7...

CVE-2024-6216

A vulnerability classified as critical has been found in SourceCodester Food Ordering Management System 1.0. Affected is an unknown function of the file add-users.php. The manipulation of the argument contact leads to sql injection. It is possible to launch the attack remotely. The exploit has be...

WordPress Themify - WooCommerce Product Filter plugin <= 1.4.9 - Unauthenticated SQL Injection via conditions Parameter vulnerability

WordPress Themify - WooCommerce Product Filter plugin = 1.4.9 - Unauthenticated SQL Injection via conditions Parameter vulnerability discovered by Arkadiusz Hydzik in WordPress Plugin Themify – WooCommerce Product Filter versions = 1.4.9...

PT-2024-26863

Name of the Vulnerable Software and Affected Versions WP Hotel Booking plugin for WordPress versions up to, and including, 2.1.0 Description The issue allows for SQL Injection via the room type parameter of the "/wphb/v1/rooms/search-rooms" REST API endpoint due to insufficient escaping on the...

Tailoring Management System SQL Injection Vulnerability

Tailoring Management System is a tailoring management system from itsourcecode open source. A SQL injection vulnerability exists in itsourcecode Tailoring Management System version 1.0, which originates from the fact that orderadd.php contains some unknown functions that cause SQL injection via t...

WordPress Media Library Assistant plugin <= 3.16 - Authenticated SQL Injection vulnerability

Authenticated SQL Injection vulnerability discovered by Krzysztof Zając in WordPress Plugin Media LIbrary Assistant versions = 3.16...

House Rental System SQL Injection Vulnerability

House Rental System is a house rental management system that allows you to add, modify and delete property information and to place reservations. A SQL injection vulnerability exists in itsourcecode Online House Rental System version 1.0, which stems from the fact that manageuser.php contains an...

Wordpress Slideshow Gallery LITE plugin <= 1.8.1 - Authenticated (Contributor+) SQL Injection vulnerability

Authenticated Contributor+ SQL Injection vulnerability discovered by Krzysztof Zając in WordPress Plugin Left right image slideshow gallery versions = 1.8.1...

Wordpress Blog2Social: Social Media Auto Post & Scheduler plugin <= 7.4.1 - Authenticated (Subscriber+) SQL Injection vulnerability

Authenticated Subscriber+ SQL Injection vulnerability discovered by 1337Wannabe in WordPress Plugin Blog2Social versions = 7.4.1...

WordPress Visualizer plugin <= 3.11.1 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Trương Hữu Phúc Patchstack Alliance in WordPress Plugin Visualizer versions = 3.11.1...

PT-2024-27159 · Unknown · Sourcecodester Stock Management System

Name of the Vulnerable Software and Affected Versions: Sourcecodester Stock Management System version 1.0 Description: The issue is related to SQL Injection, which can be exploited via the editCategories.php file. This allows for potential unauthorized access to database information...

WordPress wpForo Forum plugin <= 2.3.3 - Authenticated (Contributor+) SQL Injection vulnerability

Authenticated Contributor+ SQL Injection vulnerability discovered by Krzysztof Zając in WordPress Plugin wpForo Forum versions = 2.3.3...

PT-2024-36495 · WordPress · Html5 Video Player

Name of the Vulnerable Software and Affected Versions: HTML5 Video Player WordPress plugin versions prior to 2.5.27 Description: The issue concerns a failure to sanitize and escape a parameter from a REST route before using it in a SQL statement. This allows unauthenticated users to perform SQL...

CVE-2024-35349

A vulnerability has been discovered in Diño Physics School Assistant version 2.3. The vulnerability impacts an unidentified code within the file /admin/category/viewcategory.php. Manipulating the argument id can result in SQL injection...

PT-2024-16692 · Unknown · Digikent Gis

Name of the Vulnerable Software and Affected Versions: DIGIKENT GIS versions through 2.23.5 Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL Injection attacks. Recommendations: For...

Campcodes Complete Web-Based School Management System 安全漏洞

Campcodes Complete Web-Based School Management System is a Web-based school management system from Campcodes, Inc. A security vulnerability exists in the Complete Web-Based School Management System version 1.0. An attacker can exploit this vulnerability to execute arbitrary SQL commands via the...

Ivanti Endpoint Manager Mobile 安全漏洞

Ivanti Endpoint Manager Mobile Ivanti EPMM is a mobile management software engine from Ivanti Corporation, USA. A security vulnerability exists in Ivanti Endpoint Manager Mobile EPMM versions prior to 12.1.0.0, which originates from an SQL injection in the web component that allows an authenticat...

Ivanti Endpoint Manager Mobile 安全漏洞

Ivanti Endpoint Manager Mobile Ivanti EPMM is a mobile management software engine from Ivanti Corporation, USA. A security vulnerability exists in Ivanti Endpoint Manager Mobile EPMM versions prior to 12.1.0.0, which originates from an SQL injection in the web component that allows an authenticat...

CVE-2023-49330

Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL Injection while getting aggregate report data...

Campcodes Complete Web-Based School Management System SQL注入漏洞

Campcodes Complete Web-Based School Management System is a web-based school management system from Campcodes, Inc. A SQL injection vulnerability exists in version 1.0 of the Campcodes Complete Web-Based School Management System, which originates from a SQL injection vulnerability in the grade...