851 matches found
CVE-2023-37628
Online Piggery Management System 1.0 is vulnerable to SQL Injection...
Best pos management system SQL注入漏洞
Best pos management system is a best pos management system by Mayuri K. Individual developer. A SQL injection vulnerability exists in Best POS Management System version 1.0, which stems from the parameter username in the file adminclass.php that can lead to sql injection...
DOOR Property Cloud Platform Management Center SQL注入漏洞
DOOR Property Cloud Platform Management Center is a property cloud platform management center of China DOOR Corporation. A security vulnerability exists in DOOR Property Cloud Platform Management Center version 1.0, which originates from an SQL injection vulnerability...
The vulnerability of the GLPI system’s handling of requests and incidents lies in the improper neutralization of input data during the generation of web pages, as well as the improper neutralization of special elements used in SQL commands. This allows attackers to execute arbitrary SQL queries in the database.
The vulnerability of the GLPI application’s request and incident handling system lies in the insufficient cleaning of user data at the final inventory registration stage. A user who has not undergone identity verification can send specially created requests to the vulnerable application and execu...
Webkil QloApps SQL注入漏洞
Webkil QloApps is free open source hotel booking and online reservation system. A security vulnerability exists in Webkul QloApps version 1.6.0, which stems from a SQL injection vulnerability in the GET parameter. An attacker can exploit the vulnerability to bypass the authentication and...
Thinking Software Technology Efence SQL注入漏洞
Thinking Software Technology Efence is a mobile device management solution from China-based Thinking Software Technology. A SQL injection vulnerability exists in Thinking Software Technology Efence due to a login function that does not validate user-entered parameters...
CVE-2021-4340
The uListing plugin for WordPress is vulnerable to generic SQL Injection via the ‘listingid’ parameter in versions up to, and including, 1.6.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...
CVE-2023-33762
eMedia Consulting simpleRedak up to v2.47.23.05 was discovered to contain a SQL injection vulnerability via the Activity parameter...
PT-2023-12143 · Unknown · Fighting Cock Information System
Name of the Vulnerable Software and Affected Versions: Fighting Cock Information System version 1.0 Description: A SQL Injection issue allows a remote attacker to obtain sensitive information via the 'edit breed.php' parameter. Recommendations: For Fighting Cock Information System version 1.0,...
PT-2023-24194 · Xibo · Xibo
Name of the Vulnerable Software and Affected Versions: Xibo versions 1.4.0 through 2.3.16 Xibo versions 2.3.17 is not affected, but versions prior to 3.3.5 are affected, so the correct range is Xibo versions 3.3.0 through 3.3.4 Description: A SQL injection issue was discovered in the...
Pimcore SQL注入漏洞
Pimcore is Austria Pimcore company's set of open source for creating and managing Web applications Web content management platform. The platform integrates Web content management, e-commerce framework and product information management applications. A SQL injection vulnerability exists in Pimcore...
Online Voting System SQL注入漏洞
Campcodes Advanced Online Voting System is an online voting system. The Campcodes Advanced Online Voting System v1.0 is vulnerable to SQL injection. The vulnerability stems from the lack of validation of external input SQL statements in the parameter description of the file /admin/positionsadd.ph...
PT-2023-17375 · Sourcecodester · Sourcecodester Best Online News Portal
Name of the Vulnerable Software and Affected Versions: SourceCodester Best Online News Portal version 1.0 Description: A critical issue was found in the file /admin/forgot-password.php, specifically in the POST Parameter Handler component. The manipulation of the username argument leads to SQL...
BP Monitoring Management System SQL注入漏洞
BP Monitoring Management System is a web-based application by the individual developer of phpgurukul. A SQL injection vulnerability exists in HPGurukul BP Monitoring Management System version 1.0. The vulnerability stems from a SQL injection vulnerability in the name/mobno parameter...
PT-2023-17356 · Sourcecodester · Sourcecodester Simple/Beautiful Shopping Cart System
Name of the Vulnerable Software and Affected Versions: SourceCodester Simple and Beautiful Shopping Cart System version 1.0 Description: A critical issue was found in the delete user query.php file, where the manipulation of the user id argument leads to SQL injection. The attack can be initiated...
Young Entrepreneur E-Negosyo System SQL注入漏洞
Young Entrepreneur E-Negosyo System is a Young Entrepreneur E-Negosyo System for janobe individual developers. A security vulnerability exists in SourceCodester Young Entrepreneur E-Negosyo System version 1.0, which stems from an incorrect manipulation of the parameter UUSERNAME resulting in sql...
Utarit Information Technologies Persolus SQL注入漏洞
Utarit Information Technologies Persolus is an application from Utarit Information Technologies. A security vulnerability exists in Utarit Information Technologies Persolus versions prior to 2.03.93 that stems from the presence of a SQL injection vulnerability...
CVE-2023-1251
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Akinsoft Wolvox. This issue affects Wolvox: before 8.02.03...
Intern Record System SQL注入漏洞
Intern Record System is an intern record system from the individual developers at Codeprojects. A security vulnerability exists in Intern Record System version 1.0. An attacker can exploit this vulnerability to execute arbitrary code and obtain sensitive information...
PT-2023-10256 · Webbuilders · Silverstripe-Kapost-Bridge
Name of the Vulnerable Software and Affected Versions: webbuilders-group silverstripe-kapost-bridge version 0.3.3 Description: A critical issue has been found, affecting the index/getPreview function of the file code/control/KapostService.php. This issue leads to sql injection and can be launched...