The vulnerability of the application software interface of the Cisco Nexus Dashboard Fabric Controller (NDFC) allows a attacker to access the internal database.

The vulnerability of the application software interface of the Cisco Nexus Dashboard Fabric Controller NDFC relates to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability can allow a malicious actor to gain access to the internal database by sending...

CVE-2024-10946

A vulnerability classified as critical has been found in Guangzhou Tuchuang Computer Software Development Interlib Library Cluster Automation Management System up to 2.0.1. This affects an unknown part of the file...

The vulnerability of the AWV component (Audio, Web, and Video Conferencing) of the Mitel MiCollab collaboration platform allows a perpetrator to execute arbitrary code.

The vulnerability of the AWV component Audio, Web, and Video Conferencing is related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

Cisco Nexus Dashboard Fabric Controller SQL注入漏洞

The Cisco Nexus Dashboard Fabric Controller is a cloud and data center network management software controller that simplifies the operation and management of data center networks. The Cisco Nexus Dashboard Fabric Controller suffers from a SQL injection vulnerability that can be exploited by remot...

PYSEC-2024-115

A vulnerability in the GraphCypherQAChain class of langchain-ai/langchain-community version 0.2.5 allows for SQL injection through prompt injection. This vulnerability can lead to unauthorized data manipulation, data exfiltration, denial of service DoS by deleting all data, breaches in multi-tena...

1000 Projects Bookstore Management System 安全漏洞

1000 Projects Bookstore Management System is an open source bookstore management system from 1000 Projects. A security vulnerability exists in 1000 Projects Bookstore Management System version 1.0 due to a SQL injection in the parameter id...

A vulnerability exists in the web/ajax/event.php module of the ZoneMinder video surveillance software, which allows a intruder to execute arbitrary code.

The vulnerability in the web/ajax/event.php module of the ZoneMinder video surveillance software lies in the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by injecting a specially crafted SQL query...

ZOHO ManageEngine ADManager Plus 安全漏洞

ZOHO ManageEngine ADManager Plus is a suite of Microsoft Active Directory management software from ZOHO, Inc. designed for enterprise users using Windows domains. The software assists AD administrators and helpdesk technicians with day-to-day administrative tasks, such as batch management of user...

Code-Projects Wazifa System SQL注入漏洞

Wazifa System is a content management system. Wazifa System suffers from a SQL injection vulnerability that stems from a lack of validation of externally-entered SQL statements in the parameter to of the file /controllers/control.php. An attacker can exploit this vulnerability to execute illegal...

PT-2024-16506 · Unknown · Wazifa System

Name of the Vulnerable Software and Affected Versions: Wazifa System version 1.0 Description: A critical issue affects the processing of the file /controllers/control.php, where the manipulation of the argument leads to sql injection. The attack may be initiated remotely. The exploit has been...

The vulnerability of the library for writing SQL queries in the Python python-sql language, related to improper elimination of equivalent special elements, allows a hacker to execute arbitrary SQL code.

The vulnerability of the library for writing SQL queries in the Python python-sql language is related to incorrect neutralization of equivalent special elements. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL code remotely...

PT-2024-16502 · Unknown · Code-Projects E-Health Care System

Name of the Vulnerable Software and Affected Versions: code-projects E-Health Care System version 1.0 Description: A critical issue has been found in the file /Admin/adminlogin.php, where the manipulation of the email and admin pswd arguments as part of a String leads to sql injection. The attack...

PT-2024-16501 · Unknown · Itsourcecode Farm Management System

Name of the Vulnerable Software and Affected Versions: itsourcecode Farm Management System version 1.0 Description: A critical issue was discovered in the itsourcecode Farm Management System. The vulnerability affects an unknown functionality of the file manage-breed.php. The manipulation of the...

CVE-2024-10609

A vulnerability, which was classified as critical, was found in itsourcecode Tailoring Management System Project 1.0. This affects an unknown part of the file typeadd.php. The manipulation of the argument sex leads to sql injection. It is possible to initiate the attack remotely. The exploit has...

The vulnerability of components of web conference services and applications of the Mitel MiCollab platform, related to the lack of measures to protect the SQL query structure, allows attackers to execute arbitrary code.

The vulnerability of the components of web conference services and the collaboration application platform Mitel MiCollab is related to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows an attacker to execute arbitrary code...

TONGDA Office Anywhere SQL注入漏洞

TONGDA Office Anywhere is a collaborative office OA system from China Tongda TONGDA. TONGDA Office Anywhere suffers from a SQL injection vulnerability, which originates from the ID parameter of the /pda/approvecenter/checkseal.php page containing a SQL injection vulnerability...

WordPress SIP Reviews Shortcode for WooCommerce plugin <= 1.2.3 - Authenticated (Contributor+) SQL Injection vulnerability

Authenticated Contributor+ SQL Injection vulnerability discovered by WordFence in WordPress Plugin SIP Reviews Shortcode for WooCommerce versions = 1.2.3...

WordPress 5 Stars Rating Funnel plugin <=1.4.01 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Trương Hữu Phúc Patchstack Alliance in WordPress Plugin 5 Stars Rating Funnel versions = 1.4.01...

WordPress Easy Gallery plugin <= 1.4 - SQL Injection vulnerability

SQL Injection vulnerability discovered by LVT-tholv2k Patchstack Alliance in WordPress Plugin Easy Gallery versions = 1.4...

CVE-2024-10561

A vulnerability was found in Codezips Pet Shop Management System 1.0. It has been classified as critical. This affects an unknown part of the file birdsupdate.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been...