Inventory Management System SQL Injection Vulnerability

Inventory Management System is an inventory management system by the individual developer of stemword. A SQL injection vulnerability exists in Inventory Management System version V1.0, which originates from a vulnerability that allows local attackers to execute arbitrary SQL commands via the id...

PT-2023-6916 · Tongda Oa · Tongda Oa

Name of the Vulnerable Software and Affected Versions: Tongda OA versions up to 11.9 Description: A critical issue was found in Tongda OA, affecting some unknown functionality of the file general/vehicle/checkup/delete.php. The manipulation of the VU ID argument leads to SQL injection...

Tongda OA 2017 Security Breach

Tongda2000 is a network intelligent office system from China Tongda Tongda. A security vulnerability exists in Tongda OA 2017 11.9 and earlier versions, which originates from a SQL injection vulnerability in the parameter TERMIDSTR in the file general/wiki/cp/manage/lock.php...

WordPress Plugin Contact Form Generator : Creative form builder for WordPress SQL Injection Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. WordPress Plugin Contact Form Generator :...

CVE-2023-44025

SQL injection vulnerability in addify Addifyfreegifts v.1.0.2 and before allows a remote attacker to execute arbitrary code via a crafted script to the getrulebyid function in the AddifyfreegiftsModel.php component...

CVE-2023-36508

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in BestWebSoft Contact Form to DB by BestWebSoft – Messages Database Plugin For WordPress contact-form-to-db allows SQL Injection.This issue affects Contact Form to DB by BestWebSoft – Messages Databa...

CVE-2023-5429

The Information Reel plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 10.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

The vulnerability in the admin-ajax.php script of the Photo Gallery administration panel of the WordPress content management system allows a hacker to execute arbitrary SQL code.

The vulnerability in the admin-ajax.php script of the Photo Gallery administration panel of the WordPress content management system is related to the failure to protect the SQL query structure during the processing of the bwgtagidbwgthumbnails0 parameter. Exploiting this vulnerability allows an...

CVE-2023-26583

Unauthenticated SQL injection in the GetCurrentPeriod method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers...

IDAttend IDWeb SQL Injection Vulnerability

IDAttend IDWeb is a web-based module from IDAttend, Inc. A security vulnerability exists in IDAttend IDWeb version 3.1.052 and prior versions that stems from an unauthenticated SQL injection in the GetStudentGroupStudents method...

CVE-2023-5046

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Biltay Technology Procost allows SQL Injection, Command Line Execution through SQL Injection. This issue affects Procost: before 1390...

Election Services SQL Injection Vulnerability

Election Services is an application from Election Services, Inc. Election Services Internet Election Service suffers from a security vulnerability that stems from susceptibility to SQL injection attacks, allowing an unauthenticated, remote attacker to read or modify data for any election that...

TONGDA Office Anywhere SQL Injection Vulnerability

TONGDA Office Anywhere is a collaborative office OA system. TONGDA Office Anywhere 2017 suffers from a SQL injection vulnerability that stems from the fact that incorrect operation of the parameter RECRUITMENTID can lead to SQL injection...

Tongda OA SQL Injection Vulnerability

Tongda2000 is a web-based intelligent office system from China Tongda Tongda. Tongda OA 2017 suffers from a SQL injection vulnerability that stems from the fact that incorrect operation of the parameter EXPERTID can lead to SQL injection...

Online Job Portal SQL Injection Vulnerability

Online Job Portal is an online job portal for janobe individual developers. A security vulnerability exists in Online Job Portal version v.2020 that could allow a remote attacker to execute arbitrary code via the ForPass.php component...

Super Store Finder SQL Injection Vulnerability

Super Store Finder is an easy-to-use Google Maps API store finder program Super Store Finder by Super Store Finder. A security vulnerability exists in Super Store Finder version v.3.6, which stems from a vulnerability that allows a remote attacker to execute arbitrary code via a carefully crafted...

BlackBerry AtHoc SQL Injection Vulnerability

BlackBerry AtHoc is a crisis communications solution for federal, state and local governments, public safety and law enforcement agencies, and schools from BlackBerry Canada. A security vulnerability exists in BlackBerry AtHoc version 7.15, which stems from a SQL injection vulnerability in the...

Mitel MiVoice Office 400 SMB Controller SQL Injection Vulnerability

The Mitel MiVoice Office 400 SMB Controller is an SMB controller from Mitel Canada. A security vulnerability exists in Mitel MiVoice Office 400 SMB Controller version 1.2.5.23, which originated from a vulnerability that could allow a malicious attacker to access sensitive information and perform...

iCMS SQL Injection Vulnerability

iCMS is a software application. An efficient and simple content management system built with PHP and MySQL. A security vulnerability exists in iCMS v7.0.16, which is caused by a SQL injection vulnerability discovered via the bakupdata function...

PT-2023-26069 · Unknown · Judging Management System

Name of the Vulnerable Software and Affected Versions: Judging Management System version 1.0 Description: A SQL injection issue was found in the Judging Management System. The vulnerability can be exploited via the id parameter at the "/php-jms/deductScores.php" API endpoint. Recommendations: For...