Ivanti EPM SQL注入漏洞

Ivanti EPM is a one-stop shop for managing user profiles and all client devices from Ivanti USA. An SQL injection vulnerability exists in Ivanti EPM 2022 SU5 and prior versions, which can be exploited by an attacker to execute arbitrary code...

CVE-2024-4533

The KKProgressbar2 Free WordPress plugin through 1.1.4.2 does not sanitize and escape a parameter before using it in a SQL statement, allowing admin users to perform SQL injection attacks...

CVE-2024-5116

A vulnerability, which was classified as critical, has been found in SourceCodester Online Examination System 1.0. Affected by this issue is some unknown functionality of the file save.php. The manipulation of the argument vote leads to sql injection. The attack may be launched remotely. The...

ZOHO ManageEngine ADAudit Plus 安全漏洞

ZOHO ManageEngine ADAudit Plus is used by ZOHO USA, Inc. to simplify auditing, demonstrate compliance and detect threats. A security vulnerability exists in ZOHO ManageEngine ADAudit Plus prior to version 7271, which stems from a vulnerability that allows SQL injection in dashboard graphical...

RuvarOA 安全漏洞

RuvarOA is an office automation system of Ruvar China. A SQL injection vulnerability exists in RuvarOA v6.01 and v12.01, which is caused by a lack of validation of external SQL statements in the /WorkFlow/OfficeFileUpdate.aspx file. An attacker can exploit this vulnerability to execute illegal SQ...

PT-2024-20977 · Ruvaroa · Ruvaroa

Name of the Vulnerable Software and Affected Versions: RuvarOA versions 6.01 through 12.01 Description: The issue is related to a SQL injection vulnerability. This vulnerability can be exploited via the sys file storage id parameter at the "/WorkFlow/wf work finish file down.aspx" API endpoint...

CVE-2024-33411

A SQL injection vulnerability in /model/getadminprofile.php in Campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the myindex parameter...

Roothub 安全漏洞

Roothub is a forum system developed using SSM and MySQL. A security vulnerability exists in Roothub v2.6, which was discovered to contain an SQL injection vulnerability via the "s" parameter in the search function...

Voltronic Power ViewPower 安全漏洞

Voltronic Power ViewPower is Voltronic Power's monitoring and management software for solar inverters. Voltronic Power ViewPower Pro suffers from a SQL injection vulnerability that is caused by failing to properly validate a user-supplied string before constructing a SQL query using it. An attack...

PT-2024-25656 · Delta Electronics · Diaenergie

Name of the Vulnerable Software and Affected Versions: Delta Electronics DIAEnergie affected versions not specified Description: The issue is an SQL injection vulnerability that exists in the script Handler CFG.ashx. An authenticated attacker can exploit this issue to potentially compromise the...

CVE-2024-33911

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Weblizar School Management Pro.This issue affects School Management Pro: from n/a through 10.3.4...

PT-2024-30030 · Bluenet Technology · Bluenet Technology Clinical Browsing System

Name of the Vulnerable Software and Affected Versions: BlueNet Technology Clinical Browsing System version 1.2.1 Description: A critical issue has been found, affecting an unknown part of the file /xds/deleteStudy.php. The manipulation of the documentUniqueId argument leads to SQL injection. It i...

Macrob7 Macs Framework Cms 安全漏洞

Macrob7 Macs Framework Cms is an open source Cms framework by the individual developer Macdonald Terrence Robinson. A security vulnerability exists in Macrob7 Macs CMS version 1.1.4f and earlier, which stems from the presence of a SQL injection vulnerability that could allow a remote attacker to...

PHPGurukul Small CRM SQL注入漏洞

Small CRM is a customer relationship management system. A SQL injection vulnerability exists in Small CRM, which stems from a lack of validation of externally-entered SQL statements in the change password handler. An attacker can exploit this vulnerability to execute illegal SQL commands to steal...

Desdev DedeCMS SQL注入漏洞

Desdev DedeCMS Dream Weaving Content Management System is a PHP-based open source content management system CMS from China's Zhuozhuo Network Desdev. The system features content publishing, content management, content editing and content retrieval. DedeCMS 5.7.112-UTF8 has a SQL injection...

Church Management System SQL注入漏洞

Church Management System is a church management system. A SQL injection vulnerability exists in version 1.0 of the Church Management System, which is caused by a SQL injection vulnerability in the password parameter of the login.php file...

PT-2024-24670 · Sourcecodester · Sourcecodester Internship Portal Management System

Name of the Vulnerable Software and Affected Versions: SourceCodester Internship Portal Management System version 1.0 Description: A critical issue was found in the SourceCodester Internship Portal Management System. The problem is related to an unknown function of the file admin/edit admin...

CVE-2024-30864

netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /admin/configISCGroupTimePolicy.php...

CVE-2024-30488

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Katie Seaborn Zotpress.This issue affects Zotpress: from n/a through 7.3.7...

Vulnerabilities fixed in Synology Surveillance Station

Synology has fixed vulnerabilities in Surveillance Station. A malicious party can exploit the vulnerabilities to execute arbitrary code via SQL injection to execute arbitrary code, or gain access to sensitive data. Synology has released updates to fix the vulnerabilities in Surveillance Station...