291 matches found
Agentejo Cockpit <0.12.0 - NoSQL Injection
Agentejo Cockpit prior to 0.12.0 is vulnerable to NoSQL Injection via the newpassword method of the Auth controller, which is responsible for displaying the user password reset form. id: CVE-2020-35848 info: name: Agentejo Cockpit 0.12.0 - NoSQL Injection author: dwisiswant0 severity: critical...
rConfig 3.9.4 - SQL Injection
rConfig 3.9.4 and previous versions have unauthenticated compliancepolicies.inc.php SQL injection. Because nodes' passwords are stored in cleartext by default, this vulnerability leads to lateral movement, granting an attacker access to monitored network devices. id: CVE-2020-10546 info: name:...
CodeAstro Student Attendance Management System 注入漏洞
CodeAstro Student Attendance Management System is a student attendance management system developed by CodeAstro Inc. Version 1.0 of the CodeAstro Student Attendance Management System has a SQL injection vulnerability. This vulnerability arises from incorrect operations with the parameter classId ...
CVE-2026-39329
CVE-2026-39329 – ChurchCRM SQL injection : Affected: ChurchCRM prior to 7.1.0. Description: Authenticated users with AddEvent privileges can inject SQL via the newEvtTypeCntLst parameter during event type creation. The vulnerability occurs in the ON DUPLICATE KEY UPDATE path where unescaped user ...
CVE-2025-8986 SourceCodester COVID 19 Testing Management System search-report-result.php sql injection
A vulnerability was determined in SourceCodester COVID 19 Testing Management System 1.0. Affected by this issue is some unknown functionality of the file /search-report-result.php. The manipulation of the argument serachdata leads to sql injection. The attack may be launched remotely. The exploit...
CVE-2024-53438
EventAttendance.php in ChurchCRM 5.7.0 is vulnerable to SQL injection. An attacker can exploit this vulnerability by manipulating the 'Event' parameter, which is directly interpolated into the SQL query without proper sanitization or validation, allowing attackers to execute arbitrary SQL command...
CVE-2024-44546
PowerJob is affected by a SQL injection vulnerability present in version parameter handling for PowerJob 3.20 and later. The issue is described across multiple sources (NVD/Red Hat/Veracode/CVE lists; PT Security) as a vulnerability in PowerJob >= 3.20 that allows SQL injection via the version...
CVE-2024-48878
Zohocorp ManageEngine ADManager Plus versions 7241 and prior are vulnerable to SQL Injection in Archived Audit Report...
CVE-2024-51064
Phpgurukul Teachers Record Management System v2.1 is vulnerable to SQL Injection via the tid parameter to admin/queries.php...
CVE-2024-45767
Dell OpenManage Enterprise (OME) before 4.2.0 contains an SQL injection vulnerability due to improper neutralization of special elements in SQL commands. A low-privilege, remote attacker could cause information disclosure. Publicly documented in CVE-2024-45767 and corroborated by NVD/CVEC/Vuln en...
CVE-2024-7099 SQL Injection in netease-youdao/qanything
netease-youdao/qanything version 1.4.1 contains a vulnerability where unsafe data obtained from user input is concatenated in SQL queries, leading to SQL injection. The affected functions include getknowledgebasename, fromstatustostatus, deletefiles, and getfilebystatus. An attacker can exploit...
CVE-2024-8669 Backuply – Backup, Restore, Migrate and Clone <= 1.3.4 - Authenticated (Admin+) SQL Injection
The Backuply – Backup, Restore, Migrate and Clone plugin for WordPress is vulnerable to SQL Injection via the 'options' parameter passed to the backuplywpclonesql function in all versions up to, and including, 1.3.4 due to insufficient escaping on the user supplied parameter and lack of sufficien...
CVE-2024-45622
ASIS aka Aplikasi Sistem Sekolah using CodeIgniter 3 3.0.0 through 3.2.0 allows index.php username SQL injection for Authentication Bypass...
CVE-2024-6748 SQL Injection
Zohocorp ManageEngine OpManager, OpManager Plus, OpManager MSP and RMM versions 128317 and below are vulnerable to authenticated SQL injection in the URL monitoring...
CVE-2024-40540
my-springsecurity-plus before v2024.07.03 was discovered to contain a SQL injection vulnerability via the dataScope parameter at /api/dept...
CVE-2024-34989
In the module RSI PDF/HTML catalog evolution prestapdf = 7.0.0 from RSI for PrestaShop, a guest can perform SQL injection via PrestaPDFProductListModuleFrontController::queryDb.'...
GHSA-QF36-FX9F-232X ZendFramework potential SQL Injection Vector When Using PDO_MySql
Developers using non-ASCII-compatible encodings in conjunction with the MySQL PDO driver of PHP may be vulnerable to SQL injection attacks. Developers using ASCII-compatible encodings like UTF8 or latin1 are not affected by this PHP issue, which is described in more detail here:...
CVE-2024-35563
CDG-Server-V5.6.2.126.139 and earlier was discovered to contain a SQL injection vulnerability via the permissionId parameter in CDGTempPermissions...
CVE-2024-4932 SourceCodester Simple Online Bidding System sql injection
A vulnerability, which was classified as critical, was found in SourceCodester Simple Online Bidding System 1.0. Affected is an unknown function of the file /simple-online-bidding-system/admin/index.php?page=manageuser. The manipulation of the argument id leads to sql injection. It is possible to...
CVE-2024-25524
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the sysfilestorageid parameter at /WorkPlan/WorkPlanAttachDownLoad.aspx...