PHPGurukul Restaurant Table Booking System 注入漏洞

Restaurant Table Booking System is a restaurant table reservation system. Restaurant Table Booking System suffers from a SQL injection vulnerability that stems from incorrect manipulation of the searchdata parameter in the /search-result.php file that can lead to SQL injection. No details of the...

The vulnerability of the template function in the Cacti network monitoring software’s host_templates.php file allows a hacker to access confidential data.

The vulnerability of the template function in the Cacti network monitoring software’s hosttemplates.php file is related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability can allow an attacker to gain access to confidential data...

CVE-2025-1832

A vulnerability classified as critical was found in zj1983 zz up to 2024-8. Affected by this vulnerability is the function getUserList of the file src/main/java/com/futvan/z/system/zrole/ZroleAction.java. The manipulation of the argument roleid leads to sql injection. The attack can be launched...

Nipah Virus Testing Management System /search-report-result.php File SQL Injection Vulnerability

Nipah Virus Testing Management System is an online virus diagnostic platform. The Nipah Virus Testing Management System suffers from a SQL injection vulnerability that originates from a lack of validation of externally entered SQL statements in the /search-report-result.php file. An attacker can...

The vulnerability of the web management console of the IP-ATC Agat CU-7214, related to the lack of measures taken to protect the SQL query structure, allows a hacker to execute arbitrary SQL code.

The vulnerability of the IP-ATC Agat CU-7214 web management console relates to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows a remote attacker to execute arbitrary SQL code...

JoomShopping SQL注入漏洞

JoomShopping is a lightweight, free shopping solution for Joomla by JoomShopping, Inc. A SQL injection vulnerability exists in JoomShopping versions 1.0.0 through 1.4.3, which stems from a vulnerability that could allow an administrator to execute arbitrary SQL commands...

WordPress plugin Easy Quotes SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection...

Benner ModernaNet 注入漏洞

Benner ModernaNet is a diagnostic center application from Benner. An injection vulnerability exists in Benner ModernaNet version 1.1.0 and prior versions, which stems from the /AGE0000700/GetHorariosDoDia file containing a SQL injection issue...

PT-2025-7904 · Ragflow · Ragflow

Name of the Vulnerable Software and Affected Versions: RAGFlow versions 0.15.1 and prior Description: RAGFlow is an open-source RAG Retrieval-Augmented Generation engine. The ExeSQL component extracts the SQL statement from the input and sends it directly to the database query, making it vulnerab...

RAGFlow SQL注入漏洞

RAGFlow is an open source RAG engine based on deep document understanding from InfiniFlow Open Source. A SQL injection vulnerability exists in RAGFlow version 0.15.1 and prior versions, which stems from the ExeSQL component extracting SQL statements from input and sending them directly to a...

CVE-2024-12918

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Agito Computer Health4All allows SQL Injection. This issue affects Health4All: before 10.01.2025...

NovaCHRON Zeitsysteme Smart Time Plus 安全漏洞

NovaCHRON Zeitsysteme Smart Time Plus is a time management only program from NovaCHRON Zeitsysteme. A security vulnerability exists in NovaCHRON Zeitsysteme Smart Time Plus versions prior to v8.x through v8.6, which stems from a SQL injection vulnerability in the addProject method...

The vulnerability of the Mongoose library, related to the lack of protection for SQL query structures, allows attackers to execute arbitrary code and gain access to read and modify data.

The vulnerability of the Mongoose library relates to the lack of protection for the SQL query structure when the $where operator is used. Exploiting this vulnerability allows an attacker to execute arbitrary code and gain access to read and modify data...

Agito Computer Health4All SQL注入漏洞

Agito Computer Health4All is a health management program from Agito Computer. A SQL injection vulnerability exists in Agito Computer Health4All versions prior to 10.01.2025 that stems from improper neutralization of special elements in SQL commands...

Mattermost 安全漏洞

Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. Mattermost suffers from a SQL injection vulnerability that stems from the use of uncompiled statements, which can be exploited by an attacker to retrieve database data via a specially designed sorting...

Code-Projects Real Estate Property Management System 注入漏洞

Code-Projects Real Estate Property Management System is an open source real estate property management system from Code-Projects. An injection vulnerability exists in Code-Projects Real Estate Property Management System version 1.0. An attacker can exploit this vulnerability to perform SQL...

Vulnerability fixed in Exim

Exim's developers have fixed an SQL injection vulnerability. A malicious party could exploit the vulnerability to execute an SQL injection. This allows the malicious party to gain access to sensitive data and potentially execute arbitrary code with privileges from the Exim installation. The exim...

WeGIA SQL注入漏洞

WeGIA is a web manager for welfare organizations by Nilson Lazarin Personal Developer. A SQL injection vulnerability exists in WeGIA versions prior to 3.2.14, which stems from unfiltered input in the personalizacaoupload.php endpoint, and can lead to SQL injection and data disclosure...

ChurchCRM 安全漏洞

ChurchCRM is an open source CRM system built for churches by ChurchCRM Open Source. A security vulnerability exists in ChurchCRM 5.13.0 and earlier versions, which stems from the EID parameter being directly connected to a SQL query without proper cleanup, which is susceptible to SQL injection...

WordPress plugin Distance Rate Shipping for WooCommerce SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A SQL injection vulnerability exists in...