PT-2024-2985 · Unknown · Pandora Fms

Name of the Vulnerable Software and Affected Versions: Pandora FMS versions 700 through 775 Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows an attacker to perform SQL injections even if...

PrestaShop SQL Injection Vulnerability

PrestaShop is an open source e-commerce solution from PrestaShop, Inc. in the United States. The solution provides multiple payment methods, SMS alerts, and product image zooming. A SQL injection vulnerability exists in PrestaShow Google Integrator versions prior to 2.1.4, which originates from...

CVE-2024-0267

A vulnerability classified as critical was found in Kashipara Hospital Management System up to 1.0. Affected by this vulnerability is an unknown functionality of the file login.php of the component Parameter Handler. The manipulation of the argument email/password leads to sql injection. The atta...

Kashipara Food Management System SQL注入漏洞

Kashipara Food Management System is a food management system from Kashipara. A SQL injection vulnerability exists in version 1.0 of the Kashipara Food Management System, which is caused by a lack of validation of externally entered SQL statements in the id parameter of the partylisteditsubmit.php...

Travel Website SQL Injection Vulnerability

Travel Website is a PHP-based travel website. A SQL injection vulnerability exists in Travel Website v1.0, which occurs when the hotelIDHidden parameter on the generateReceipt.php page is processed without filtering the data and sent to the database for processing...

CVE-2023-52132

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Jewel Theme WP Adminify.This issue affects WP Adminify: from n/a through 3.1.6...

Yaztek Software Technologies and Computer Systems E-Commerce Software SQL Injection Vulnerability

Yaztek Software Technologies and Computer Systems E-Commerce Software is an e-commerce system from Yaztek Software Technologies and Computer Systems. A security vulnerability exists in Yaztek Software Technologies and Computer Systems E-Commerce Software 20231229 and earlier versions, which stems...

PT-2023-31685 · Unknown · Nasirahmed Advanced Form Integration

Name of the Vulnerable Software and Affected Versions: Nasirahmed Advanced Form Integration – Connect WooCommerce and Contact Form 7 to Google Sheets and other platforms versions n/a through 1.75.0 Description: The issue is related to an Improper Neutralization of Special Elements used in an SQL...

PT-2023-31688 · WordPress · Funnelkit Funnel Builder

Name of the Vulnerable Software and Affected Versions: FunnelKit Funnel Builder for WordPress versions through 2.14.3 Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for potential exploitati...

WordPress Plugin 404 Solution SQL Injection Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. WordPress Plugin 404 Solution suffers from ...

WordPress Plugin JS Help Desk SQL Injection Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A SQL injection vulnerability exists in...

WordPress Plugin Booking Calendar SQL Injection Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A SQL injection vulnerability exists ...

PT-2023-15390 · Filerun · Filerun

Name of the Vulnerable Software and Affected Versions: FileRun version 20220519 Description: The issue allows SQL Injection via the dir parameter in a "/?module=users&section=cpanel&page=list" API endpoint. This could potentially lead to unauthorized access to sensitive data. Recommendations: For...

CVE-2023-44481

Leave Management System Project v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'setearnleave' parameter of the admin/setleaves.php resource does not validate the characters received and they are sent unfiltered to the database...

Projectworlds Online Examination System SQL Injection Vulnerability

Projectworlds Online Examination System is an online examination system from Projectworlds India. A SQL injection vulnerability exists in Projectworlds Online Examination System v1.0, which originates from the "email" parameter of update.php that does not validate incoming characters and sends th...

CVE-2023-47852

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Link Whisper Link Whisper Free.This issue affects Link Whisper Free: from n/a through 0.6.5...

Online Voting System SQL Injection Vulnerability

Online Voting System is an online voting system by the individual developer Carlo Montero. A SQL injection vulnerability exists in Online Voting System Project v1.0, which stems from the username parameter in loginaction.php that does not validate received characters and is sent to the database...

WordPress Plugin CM Popup SQL Injection Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress Plugin CM Popup...

WordPress Plugin Cryptocurrency Payment & Donation Box SQL Injection Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A SQL injection vulnerability exists in the...

CVE-2023-48764

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in GuardGiant Brute Force Protection WordPress Brute Force Protection – Stop Brute Force Attacks.This issue affects WordPress Brute Force Protection – Stop Brute Force Attacks: from n/a through 2.2.5...