CVE-2024-7798

A vulnerability was found in SourceCodester Simple Online Bidding System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /simple-online-bidding-system/bidding/admin/ajax.php?action=login2. The manipulation of the argument username lead...

PT-2024-24467 · Stash · Stash

Name of the Vulnerable Software and Affected Versions: Stash versions up to 0.25.1 Description: The issue is related to a SQL injection vulnerability. This vulnerability can be exploited via the sort parameter. Recommendations: For versions up to 0.25.1, as a temporary workaround, consider...

PT-2024-5850 · Aveva · Aveva Historian Server

Name of the Vulnerable Software and Affected Versions: AVEVA Historian Server affected versions not specified Description: The issue is related to the lack of protection against malicious SQL commands. If exploited, it could allow a remote attacker to execute arbitrary code under the privileges o...

Vehicle Management System SQL注入漏洞

Vehicle Management System is a vehicle management system by Warren Daloyan, an individual developer. A SQL injection vulnerability exists in Vehicle Management System version 1.0, which stems from an incorrect manipulation of the parameter id that can lead to sql injection...

Simple Online Bidding System SQL注入漏洞

Simple Online Bidding System is an online bidding system by oretnom23 individual developer. A SQL injection vulnerability exists in Simple Online Bidding System version 1.0, which stems from an incorrect manipulation of the parameter username that can lead to sql injection...

SECOM Dr.ID Access Control System SQL注入漏洞

SECOM Dr.ID Access Control System is an access control system of China Zhongbao SECOM Corporation. A SQL injection vulnerability exists in SECOM Dr.ID Access Control System versions prior to 3.5.0.0.0.5, which stems from the presence of specific page parameters that are not properly validated,...

The vulnerability of the software for automation of support and control of hardware and software systems from SysAid lies in the lack of measures taken to protect the SQL query structure, allowing attackers to carry out attacks based on SQL injections.

The vulnerability of the software used for automating support and control of hardware and software systems from SysAid is related to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to carry out attacks based on SQL injections...

CVE-2024-7750

A vulnerability has been found in SourceCodester Clinics Patient Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /medicines.php. The manipulation of the argument medicinename leads to sql injection. The attack can be launche...

SourceCodester Accounts Manager App SQL注入漏洞

SourceCodester Accounts Manager App is a web-based application from SourceCodester, Inc. It is designed to manage online accounts efficiently and securely. A SQL injection vulnerability exists in SourceCodester Accounts Manager App version 1.0, which stems from the parameter account in the file...

ZOHO ManageEngine ADAudit Plus 安全漏洞

ZOHO ManageEngine ADAudit Plus is used by ZOHO to simplify auditing, demonstrate compliance and detect threats. A security vulnerability exists in ZOHO ManageEngine ADAudit Plus version 8003 and prior versions, which arises from vulnerability to authenticated SQL injection attacks in user session...

The vulnerability of the “fields” parameter on the Pangeo Radar platform’s separate data storage and management system allows a hacker to execute arbitrary SQL queries against the database.

The vulnerability of the “fields” parameter on the Pangeo Radar platform’s separate data storage and management system is related to the lack of measures taken to neutralize special elements used in SQL queries. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL queri...

PT-2024-28866 · Unknown · Kashipara Online Exam System

Name of the Vulnerable Software and Affected Versions: Kashipara Online Exam System version 1.0 Description: A SQL injection vulnerability in "/admin/quizquestion.php" allows remote attackers to execute arbitrary SQL commands via the eid parameter. Recommendations: For Kashipara Online Exam Syste...

WordPress plugin Slider by 10Web – Responsive Image Slider 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

PT-2024-38373 · Avaya · Avaya Aura System Manager

Name of the Vulnerable Software and Affected Versions: Avaya Aura System Manager versions 10.1.x.x through 10.2.x.x Avaya Aura System Manager versions prior to 10.1 Description: A SQL injection issue was discovered, allowing a command line interface user with administrative privileges to execute...

PT-2024-29316 · Unknown · Kashipara Responsive School Management System

Name of the Vulnerable Software and Affected Versions: Kashipara Responsive School Management System version 1.0 Description: A SQL injection issue allows an attacker to execute arbitrary SQL commands via the username parameter in the /smsa/student login.php endpoint. This can lead to data theft...

The vulnerability of the OLE DB driver for SQL Server, related to insufficient validation of input data, allows a hacker to execute arbitrary code.

The vulnerability of the OLE DB driver for SQL Server is related to buffer overflow in the “heap”. Exploiting this vulnerability can allow a malicious actor to execute arbitrary code remotely...

The vulnerability of the OLE DB driver for SQL Server, related to integer overflow, allows an attacker to execute arbitrary code.

The vulnerability of the OLE DB driver for SQL Server is related to integer overflow. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

CVE-2024-33964

SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following 'id' in '/admin/modusers/index.php'...

CVE-2024-33960

SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following 'end' in...

The vulnerability of the OLE DB driver for SQL Server, related to insufficient validation of input data, allows a hacker to execute arbitrary code.

The vulnerability of the OLE DB driver for SQL Server is related to buffer overflow in the “heap”. Exploiting this vulnerability can allow a malicious actor to execute arbitrary code remotely...