291 matches found
Nagios XI < 5.11.3 - SQL Injection
SQL injection vulnerability in Nagios XI before version 5.11.3 via the bulk modification tool. id: CVE-2023-48084 info: name: Nagios XI 5.11.3 - SQL Injection author: ritikchaddha severity: critical description: | SQL injection vulnerability in Nagios XI before version 5.11.3 via the bulk...
Cuppa CMS v1.0 - SQL injection
CuppaCMS v1.0 was discovered to contain a SQL injection vulnerability via /administrator/alerts/alertLightbox.php. id: CVE-2022-27985 info: name: Cuppa CMS v1.0 - SQL injection author: theamanrawat severity: critical description: | CuppaCMS v1.0 was discovered to contain a SQL injection...
Hoteldruid v3.0.5 - SQL Injection
Hoteldruid v3.0.5 was discovered to contain a SQL injection vulnerability via the idutentelog parameter at /hoteldruid/personalizza.php. id: CVE-2023-43374 info: name: Hoteldruid v3.0.5 - SQL Injection author: ritikchaddha severity: critical description: | Hoteldruid v3.0.5 was discovered to...
PrestaShop AdvancedPopupCreator - SQL Injection
In the module “Advanced Popup Creator” advancedpopupcreator from Idnovate for PrestaShop, a guest can perform SQL injection in affected versions. id: CVE-2023-27032 info: name: PrestaShop AdvancedPopupCreator - SQL Injection author: MaStErChO severity: critical description: | In the module...
QloApps 1.6.0 - SQL Injection
An unauthenticated Time-Based SQL injection found in Webkul QloApps 1.6.0 via GET parameters datefrom, dateto, and idproduct allows a remote attacker to retrieve the contents of an entire database. id: CVE-2023-36284 info: name: QloApps 1.6.0 - SQL Injection author: ritikchaddha severity: high...
Nagios XI v5.11.0 - SQL Injection
A SQL injection vulnerability in Nagios XI from version 5.11.0 up to and including 5.11.1 allows authenticated attackers to execute arbitrary SQL commands via the ID parameter in the POST request to /nagiosxi/admin/bannermessage-ajaxhelper.php. id: CVE-2023-40931 info: name: Nagios XI v5.11.0 - S...
74cms - ajax_street.php 'key' SQL Injection
SQL Injection in 74cms 3.2.0 via the key parameter to plus/ajaxstreet.php. id: CVE-2020-22211 info: name: 74cms - ajaxstreet.php 'key' SQL Injection author: ritikchaddha severity: critical description: | SQL Injection in 74cms 3.2.0 via the key parameter to plus/ajaxstreet.php. impact: | Successf...
AnteeoWMS < v4.7.34 - SQL Injection
A SQL injection vulnerability in login portal in AnteeoWMS before v4.7.34 allows unauthenticated attackers to execute arbitrary SQL commands via the username parameter and disclosure of some data in the underlying DB. id: CVE-2024-44349 info: name: AnteeoWMS v4.7.34 - SQL Injection author:...
rConfig 3.9.4 - SQL Injection
rConfig 3.9.4 and previous versions have unauthenticated devices.inc.php SQL injection. Because nodes' passwords are stored in cleartext by default, this vulnerability leads to lateral movement, granting an attacker access to monitored network devices. id: CVE-2020-10548 info: name: rConfig 3.9.4...
bloofoxCMS v0.5.2.1 - SQL Injection
bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the gid parameter at admin/index.php?mode=user&page=groups&action=edit. id: CVE-2023-34751 info: name: bloofoxCMS v0.5.2.1 - SQL Injection author: theamanrawat severity: critical description: | bloofox v0.5.2.1 was...
WordPress Stop Bad Bots <6.930 - SQL Injection
WordPress Stop Bad Bots plugin before 6.930 contains a SQL injection vulnerability. The plugin does not properly sanitise and escape the fingerprint parameter before using it in a SQL statement via the stopbadbotsgravafingerprint AJAX action, available to unauthenticated users. An attacker can...
Atom CMS v2.0 - SQL Injection
AtomCMS 2.0 is vulnerable to SQL Injection via Atom.CMSadminajaxpages.php id: CVE-2022-28032 info: name: Atom CMS v2.0 - SQL Injection author: theamanrawat severity: critical description: | AtomCMS 2.0 is vulnerable to SQL Injection via Atom.CMSadminajaxpages.php impact: | Successful exploitation...
Infographic Maker iList < 4.3.8 - SQL Injection
The Infographic Maker WordPress plugin before 4.3.8 does not validate and escape the postid parameter before using it in a SQL statement via the qcldupvoteaction AJAX action available to unauthenticated and authenticated users, leading to an unauthenticated SQL Injection. id: CVE-2022-0747 info:...
WordPress BadgeOS <=3.7.0 - SQL Injection
WordPress BadgeOS plugin through 3.7.0 contains a SQL injection vulnerability. It does not sanitize and escape a parameter before using it in a SQL statement via an AJAX action. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operatio...
NagiosXI <= 5.4.12 `commandline.php` SQL injection
A SQL injection issue was discovered in Nagios XI before 5.4.13 via the admin/commandline.php cname parameter. id: CVE-2018-10735 info: name: NagiosXI = 5.4.12 commandline.php SQL injection author: DhiyaneshDk severity: high description: | A SQL injection issue was discovered in Nagios XI before...
NagiosXI <= 5.4.12 logbook.php SQL injection
A SQL injection issue was discovered in Nagios XI before 5.4.13 via the admin/logbook.php txtSearch parameter. id: CVE-2018-10737 info: name: NagiosXI = 5.4.12 logbook.php SQL injection author: DhiyaneshDK severity: high description: | A SQL injection issue was discovered in Nagios XI before 5.4....
NagiosXI <= 5.4.12 menuaccess.php - SQL injection
A SQL injection issue was discovered in Nagios XI before 5.4.13 via the admin/menuaccess.php chbKey1 parameter. id: CVE-2018-10738 info: name: NagiosXI = 5.4.12 menuaccess.php - SQL injection author: DhiyaneshDk severity: high description: | A SQL injection issue was discovered in Nagios XI befor...
JeecgBoot 3.5.0 - SQL Injection
jeecg-boot 3.5.0 and 3.5.1 have a SQL injection vulnerability the id parameter of the /jeecg-boot/jmreport/show interface. id: CVE-2023-34659 info: name: JeecgBoot 3.5.0 - SQL Injection author: ritikchaddha severity: critical description: | jeecg-boot 3.5.0 and 3.5.1 have a SQL injection...
DedeCMS 5.7 - SQL Injection
DedeCMS through 5.7 has SQL Injection via the $FILES superglobal to plus/recommend.php. id: CVE-2017-17731 info: name: DedeCMS 5.7 - SQL Injection author: j4vaovo severity: critical description: | DedeCMS through 5.7 has SQL Injection via the $FILES superglobal to plus/recommend.php. impact: |...
Car Rental Management System 1.0 - SQL Injection
Car Rental Management System 1.0 contains an SQL injection vulnerability via /admin/ajax.php?action=login. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site. id: CVE-2022-32022...