Employee Record Management System /loginerms.php File SQL Injection Vulnerability

Employee Record Management System is an employee record management system. Employee Record Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter Email in the file /loginerms.php. An attacker c...

Company Visitor Management System /bwdates-reports-details.php File SQL Injection Vulnerability

Company Visitor Management System is a visitor management system. Company Visitor Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter fromdate/todate in the file /bwdates-reports-details.php...

USN-7530-1 libphp-adodb vulnerability

It was discovered that ADOdb incorrectly handled SQL input. A remote attacker could use this issue to execute arbitrary SQL commands...

The vulnerability of the UpdateProject method in the software for managing and monitoring removed objects in telemetry and telemechanics systems allows a hacker to circumvent security restrictions, read and write arbitrary files, and execute arbitrary code.

The vulnerability of the UpdateProject method in software for managing and monitoring removed objects in telemetry and telemechanics systems is related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor to bypass security...

The vulnerability of the ImportCertificate method in the software for managing and monitoring remote devices in telemetry and telemechanics systems allows a hacker to circumvent security restrictions, read and write arbitrary files, and execute arbitrary code.

The vulnerability of the ImportCertificate method in software for managing and monitoring remote devices in telemetry and telemechanics systems related to the lack of security measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor to bypass security...

The vulnerability of the UnlockTraceLevelSettings method in the software for managing and monitoring deleted objects in telemetry and telemechanics systems, allowing a hacker to circumvent security restrictions, read and write arbitrary files, and execute arbitrary code.

The vulnerability of the UnlockTraceLevelSettings method in the software for managing and monitoring deleted objects in telemetry and telemechanics systems related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor to bypass...

The vulnerability of the GetLogs method in the software for managing and monitoring deleted objects in telemetry and telemechanics systems of the TeleControl Server Basic allows a hacker to circumvent security restrictions, read and write arbitrary files, and execute arbitrary code.

The vulnerability of the GetLogs method in the software for managing and monitoring deleted objects in telemetry and telemechanics systems related to the lack of security measures taken to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to bypass security...

The vulnerability of the UnlockGateway method in the software for managing and monitoring remote devices in telemetering and telemechanics systems allows a hacker to circumvent security restrictions, read and write arbitrary files, and execute arbitrary code.

The vulnerability of the UnlockGateway method in software for managing and monitoring remote devices in telemetry and telemechanics systems is related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor to bypass security...

PHPGurukul News Portal Project 注入漏洞

News Portal Project is a news portal project. News Portal Project suffers from a SQL injection vulnerability that originates from the lack of validation of externally-entered SQL statements for the parameter Category in the file /admin/edit-subcategory.php. An attacker can exploit this...

Tcman Gim SQL注入漏洞

Tcman Gim is a facility management software from the Spanish company Tcman designed for use on mobile devices. A SQL injection vulnerability exists in Tcman Gim version v11, which stems from an incorrect manipulation of the parameter ArbolID in the file /GIMWeb/PC/frmPreventivosList.aspx resultin...

Realce Tecnologia Queue Ticket Kiosk 注入漏洞

Realce Tecnologia Queue Ticket Kiosk is a queue management software from Realce Tecnologia. An injection vulnerability exists in Realce Tecnologia Queue Ticket Kiosk 20250517 and earlier versions, which stems from a parameter Usuário operation that results in SQL injection...

The vulnerability of the Quiz Maker plugin of the WordPress content management system, related to the failure to protect the SQL query structure, allows attackers to execute arbitrary SQL code.

The vulnerability of the Quiz Maker plugin of the WordPress content management system is related to the lack of protection for the SQL query structure when processing the id parameter. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL code remotely...

The vulnerability of software for managing traffic in hybrid and multi-cloud environments, such as VMware Avi Load Balancer, stems from insufficient measures taken to protect the SQL query structure. This allows attackers to gain unauthorized access to protected information.

The vulnerability of the software for managing traffic in hybrid and multi-cloud environments of VMware Avi Load Balancer is related to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized acce...

CVE-2024-51103

PHPGURUKUL Student Management System using PHP and MySQL v1 was discovered to contain multiple SQL injection vulnerabilities at /studentrecordms/password-recovery.php via the emailid and id parameters...

CVE-2025-36527

Zohocorp ManageEngine ADAudit Plus versions below 8511 are vulnerable to SQL injection while exporting reports...

CVE-2024-3252

A vulnerability classified as critical has been found in SourceCodester Internship Portal Management System 1.0. This affects an unknown part of the file admin/checkadmin.php. The manipulation of the argument username/password leads to sql injection. It is possible to initiate the attack remotely...

CVE-2024-5589

A vulnerability was found in Netentsec NS-ASG Application Security Gateway 6.3. It has been classified as critical. This affects an unknown part of the file /admin/configMT.php?action=delete. The manipulation of the argument Mid leads to sql injection. It is possible to initiate the attack...

CVE-2024-37858

SQL Injection vulnerability in Lost and Found Information System 1.0 allows a remote attacker to escalate privileges via the id parameter to php-lfis/admin/categories/managecategory.php...

CVE-2024-7289

A vulnerability was found in SourceCodester Establishment Billing Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /managepayment.php. The manipulation of the argument id leads to sql injection. The attack may be launched...

CVE-2024-5235

A vulnerability classified as critical has been found in Campcodes Complete Web-Based School Management System 1.0. Affected is an unknown function of the file /view/teachersalaryinvoice.php. The manipulation of the argument teacherid leads to sql injection. It is possible to launch the attack...