WordPress Alt Text AI plugin <= 1.4.9 - Authenticated (Subscriber+) SQL Injection vulnerability

Authenticated Subscriber+ SQL Injection vulnerability discovered by Lucio Sá in WordPress Plugin Download Alt Text AI versions = 1.4.9...

Human Resource Management System 安全漏洞

Human Resource Management System is a human resource management system by maverickosama Personal Developer. A security vulnerability exists in Sourcecodester Human Resource Management System version 1.0, which stems from vulnerability to SQL injection attacks...

WordPress Unlimited Elements For Elementor (Free Widgets, Addons, Templates) plugin <= 1.5.102 - Authenticated (Contributor+) SQL Injection vulnerability

Authenticated Contributor+ SQL Injection vulnerability discovered by wesley wcraft in WordPress Plugin Unlimited Elements For Elementor Free Widgets, Addons, Templates versions = 1.5.102...

BlueNet Technology Clinical Browsing System SQL注入漏洞

BlueNet Technology Clinical Browsing System is a clinical browsing system from BlueNet Technology USA. An SQL injection vulnerability exists in BlueNet Technology Clinical Browsing System version 1.2.1, which stems from an incorrect manipulation of the parameter name that can lead to sql injectio...

Exploit for SQL Injection in Hsclabs Mailinspector

CVE-2024-32369 Description: SQL Injection vulnerability i...

campcodes Complete Web-Based School Management System 安全漏洞

Campcodes Complete Web-Based School Management System is a web-based school management system from Campcodes, Inc. A security vulnerability exists in version 1.0 of the campcodes Complete Web-Based School Management System due to an SQL injection vulnerability in the friendindex parameter of the...

campcodes Complete Web-Based School Management System 安全漏洞

Campcodes Complete Web-Based School Management System is a web-based school management system from Campcodes, Inc. A security vulnerability exists in version 1.0 of the campcodes Complete Web-Based School Management System, which results from an SQL injection vulnerability in the eventid paramete...

PT-2024-25245

Name of the Vulnerable Software and Affected Versions The Timetable and Event Schedule by MotoPress plugin for WordPress versions up to, and including, 2.4.11 Description The issue arises from insufficient escaping on the user-supplied events attribute of the mp-timetable shortcode and lack of...

CVE-2024-3265

The Advanced Search WordPress plugin through 1.1.6 does not properly escape parameters appended to an SQL query, making it possible for users with the administrator role to conduct SQL Injection attacks in the context of a multisite WordPress configurations...

VulnCheck KEV: CVE-2024-27956

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in ValvePress Automatic allows SQL Injection.This issue affects Automatic through 3.92.0...

CVE-2024-30928

SQL Injection vulnerability in DerbyNet v9.0 and below allows attackers to execute arbitrary SQL commands via 'classids' Parameter in ajax/query.slide.next.inc...

WordPress WooCommerce Multilingual & Multicurrency plugin <= 5.3.3.1 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin WooCommerce Multilingual & Multicurrency versions = 5.3.3.1...

WordPress Icegram Express plugin <= 5.7.14 - Unauthenticated SQL Injection vulnerability

Unauthenticated SQL Injection vulnerability discovered by Arkadiusz Hydzik in WordPress Plugin Email Subscribers & Newsletters versions = 5.7.14...

WordPress User Activity Log Pro plugin <= 2.3.4 - Subscriber+ SQL Injection vulnerability

Subscriber+ SQL Injection vulnerability discovered by Dave Jong Patchstack in WordPress Plugin User Activity Log Pro versions = 2.3.4...

WordPress Disable Comments | WPZest plugin <= 1.51 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Dimas Maulana Patchstack Alliance in WordPress Plugin Disable Comments | WPZest versions = 1.51...

WordPress Forms to Zapier plugin <= 1.1.12 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Muhammad Daffa Patchstack Alliance in WordPress Plugin Forms to Zapier, Integromat, IFTTT, Workato, Automate.io, elastic.io, Built.io, APIANT, Webhook versions = 1.1.12...

WordPress Realtyna Organic IDX plugin + WPL Real Estate plugin <= 4.14.4 - Unauthenticated SQL Injection vulnerability

Unauthenticated SQL Injection vulnerability discovered by Joshua Chan Patchstack Alliance in WordPress Plugin Realtyna Organic IDX plugin versions = 4.14.4...

Campcodes House Rental Management System SQL注入漏洞

Campcodes House Rental Management System is a house rental management system from Campcodes, Inc. A SQL injection vulnerability exists in version 1.0 of the Campcodes House Rental Management System, which results from an SQL injection in the id parameter of the viewpayment.php file...

CVE-2024-3540

A vulnerability was found in Campcodes Church Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/addsundaysch.php. The manipulation of the argument Gender leads to sql injection. The attack may be launched remotely. The...

Church Management System SQL注入漏洞

Church Management System is a church management system. A SQL injection vulnerability exists in version 1.0 of the Church Management System, which stems from an SQL injection vulnerability in the na parameter of the /admin/addTithes.php file...