Kashipara E-learning Management System 安全漏洞

Kashipara E-learning Management System is a learning management system from Kashipara. A security vulnerability exists in Kashipara E-learning Management System v1.0. An attacker can exploit this vulnerability to execute arbitrary SQL commands to access the database via the department parameter...

Kashipara E-learning Management System 安全漏洞

Kashipara E-learning Management System is a learning management system from Kashipara. A security vulnerability exists in Kashipara E-learning Management System v1.0. An attacker can exploit this vulnerability to gain unauthorized access to the database by executing arbitrary SQL commands via the...

JFinalCMS 注入漏洞

JFinalCMS is an open source free JAVA enterprise website development and construction management system. JFinalCMS has a SQL injection vulnerability in version 1.0. The vulnerability is due to the failure to adequately validate and filter user-input data in the affected version, which can be...

PYSEC-2024-157

An issue was discovered in Django 5.1 before 5.1.4, 5.0 before 5.0.10, and 4.2 before 4.2.17. Direct usage of the django.db.models.fields.json.HasKey lookup, when an Oracle database is used, is subject to SQL injection if untrusted data is used as an lhs value. Applications that use the...

WordPress plugin WP Mailster SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection...

Siemens Healthineers syngo 安全漏洞

Siemens Healthineers syngo is a general-purpose imaging software for medical use from Siemens Germany. It is used for 2D, 3D and 4D reading and advanced visualization. A security vulnerability exists in Siemens Healthineers syngo that stems from input data not being properly cleaned before it is...

PT-2024-35922 · Unknown · Basix Nex-Forms

Name of the Vulnerable Software and Affected Versions: Basix NEX-Forms – Ultimate Form Builder versions prior to 8.7.9 Description: The issue is related to the improper neutralization of special elements used in an SQL command, also known as 'SQL Injection'. This allows for malicious SQL commands...

WordPress plugin WordPress Auction Plugin 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

The vulnerability of the software for managing software product licenses in HPE AutoPass License Server lies in the lack of protective measures for the SQL query structure, allowing attackers to access confidential information.

The vulnerability of the software for managing HPE AutoPass License Server products is related to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability can allow an attacker to access confidential information...

UBUNTU-CVE-2024-53908

An issue was discovered in Django 5.1 before 5.1.4, 5.0 before 5.0.10, and 4.2 before 4.2.17. Direct usage of the django.db.models.fields.json.HasKey lookup, when an Oracle database is used, is subject to SQL injection if untrusted data is used as an lhs value. Applications that use the...

The vulnerability of the audit settings of the Windows Active Directory management and reporting software Zoho ManageEngine ADAudit Plus allows a perpetrator to execute custom requests and gain access to the database table records.

The vulnerability of the audit settings of the Windows Active Directory management and reporting software Zoho ManageEngine ADAudit Plus relates to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute custom queries and gai...

The vulnerability of the Windows Active Directory management and reporting software Zoho ManageEngine ADAudit Plus lies in the lack of security measures for SQL query structures. This allows attackers to execute custom queries and gain access to database table records.

The vulnerability of the Windows Active Directory management and reporting software Zoho ManageEngine ADAudit Plus is related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute user-defined queries and gain access to...

The vulnerability of the Windows Active Directory (AD) management and reporting software Zoho ManageEngine ADAudit Plus lies in the lack of protection for SQL query structures, allowing attackers to execute custom queries and gain access to database table records.

The vulnerability of the Windows Active Directory management and reporting software Zoho ManageEngine ADAudit Plus is related to the lack of protection for SQL query structures. Exploiting this vulnerability allows a malicious actor to execute custom queries and gain access to database table...

PHPGurukul COVID 19 Testing Management System 安全漏洞

PHPGurukul COVID 19 Testing Management System is a COVID 19 Testing Management System from PHPGurukul Inc. A security vulnerability exists in PHPGurukul COVID 19 Testing Management System v1.0, which stems from an SQL injection vulnerability that allows remote attackers to execute arbitrary code...

The vulnerability of the Siemens RUGGEDCOM CROSSBOW access control system lies in the lack of protection for the SQL query structure, allowing attackers to execute arbitrary SQL queries.

The vulnerability of the Siemens RUGGEDCOM CROSSBOW access control system lies in the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL queries remotely...

1000 Projects Portfolio Management System MCA 安全漏洞

1000 Projects Portfolio Management System MCA is an open source portfolio management system by 1000 Projects. A security vulnerability exists in 1000 Projects Portfolio Management System MCA version 1.0 due to a SQL injection in parameter name...

CVE-2024-11663

A vulnerability classified as critical was found in Codezips E-Commerce Site 1.0. Affected by this vulnerability is an unknown functionality of the file search.php. The manipulation of the argument keywords leads to sql injection. The attack can be launched remotely. The exploit has been disclose...

itsourcecode Tailoring Management System 注入漏洞

itsourcecode Tailoring Management System is a tailoring management system from itsourcecode open source. An injection vulnerability exists in itsourcecode Tailoring Management System version 1.0, which originates from the presence of SQL injection...

Visteon Infotainment SQL注入漏洞

Visteon Infotainment is an automotive infotainment system from Visteon Corporation. Visteon Infotainment suffers from a SQL injection vulnerability that stems from improper validation of user-supplied strings when DeviceManager parses iAP serial numbers, which could lead to an attacker executing...

The vulnerability of the Ivanti Endpoint Manager software for managing endpoints in information networks lies in the lack of protective measures for SQL query structures, allowing attackers to execute arbitrary code.

The vulnerability of the Ivanti Endpoint Manager software for managing endpoints in information networks relates to the lack of security measures taken to protect the SQL query structure. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...