WordPress plugin TI WooCommerce Wishlist SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection...

ZOHO ManageEngine ADAudit Plus 安全漏洞

ZOHO ManageEngine ADAudit Plus is ZOHO's solution for simplifying audits, proving compliance and detecting threats. A SQL injection vulnerability exists in ZOHO ManageEngine ADAudit Plus prior to version 8121, which can be exploited by an attacker to execute custom queries and access database tab...

Payroll Management System SQL注入漏洞

Payroll Management System is itsourcecode open source payroll management system. Payroll Management System version 1.0 has a SQL injection vulnerability , the vulnerability stems from the login.php file username parameter has a SQL injection vulnerability...

Simple Online Bidding System SQL注入漏洞

Simple Online Bidding System is an online bidding system by oretnom23 individual developer. A SQL injection vulnerability exists in Simple Online Bidding System version 1.0, which stems from an incorrect manipulation of the parameter username that can lead to sql injection...

CVE-2024-7750

A vulnerability has been found in SourceCodester Clinics Patient Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /medicines.php. The manipulation of the argument medicinename leads to sql injection. The attack can be launche...

PT-2024-29316 · Unknown · Kashipara Responsive School Management System

Name of the Vulnerable Software and Affected Versions: Kashipara Responsive School Management System version 1.0 Description: A SQL injection issue allows an attacker to execute arbitrary SQL commands via the username parameter in the /smsa/student login.php endpoint. This can lead to data theft...

Horizon Business Services Caterease 安全漏洞

Horizon Business Services Caterease is an event planning and catering software from Horizon Business Services, USA. A security vulnerability exists in Horizon Business Services Caterease versions 16.0.1.1663 through 24.0.1.2405 and later versions, which stems from improper neutralization of...

SourceCodester Tracking Monitoring Management System SQL注入漏洞

SourceCodester Tracking Monitoring Management System is a monitoring management system from SourceCodester Inc. A SQL injection vulnerability exists in SourceCodester Tracking Monitoring Management System version 1.0, which is caused by an SQL injection vulnerability in the id parameter of the...

SourceCodester Simple Realtime Quiz System 安全漏洞

SourceCodester Simple Realtime Quiz System is a real-time quiz system from SourceCodester, Inc. A security vulnerability exists in version 1.0 of the SourceCodester Simple Realtime Quiz System, which stems from an SQL injection vulnerability in the id parameter of the /managequiz.php file...

CVE-2024-7320

A vulnerability classified as critical has been found in itsourcecode Online Blood Bank Management System 1.0. This affects an unknown part of the file /admin/index.php of the component Admin Login. The manipulation of the argument user leads to sql injection. It is possible to initiate the attac...

Xinhu RockOA SQL注入漏洞

Xinhu RockOA is an office OA system of China Xinhu Company. A SQL injection vulnerability exists in Xinhu RockOA version 2.6.2, which originates from the parameter nickName in the function dataAction /webmain/task/openapi/openmodhetongAction.php, which can lead to SQL injection...

CVE-2024-37858

SQL Injection vulnerability in Lost and Found Information System 1.0 allows a remote attacker to escalate privileges via the id parameter to php-lfis/admin/categories/managecategory.php...

CVE-2024-7191

A vulnerability, which was classified as critical, has been found in itsourcecode Society Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/getbalance.php. The manipulation of the argument studentid leads to sql injection. The attack may be launched...

Tianchoy Blog SQL注入漏洞

Tianchoy Blog is a blog site of Tianchoy personal developer. A SQL injection vulnerability exists in Tianchoy Blog version 1.8.8 and earlier versions, which stems from an incorrect operation of the search parameter that can lead to sql injection...

PT-2024-5175 · Unknown · Tailoring Management System

Name of the Vulnerable Software and Affected Versions: Tailoring Management System version 1.0 Description: The issue is related to a lack of protection against SQL query structure exploitation in the templateadd.php file. This allows a remote attacker to execute arbitrary SQL code, gain...

Kelixun Communication Command and Dispatch Management Platform Security Vulnerability

Kelixun Communication Command and Dispatch Management Platform Kelixun is a communication command and dispatch management platform from Kelixun, China. A security vulnerability exists in Kelixun Communication Command and Dispatch Management Platform version 7.6.6.439 and prior versions, which...

PT-2024-37625 · Unknown · Hitout Carsale

Name of the Vulnerable Software and Affected Versions: Hitout Carsale version 1.0 Description: A critical issue has been discovered, affecting the OrderController.java file. The manipulation of the orderBy argument leads to SQL injection. This issue can be exploited remotely. Recommendations: For...

PT-2024-37575 · Bethesda · Bethesda Online Reservation System

Name of the Vulnerable Software and Affected Versions: Bethesda Online Reservation System version 1.0 Description: A critical issue has been found in the Bethesda Online Reservation System, affecting some unknown functionality of the file controller.php. The manipulation of the rmtype id argument...

Online Bookstore SQL Injection Vulnerability

Online Book Store is an online bookstore by Arvin Arandilla, a personal developer. A SQL injection vulnerability exists in Online Bookstore version 1.0, which is caused by book.php containing an unknown function that causes SQL injection via the parameter bookisbn...

PT-2024-29406 · WordPress · Search & Replace

Name of the Vulnerable Software and Affected Versions: Search & Replace WordPress plugin versions prior to 3.2.2 Description: The issue allows admins to perform SQL injection attacks due to a parameter not being sanitized and escaped before use in a SQL statement. This can be particularly...