Hitachi Energy MicroSCADA X SYS600 SQL注入漏洞

Hitachi Energy MicroSCADA X SYS600 is a SCADA product from Hitachi, Japan. It ensures optimal control and reliable operation of your switching station through seamless integration and connectivity between different devices and systems. A SQL injection vulnerability exists in Hitachi Energy...

Brain Low-Code SQL注入漏洞

Brain Low-Code is a software development platform from Brain Low-Code that requires little to no coding to build applications and processes. An SQL injection vulnerability exists in versions of Brain Low-Code prior to 2.1.0. No information about this vulnerability is available at this time, so st...

RuoYi 安全漏洞

RuoYi is a backend management system for individual developers of RuoYi in China. A security vulnerability exists in RuoYi version 4.7.9, which originates from a SQL injection vulnerability in the jobid parameter via /sasfs1...

The vulnerability of the SIEM system testing tool Kraken Stress Testing Toolkit lies in the lack of measures taken to protect the SQL query structure, allowing attackers to execute arbitrary code.

The vulnerability of the SIEM systems’ load testing tools, such as the Kraken Stress Testing Toolkit, is related to the lack of measures taken to protect SQL query structures. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by injecting specially crafted data into...

CVE-2024-8139

A vulnerability has been found in itsourcecode E-Commerce Website 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file searchlist.php. The manipulation of the argument user leads to sql injection. The attack can be launched remotely. The exploit h...

OESA-2024-2056 postgresql security update

PostgreSQL is an advanced Object-Relational database management system DBMS that supports almost all SQL constructs including transactions, subselects and user-defined types and functions. The postgresql package includes the client programs and libraries that you'll need to access a PostgreSQL DB...

ZOHO ManageEngine ADAudit Plus 安全漏洞

ZOHO ManageEngine ADAudit Plus is ZOHO's solution for simplifying audits, proving compliance and detecting threats. A SQL injection vulnerability exists in ZOHO ManageEngine ADAudit Plus prior to version 8121, which can be exploited by an attacker to execute custom queries and access database tab...

ZOHO ManageEngine ADAudit Plus 安全漏洞

ZOHO ManageEngine ADAudit Plus is ZOHO's solution for simplifying audits, proving compliance and detecting threats. ZOHO ManageEngine ADAudit Plus prior to version 8000 suffers from a SQL injection vulnerability that can be exploited by an attacker to execute arbitrary SQL commands...

Centreon Web 安全漏洞

Centreon Web is a set of open source system monitoring tools from the French company Centreon . The product provides monitoring capabilities for network, system and application resources. A security vulnerability exists in Centreon Web, which originates from a SQL injection vulnerability in the...

PT-2024-40507 · Diesel · Diesel

Name of the Vulnerable Software and Affected Versions: Diesel versions prior to 2.2.3 Description: The issue concerns a SQL injection vulnerability that can be exploited by encoding a value larger than 4GiB, causing the length prefix in the protocol to overflow. This can lead to the server...

WordPress WBW Product Table PRO plugin <= 1.9.4 - Unauthenticated Arbitrary SQL Query Execution vulnerability

Unauthenticated Arbitrary SQL Query Execution vulnerability discovered by Dave Jong Patchstack in WordPress Plugin WBW Product Table PRO versions = 1.9.4...

Payroll Management System SQL注入漏洞

Payroll Management System is itsourcecode open source payroll management system. Payroll Management System version 1.0 has a SQL injection vulnerability , the vulnerability stems from the login.php file username parameter has a SQL injection vulnerability...

Kashipara Music Management System 安全漏洞

Kashipara Music Management System is a music management system from Kashipara. Kashipara Music Management System v1.0 suffers from a SQL injection vulnerability, which originates from the lack of validation of the id parameter of /music/controller.php?page=viewmusic against external SQL input,...

CVE-2024-42567

School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via the sid parameter at /search.php?action=2...

SourceCodester Point of Sales and Inventory Management System SQL注入漏洞

SourceCodester Point of Sales and Inventory Management System is a point of sale and inventory management system from SourceCodester, Inc. A SQL injection vulnerability exists in SourceCodester Point of Sales and Inventory Management System version 1.0, which originates from a SQL injection...

School-Management-System 安全漏洞

School-Management-System is a school management system by the individual developer Jyothi Babu Araja. A security vulnerability exists in School-Management-System due to an SQL injection vulnerability in the medium parameter of the dtmarks.php page...

PT-2024-30024 · Erp · Erp

Name of the Vulnerable Software and Affected Versions: ERP affected versions not specified Description: A SQL injection vulnerability was discovered in ERP commit 44bd04. The issue is related to the id parameter at the "/index.php/basedata/inventory/delete?action=delete" endpoint. This allows for...

SourceCodester Clinics Patient Management System SQL注入漏洞

SourceCodester Clinics Patient Management System is a clinic patient management system from SourceCodester, Inc. A SQL injection vulnerability exists in SourceCodester Clinics Patient Management System version 1.0, which stems from an incorrect operation of the parameter medicineid that can lead ...

The vulnerability of the QuerySet.values() and values_list() methods of the Django web application’s JSONField model allows a attacker to execute arbitrary code.

The vulnerability of the QuerySet.values and valueslist methods of the Django web application’s JSONField model is related to the lack of security measures for handling SQL queries. Exploiting this vulnerability allows an attacker to execute arbitrary code by sending a specially crafted SQL query...

CVE-2024-43145

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in AyeCode Ltd GeoDirectory.This issue affects GeoDirectory: from n/a through 2.3.61...