AutoCMS 安全漏洞

AutoCMS is a content management system CMS from AutoCMS Open Source. It can help dealerships manage their website content, online advertising, social media and analytics. AutoCMS version 5.4 suffers from a SQL injection vulnerability that originates from the lack of validation of externally enter...

WordPress plugin TrueBooker 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

CVE-2024-8523

A vulnerability was found in lmxcms up to 1.4 and classified as critical. Affected by this issue is the function formatData of the file /admin.php?m=Acquisi&a=testcj&lid=1 of the component SQL Command Execution Module. The manipulation of the argument data leads to code injection. The attack may ...

PT-2024-39107 · Unknown · Itsourcecode Tailoring Management System

Name of the Vulnerable Software and Affected Versions: Itsourcecode Tailoring Management System version 1.0 Description: A critical issue was found in the Itsourcecode Tailoring Management System, affecting some unknown functionality of the file /inccatadd.php. The manipulation of the title...

The vulnerability of the Timeperiod component of the Centreon IT infrastructure monitoring software’s web interface allows a hacker to execute arbitrary SQL commands.

The vulnerability of the Timeperiod component of the Centreon IT infrastructure monitoring software’s web interface is related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL commands remotely...

The vulnerability of the Downtime web interface component of the Centreon IT infrastructure monitoring software allows a hacker to execute arbitrary SQL queries.

The vulnerability of the Downtime web interface component of the Centreon IT infrastructure monitoring software relates to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL queries remotely...

CVE-2024-45174

An issue was discovered in za-internet C-MOR Video Surveillance 5.2401 and 6.00PL01. Due to improper validation of user-supplied data, different functionalities of the C-MOR web interface are vulnerable to SQL injection attacks. This kind of attack allows an authenticated user to execute arbitrar...

PT-2024-38062

Name of the Vulnerable Software and Affected Versions Semtek Sempos versions through 31072024 Description The issue is related to an SQL Injection vulnerability, specifically a Blind SQL Injection, which affects Semtek Sempos. This vulnerability is due to the improper neutralization of special...

PT-2024-37957

Name of the Vulnerable Software and Affected Versions NACPremium versions through 01082024 Description The issue is related to an Improper Neutralization of Special Elements used in an SQL Command, also known as a SQL Injection vulnerability. This allows for Blind SQL Injection, which can...

The vulnerability in the AVEVA (Wonderware) Historian web server’s data archiving mechanism involves a lack of protection for the SQL query structure, allowing attackers to execute arbitrary code.

The vulnerability of AVEVA Wonderware Historian’s data archiving server is related to the lack of security measures for handling SQL query structures. Exploiting this vulnerability allows a malicious actor to execute arbitrary code, provided that the user specifically visits a specially crafted U...

Huachu Digital Easytest Online Test Platform 安全漏洞

Huachu Digital Easytest Online Test Platform is an online test platform from Huachu Digital. A security vulnerability exists in Huachu Digital Easytest Online Test Platform version ver.24E01 and prior versions, which originates from an SQL injection vulnerability in the search course titles metho...

Exploit for SQL Injection in Ultimatemember Ultimate_Member

This is a PoC exploit for CVE-2024-1071, a SQL injection vulnera...

ZOHO ManageEngine Exchange Reporter Plus SQL注入漏洞

ZOHO ManageEngine Exchange Reporter Plus is a Web-based Exchange Server reporting software from ZOHO, Inc. A SQL injection vulnerability exists in ZOHO ManageEngine Exchange Reporter Plus versions prior to 5715, which stems from susceptibility to SQL injection attacks...

CVE-2024-6671

In WhatsUp Gold versions released before 2024.0.0, if the application is configured with only a single user, a SQL Injection vulnerability allows an unauthenticated attacker to retrieve the users encrypted password...

postgresql: PostgreSQL relation replacement during pg_dump executes arbitrary SQL

A vulnerability was found in PostgreSQL. A Race condition in pgdump allows an object creator to execute arbitrary SQL functions as the user running pgdump, which is often a superuser...

WordPress plugin TI WooCommerce Wishlist SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection...

WordPress plugin Registrations for the Events Calendar SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A SQL injection vulnerability exists in WordPress plug...

WordPress plugin WBW Product Table PRO SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection vulnerabili...

SportsNET SQL注入漏洞

SportsNET is a sports event network application from SportsNET, Inc. SportsNET suffers from a SQL injection vulnerability that can be exploited by an attacker to retrieve, update, and delete all information in the database via a specially crafted SQL query...

PT-2024-30334

Name of the Vulnerable Software and Affected Versions StylemixThemes Cost Calculator Builder versions 3.2.15 and earlier Description The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows unauthorized database...