Victor CMS SQL Injection Vulnerability (CNVD-2022-18528)

Victor CMS is an open source content management system from Victor Alagwu, a personal developer in Nigeria.A SQL injection vulnerability exists in Victor CMS v1.0, which stems from the fact that the product does not effectively handle or escape special characters in user input data. An attacker...

WordPress Testimonial Plugin SQL Injection Vulnerability

WordPress is the Wordpress Foundation's suite of blogging platforms developed using the PHP language. A SQL injection vulnerability exists in versions of the WordPress Testimonial Plugin prior to 1.4.7. The vulnerability stems from the failure of the Testimonial plugin to validate and escape befo...

Sourcecodester Hospital Patient Records Management System SQL注入漏洞（CNVD-2022-48763）

Sourcecodester Hospital Patient Records Management System is a web-based application that provides an automated platform for hospitals to store and manage their patient records. sourcecodester Hospital Patient Record Management System v1.0 is vulnerable to SQL injection. The vulnerability is caus...

Sourcecodester Hospital Patient Records Management System SQL注入漏洞

Sourcecodester Hospital Patient Records Management System is a web-based application that provides an automated platform for hospitals to store and manage their patient records. sourcecodester Hospital Patient Record Management System v1.0 is vulnerable to SQL injection. The vulnerability is caus...

HMS SQL Injection Vulnerability (CNVD-2022-71116)

HMS is a computer or web-based hospital management system in Bangladesh. Useful for managing the operations of a hospital or any medical facility, a SQL injection vulnerability exists in HMS v1.0, which stems from the fact that the product admin.php page does not do effective filtering of special...

WordPress Plugin Download Manager SQL Injection Vulnerability

WordPress is a set of blogging platforms developed using the PHP language by the Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A SQL injection vulnerability exists in the WordPress plugin Download Manager prior to version 3.2.34. The...

WordPress WP_Query SQL Injection (CVE-2022-21661)

An SQL injection vulnerability exists in WordPress WPQuery. Successful exploitation of this vulnerability could result in the execution of arbitrary SQL statements on the affected system...

Tongda2000 SQL Injection Vulnerability

A SQL injection vulnerability exists in Tongda2000, a web-based intelligent office system from China Tongda, which originates from the dname parameter in the product's exportdata.php file that does not securely handle special characters in user input data. An attacker can execute malicious SQL...

SourceCodester Online Examination System SQL Injection Vulnerability

SourceCodester Projectworlds Online Examination System is an online examination system from SourceCodester, Inc. v1.0 contains a SQL injection vulnerability that stems from the failure of the eid parameter in the product's account.php page to properly filter special characters in user input data...

SourceCodester Employee and Visitor Gate Pass Logging System SQL注入漏洞

SourceCodester Employee and Visitor Gate Pass Logging System is a simple web-based employee and visitor pass logging system that provides companies with an automated platform to track or log the daily records of employees and visitors entering a company building or premises. A SQL injection...

Sql injection

A vulnerability has been identified in COMOS V10.2 All versions only if web components are used, COMOS V10.3 All versions V10.3.3.3 only if web components are used, COMOS V10.4 All versions V10.4.1 only if web components are used. The COMOS Web component of COMOS is vulnerable to SQL injections...

WordPress Download Monitor PluginSQL Injection Vulnerability

WordPress is a blogging platform developed by the Wordpress Foundation using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers.The WordPress Download Monitor Plugin has a SQL injection vulnerability in versions prior to 4.4.5, which stems from the use...

WordPress Plugin Events Made Easy SQL Injection Vulnerability

WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. A SQL injection vulnerability exists in the WordPress plugin Events Made Easy. The vulnerability stems from the program not properly filtering and...

WordPress Ni WooCommerce Custom Order Status plugin SQL injection vulnerability

WordPress is the Wordpress Foundation's suite of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.A SQL injection vulnerability exists in the WordPress Ni WooCommerce Custom Order Status plugin, which stems fro...

Sql injection

The wcfmajaxcontroller AJAX action of the WCFM Marketplace WordPress plugin before 3.4.12, available to unauthenticated and authenticated user, does not properly sanitise multiple parameters before using them in SQL statements, leading to SQL injections...

taocms SQL Injection Vulnerability (CNVD-2021-101663)

Taocms is a micro Cms Content Management System in China.Taocms has a SQL injection vulnerability in version 3.0.2, which stems from the application's lack of validation of externally entered SQL statements. An attacker could use this vulnerability to execute illegal SQL commands to steal sensiti...

Talariax SendQuick Alertplus Server Admin Information Disclosure Vulnerability

TalariaX Pte Ltd Talariax SendQuick Alertplus Server Admin is a server management system of TalariaX Pte Ltd, Singapore. versions prior to 4.3 8HF11, a security vulnerability exists in the software where /appliance/shiftmgn.php lacks effective filtering and escaping of user submitted SQL...

WordPress Plugin SQL Injection Vulnerability (CNVD-2021-101472)

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. The platform supports the server in PHP and MySQL to set up a personal blog site. WordPress Plugin is a WordPress open source application plug-ins. wordpress Plugin Header Footer Code Manager in the...

LearnPress < 4.1.4 - Admin+ SQL Injection

The plugin does not sanitise, validate and escape the id parameter before using it in SQL statements when duplicating course/lesson/quiz/question, leading to SQL Injections issues PoC Id needs to start with a valid course/lesson/quiz/question ID:...

MariaDB 10.4.0 < 10.4.22 Multiple Vulnerabilities

The version of MariaDB installed on the remote host is prior to 10.4.22. It is, therefore, affected by multiple vulnerabilities as referenced in the 10.4.22 advisory. - Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are affected are 5.7.35 and...