PT-2024-39978 · Formosasoft · Ee-Class

Name of the Vulnerable Software and Affected Versions: FormosaSoft ee-class affected versions not specified Description: The issue concerns a failure to properly validate a specific page parameter in the ee-class from FormosaSoft, allowing remote attackers with regular privileges to inject...

NewType FlowMaster BPM Plus SQL注入漏洞

NewType FlowMaster BPM Plus is a business process management system from NewType, a Chinese company. A SQL injection vulnerability exists in NewType FlowMaster BPM Plus, which arises from a specific query function that does not properly restrict user input, allowing a remote attacker with regular...

The vulnerability of Microsoft Configuration Manager software for managing IT infrastructure lies in the lack of protective measures for the SQL query structure, allowing attackers to execute arbitrary code.

The vulnerability of Microsoft Configuration Manager software for managing IT infrastructure is related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

WordPress plugin Tainacan SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection...

PT-2024-39844 · Unknown · Code-Projects Blood Bank System

Name of the Vulnerable Software and Affected Versions: code-projects Blood Bank System version 1.0 Description: A critical issue was found in the code-projects Blood Bank System, affecting an unknown function of the file register.php. The manipulation of the user argument leads to SQL injection. ...

LyLme Spage SQL注入漏洞

LyLme Spage six zero navigation page is China six zero LyLme open source a navigation page . Dedicated to simple and efficient advertising-free Internet navigation and search portal , support for background links , custom search engine , precipitation of the most valuable links , no commercial...

LyLme Spage SQL注入漏洞

LyLme Spage six zero navigation page is China six zero LyLme open source a navigation page . Dedicated to simple and efficient advertising-free Internet navigation and search portal , support for background links , custom search engine , precipitation of the most valuable links , no commercial...

LyLme Spage SQL注入漏洞

LyLme Spage six zero navigation page is China six zero LyLme open source a navigation page . Dedicated to simple and efficient advertising-free Internet navigation and search portal , support for background links , custom search engine , precipitation of the most valuable links , no commercial...

Online Eyewear Shop SQL注入漏洞

Online Eyewear Shop is an online eyewear store by the individual developer Carlo Montero. A SQL injection vulnerability exists in Online Eyewear Shop version 1.0, which originates in the file /classes/Master.php?f=deleteproduct where the parameter id of the function deleteproduct can lead to SQL...

EsafeNet CDG SQL注入漏洞

EsafeNet CDG is a document security management system from EsafeNet. EsafeNet CDG V5 version exists SQL injection vulnerability, the vulnerability stems from the parameter id of the file /CDGServer3/document/Catelogs;logindojojs?command=DelCatelogs will lead to SQL injection...

Cavok SQL注入漏洞

Cavok is an application from Cavok, Inc. Cavok suffers from a SQL injection vulnerability that stems from improper neutralization of special elements...

SonarSource SonarQube 安全漏洞

SonarSource SonarQube is an open source code quality management system from SonarSource, Switzerland. A security vulnerability exists in SonarSource SonarQube version 10.4 up to and including 10.6. An attacker can exploit the vulnerability to inject blind SQL commands...

CADClick 安全漏洞

CADClick is a software solution from CADClick, Inc. that creates interactive catalogs of 2D/3D CAD data for individual customer CAD catalogs. A security vulnerability exists in CADClick v1.11.0 and earlier versions that stems from the presence of a SQL injection vulnerability that allows remote...

The vulnerability of the web application for managing rental housing, the Campcodes House Rental System, arises from the lack of measures to protect the SQL query structure. This allows attackers to execute arbitrary SQL queries.

The vulnerability of the web application for managing rental housing, Campcodes House Rental System, is related to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL queries remotely...

The vulnerability of the software solutions for control, management, and audit, namely Zoho ManageEngine Password Manager Pro, and the ManageEngine Privileged Access Manager 360 (PAM360) software, allows a perpetrator to execute arbitrary code.

The vulnerability of the Zoho ManageEngine Password Manager Pro and the ManageEngine Privileged Access Manager 360 PAM360 software solutions lies in the lack of measures taken to neutralize special elements used in the operating system’s command set. Exploiting this vulnerability could allow a...

Codezips Online Shopping Portal SQL注入漏洞

Codezips Online Shopping Portal is a Codezips open source online store system. A SQL injection vulnerability exists in Codezips Online Shopping Portal version 1.0, which stems from an incorrect operation of the username parameter that can lead to sql injection...

EsafeNet CDG 安全漏洞

EsafeNet CDG is a document security management system from EsafeNet. A security vulnerability exists in EsafeNet CDG version V5, which is caused by a SQL injection vulnerability in the id parameter of the NavigationAjax interface...

yylAdmin SQL注入漏洞

yylAdmin is a minimalist backend management system based on ThinkPHP8 and Vue3 by skyselang individual developer. SQL injection vulnerability exists in yylAdmin 3.0 and earlier versions, the vulnerability stems from the parameter isdisable in the file /app/admin/controller/file/File.php which can...

PT-2024-32277 · Ipswitch · Whatsup Gold

Name of the Vulnerable Software and Affected Versions: WhatsUp Gold versions prior to 2024.0.1 Description: A SQL Injection issue allows an authenticated low-privileged user, with at least Report Viewer permissions, to escalate privileges to the admin account. This issue can be exploited by a use...

PT-2024-39128

Name of the Vulnerable Software and Affected Versions: ValeApp versions prior to 2.0.0 Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL Injection, potentially compromising the securit...