PT-2023-2060 · Apache · Apache Fineract

Name of the Vulnerable Software and Affected Versions: Apache Fineract versions 1.4 through 1.8.2 Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This could allow authorized users to change or add data ...

CVE-2020-21152

SQL Injection vulnerability in inxedu 2.0.6 allows attackers to execute arbitrary commands via the functionIds parameter to /saverolefunction...

CVE-2023-20010

A vulnerability in the web-based management interface of Cisco Unified Communications Manager Unified CM and Cisco Unified Communications Manager Session Management Edition Unified CM SME could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. This...

CVE-2022-47865

Lead Management System v1.0 is vulnerable to SQL Injection via the id parameter in removeOrder.php...

Lead Management System SQL注入漏洞

Lead management system is a lead management system developed by Mayuri K. A SQL injection vulnerability exists in Lead Management System v1.0, which stems from the lack of validation of external input SQL statements in the id parameter of removeOrder.php, and can be exploited by attackers to The...

CVE-2022-4358

The WP RSS By Publishers WordPress plugin through 0.1 does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin...

WordPress plugin Dokan SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A SQL injection vulnerability exist...

CVE-2022-33875

An improper neutralization of special elements used in an SQL Command 'SQL Injection' vulnerability in Fortinet FortiADC version 7.1.0, version 7.0.0 through 7.0.2 and version 6.2.4 and below allows an authenticated attacker to execute unauthorized code or commands via specifically crafted HTTP...

Schneider Electric EcoStruxure Operator Terminal Expert SQL注入漏洞

Schneider Electric EcoStruxure Operator Terminal Expert is a touch screen configuration software from Schneider Electric, France. This software support is mainly used to create and edit touch applications. A SQL injection vulnerability exists in Schneider Electric EcoStruxure Operator Terminal...

Changing Information Technology RAVA certificate validation system SQL注入漏洞

Changing Information Technology RAVA certificate validation system Panorama Software RAVA certificate validation system website is a credential validation system from China-based Changing Information Technology. The Panorama Software RAVA certificate validation system suffers from a SQL injection...

Open Source SACCO Management System SQL注入漏洞

Open Source SACCO Management System is an open source SACCO management system by Mayuri K. Individual developer. A security vulnerability exists in Open Source SACCO Management System v1.0, which can be exploited by an attacker to perform SQL injection via its /saccoshield/managepayment.php...

CVE-2022-40825

B.C. Institute of Technology CodeIgniter =3.1.13 is vulnerable to SQL Injection via system\database\DBquerybuilder.php wherein function. Note: Multiple third parties have disputed this as not a valid vulnerability...

Online Tours & Travels Management System SQL注入漏洞

Online Tours & Travels Management System is an online travel management system developed by Mayuri K. A SQL injection vulnerability exists in Online Tours & Travels Management System v1.0, which originates from /admin/update The id parameter of traveller.php lacks validation for external input SQ...

Online Tours & Travels Management System SQL注入漏洞

Online Tours ＆ Travels Management System is an online travel management system by Mayuri K Personal Developer. A SQL injection vulnerability exists in Online Tours & Travels Management System version v1.0 due to a lack of validation of externally-entered SQL statements in the id parameter of its...

Online Tours & Travels Management System SQL注入漏洞

Online Tours & Travels Management System is an online travel management system by Mayuri K. Personal developer. A SQL injection vulnerability exists in Online Tours & Travels Management System v1.0, which originates from a lack of validation of externally entered SQL statements in the id paramete...

PT-2022-24494 · Unknown · Hospital Management System

Name of the Vulnerable Software and Affected Versions: Hospital Management System version 1.0 Description: The issue is related to multiple SQL injection vulnerabilities. These vulnerabilities can be exploited via the Username and Password parameters on the Login page, specifically the '/login' A...

Archery SQL注入漏洞

Archery is a set of open source vulnerability assessment and management tools. A security vulnerability exists in Archery versions v1.8.3 through v1.8.5, which stems from the starttime and stoptime parameters in the my2sql interface containing SQL injection vulnerabilities...

CVE-2022-37185

SQL injection vulnerability exists in the school information query interface repschoolproj.php of the EMS 6.2 system of the Office of the Thai Basic Education Commission, which can lead to data leakage...

CVE-2022-2717

The JoomSport – for Sports: Team & League, Football, Hockey & more plugin for WordPress is vulnerable to SQL Injection via the 'orderby' parameter on the joomsport-events-form page in versions up to, and including, 5.2.5 due to insufficient escaping on the user supplied parameter and lack of...

Clinic’s Patient Management System SQL注入漏洞

Clinic's Patient Management System is a patient management system for Carlo Montero's clinics. A SQL injection vulnerability exists in Clinic's Patient Management System version 1.0 due to unknown functionality in the index.php file of the component Login, where manipulation of the parameter...