PYSEC-2024-157

An issue was discovered in Django 5.1 before 5.1.4, 5.0 before 5.0.10, and 4.2 before 4.2.17. Direct usage of the django.db.models.fields.json.HasKey lookup, when an Oracle database is used, is subject to SQL injection if untrusted data is used as an lhs value. Applications that use the...

UBUNTU-CVE-2024-53908

An issue was discovered in Django 5.1 before 5.1.4, 5.0 before 5.0.10, and 4.2 before 4.2.17. Direct usage of the django.db.models.fields.json.HasKey lookup, when an Oracle database is used, is subject to SQL injection if untrusted data is used as an lhs value. Applications that use the...

Kashipara E-learning Management System 安全漏洞

Kashipara E-learning Management System is a learning management system from Kashipara. A security vulnerability exists in Kashipara E-learning Management System version 1.0, which is caused by an SQL injection in the parameter classname...

1000 Projects Beauty Parlour Management System 注入漏洞

1000 Projects Beauty Parlour Management System is an open source beauty parlor management system from 1000 Projects. An injection vulnerability exists in 1000 Projects Beauty Parlour Management System version 1.0, which stems from an incorrect manipulation of the parameter name that can lead to S...

Grand Vice info Webopac SQL注入漏洞

Grand Vice info Webopac is an online public access catalog from China Xinxueying Info Grand Vice info. It is used for users to use library services through the Internet. A SQL injection vulnerability exists in Grand Vice info Webopac version 6.x prior to 6.5.1 and version 7.x prior to 7.2.3, whic...

CVE-2024-10987

A vulnerability was found in code-projects E-Health Care System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /Doctor/userappointment.php. The manipulation of the argument scheduleid/scheduledate/scheduleday/starttime/endtime/booking...

Cisco Nexus Dashboard Fabric Controller SQL注入漏洞

The Cisco Nexus Dashboard Fabric Controller is a cloud and data center network management software controller that simplifies the operation and management of data center networks. The Cisco Nexus Dashboard Fabric Controller suffers from a SQL injection vulnerability that can be exploited by remot...

A vulnerability exists in the web/ajax/event.php module of the ZoneMinder video surveillance software, which allows a intruder to execute arbitrary code.

The vulnerability in the web/ajax/event.php module of the ZoneMinder video surveillance software lies in the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by injecting a specially crafted SQL query...

ZOHO ManageEngine ADManager Plus 安全漏洞

ZOHO ManageEngine ADManager Plus is a suite of Microsoft Active Directory management software from ZOHO, Inc. designed for enterprise users using Windows domains. The software assists AD administrators and helpdesk technicians with day-to-day administrative tasks, such as batch management of user...

PT-2024-16501 · Unknown · Itsourcecode Farm Management System

Name of the Vulnerable Software and Affected Versions: itsourcecode Farm Management System version 1.0 Description: A critical issue was discovered in the itsourcecode Farm Management System. The vulnerability affects an unknown functionality of the file manage-breed.php. The manipulation of the...

WordPress SIP Reviews Shortcode for WooCommerce plugin <= 1.2.3 - Authenticated (Contributor+) SQL Injection vulnerability

Authenticated Contributor+ SQL Injection vulnerability discovered by WordFence in WordPress Plugin SIP Reviews Shortcode for WooCommerce versions = 1.2.3...

CVE-2024-10561

A vulnerability was found in Codezips Pet Shop Management System 1.0. It has been classified as critical. This affects an unknown part of the file birdsupdate.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been...

CVE-2024-47223

A vulnerability in the AWV Audio, Web and Video Conferencing component of Mitel MiCollab through 9.8 SP1 FP2 9.8.1.201 could allow an unauthenticated attacker to conduct a SQL injection attack due to insufficient sanitization of user input. A successful exploit could allow an attacker to access...

Mitel MiCollab 安全漏洞

Mitel MiCollab is a mobile application from Mitel Canada that provides voice, video, messaging, audio conferencing and team collaboration for employees. A SQL injection vulnerability exists in Mitel MiCollab version 9.7.1.110 and earlier, which stems from insufficient validation of user input in...

PT-2024-39844 · Unknown · Code-Projects Blood Bank System

Name of the Vulnerable Software and Affected Versions: code-projects Blood Bank System version 1.0 Description: A critical issue was found in the code-projects Blood Bank System, affecting an unknown function of the file register.php. The manipulation of the user argument leads to SQL injection. ...

RIELLO UPS NetMan SQL注入漏洞

RIELLO UPS NetMan is a network adapter from RIELLO UPS, Italy. A security vulnerability exists in RIELLO UPS NetMan version 204 4.05, which originates from improper neutralization in the presence of a particular element, resulting in a SQL injection vulnerability...

CVE-2024-9011

A vulnerability, which was classified as critical, was found in code-projects Crud Operation System 1.0. Affected is an unknown function of the file updata.php. The manipulation of the argument sid leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclose...

Code-Projects Crud Operation System SQL注入漏洞

Code-Projects Crud Operation System is a Code-Projects open source application. Code-Projects Crud Operation System version 1.0 suffers from a SQL injection vulnerability that stems from the parameter sid in the file /updatedata.php that can lead to SQL injection...

Ivanti Endpoint Manager SQL注入漏洞

Ivanti Endpoint Manager EPM is a suite of endpoint security managers from Ivanti USA. An SQL injection vulnerability exists in Ivanti Endpoint Manager. An attacker exploiting this vulnerability could remotely execute code...

PT-2024-13438 · Undefined · Undefined

SageCRM Directory Traversal, SQL Injection and Server-Side Request Forgery CVEs: CVE-2023-47300, CVE-2023-47301, CVE-2023-47302,CVE-2023-47303 https://t.co/HSou9Momct...