CVE-2024-6748

Zohocorp ManageEngine OpManager, OpManager Plus, OpManager MSP and RMM versions 128317 and below are vulnerable to authenticated SQL injection in the URL monitoring...

CVE-2024-11773

SQL injection in the admin web console of Ivanti CSA before version 5.0.3 allows a remote authenticated attacker with admin privileges to run arbitrary SQL statements...

WordPress Distance Rate Shipping for WooCommerce plugin <= 1.3.4 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Jingle Bells in WordPress Plugin Distance Rate Shipping for WooCommerce versions = 1.3.4...

WeGIA SQL注入漏洞

WeGIA is a web manager for welfare organizations by the individual developer Nilson Lazarin. An SQL injection vulnerability exists in WeGIA 3.2.11 and prior versions that originates from allowing an authorized attacker to execute arbitrary SQL queries that could allow access to or delete sensitiv...

Advantive VeraCore 安全漏洞

Advantive VeraCore is a SaaS order and warehouse management software from Advantive. A security vulnerability exists in Advantive VeraCore version 2025.1.0 and earlier, which stems from the presence of an SQL injection in timeoutWarning.asp that allows remote attackers to execute arbitrary SQL...

Zimbra Collaboration Suite 安全漏洞

Zimbra Collaboration Suite ZCS is an open source collaboration suite from Zimbra. The product includes WebMail, Calendar, Address Book and more. A security vulnerability exists in Zimbra Collaboration Suite version 10.0.x up to and including version 10.0.12 and version 10.1.x up to and including...

itsourcecode Tailoring Management System 注入漏洞

itsourcecode Tailoring Management System is a tailoring management system from itsourcecode open source. An injection vulnerability exists in version 1.0 of itsourcecode Tailoring Management System, which stems from a parameter id in the file deldoc.php that can lead to SQL injection...

WordPress Traveler Code plugin < 3.1.2 - Unauthenticated Arbitrary SQL Execution vulnerability

Unauthenticated Arbitrary SQL Execution vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin Traveler Code versions 3.1.2...

The vulnerability of the software for managing traffic in hybrid and multi-cloud environments, such as VMware Avi Load Balancer, stems from insufficient measures taken to protect the SQL query structure. This allows attackers to gain access to the internal database.

The vulnerability of the software for managing traffic in hybrid and multi-cloud environments of VMware Avi Load Balancer is related to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability can allow a malicious actor to gain access to the internal database...

EsafeNet CDG 安全漏洞

EsafeNet CDG is a document security management system from EsafeNet. A security vulnerability exists in EsafeNet CDG version V5, which originates from the parameter flowId in the file /sdDoneDetail.jsp that can lead to SQL injection...

RuoYi 安全漏洞

RuoYi is a backend management system by the individual developer RuoYi in China. A security vulnerability exists in RuoYi v4.8.0, which is caused by an SQL injection via the orderby parameter in /monitor/online/list...

PT-2025-4060 · Codezips · Codezips Gym Management System

Name of the Vulnerable Software and Affected Versions: Codezips Gym Management System version 1.0 Description: A critical issue has been found in the system, affecting some unknown functionality of the file "/dashboard/admin/submit plan new.php". The manipulation of the planid argument leads to s...

SUSE CVE-2025-24368

Cacti is an open source performance and fault management framework. Some of the data stored in automationtreerules.php is not thoroughly checked and is used to concatenate the SQL statement in buildruleitemfilter function from lib/apiautomation.php, resulting in SQL injection. This vulnerability ...

VMware Avi Load Balancer 安全漏洞

VMware Avi Load Balancer is a load balancing platform from VMware. A security vulnerability exists in VMware Avi Load Balancer. An attacker could exploit the vulnerability to gain database access using specially crafted SQL queries...

UBUNTU-CVE-2024-54145

Cacti is an open source performance and fault management framework. Cacti has a SQL injection vulnerability in the getdiscoveryresults function of automationdevices.php using the network parameter. This vulnerability is fixed in 1.2.29...

PT-2025-5485 · Enituretechnology · Enituretechnology Ltl Freight Quotes – Worldwide Express Edition

Name of the Vulnerable Software and Affected Versions: Eniture Technology LTL Freight Quotes – Worldwide Express Edition versions 5.0.20 and earlier Description: The issue is related to improper neutralization of special elements used in an SQL command, which allows SQL injection. This means an...

CVE-2024-35148

IBM Maximo Application Suite 8.10.10, 8.11.7, and 9.0 - Monitor Component is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database...

WordPress SERPed.net Plugin <= 4.4 - SQL Injection vulnerability

SQL Injection vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin SERPed.net versions = 4.4...

PT-2025-4007 · Joeybling · Bootplus

Name of the Vulnerable Software and Affected Versions: JoeyBling bootplus versions up to 247d5f6c209be1a5cf10cd0fa18e1d8cc63cf55d Description: A critical issue has been found, allowing for remote SQL injection. The manipulation of the sort/order argument in an unknown function of the file...

PT-2025-4010 · Joeybling · Bootplus

Name of the Vulnerable Software and Affected Versions: JoeyBling bootplus versions up to 247d5f6c209be1a5cf10cd0fa18e1d8cc63cf55d Description: A critical issue has been found in JoeyBling bootplus, affecting an unknown part of the file /admin/sys/user/list. The manipulation of the sort argument...