CVE-2024-37858

SQL Injection vulnerability in Lost and Found Information System 1.0 allows a remote attacker to escalate privileges via the id parameter to php-lfis/admin/categories/managecategory.php...

CVE-2024-7191

A vulnerability, which was classified as critical, has been found in itsourcecode Society Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/getbalance.php. The manipulation of the argument studentid leads to sql injection. The attack may be launched...

Complaints Report Management System SQL注入漏洞

Complaints Report Management System is a Complaints Report Management System by Carlo Montero Personal Developer. A SQL injection vulnerability exists in Complaints Report Management System version 1.0, which is caused by an SQL injection vulnerability in the id parameter of the...

ChurchCRM 安全漏洞

ChurchCRM is an open source CRM system for churches. ChurchCRM 5.8.0 and prior versions suffer from a SQL injection vulnerability that stems from the application's lack of validation of externally entered SQL statements. An attacker can exploit this vulnerability to execute illegal SQL commands t...

Tianchoy Blog SQL注入漏洞

Tianchoy Blog is a blog site of Tianchoy personal developer. A SQL injection vulnerability exists in Tianchoy Blog version 1.8.8 and earlier versions, which stems from an incorrect operation of the search parameter that can lead to sql injection...

Online-Payroll-Management-System SQL注入漏洞

Online-Payroll-Management-System is an online payroll management system by the individual developer MD MAFUJUL HASAN. A SQL injection vulnerability exists in Online-Payroll-Management-System version 20230911 and prior versions, which stems from an incorrect manipulation of the parameter id that c...

RHUB TurboMeeting 安全漏洞

RHUB TurboMeeting is a collaboration solution from RHUB Corp. It provides web conferencing, remote support, audio conferencing, video conferencing, remote access, and webinar support. A security vulnerability exists in RHUB TurboMeeting versions prior to 8.X. The vulnerability is caused by a remo...

The vulnerability of the getFilterString method in the microprogramming software for network devices of the ProSAFE Network Management System (NMS300) allows a perpetrator to execute arbitrary code.

The vulnerability of the getFilterString method in the ProSAFE Network Management System NMS300 microprogramming device lies in the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows an attacker operating remotely to execute arbitrary code...

The vulnerability of the testServiceExistence() function in the software for monitoring IT infrastructure of Centreon allows a hacker to execute arbitrary code.

The vulnerability of the testServiceExistence function in the Centreon IT infrastructure monitoring software is related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

The vulnerability of the Siemens RUGGEDCOM CROSSBOW access control system lies in the lack of protection for the SQL query structure, allowing attackers to execute arbitrary SQL queries against the database.

The vulnerability of the Siemens RUGGEDCOM CROSSBOW access control system lies in the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL queries against the database...

The vulnerability of the Arfa-CMS content management system lies in the lack of measures taken to protect the SQL query structure, allowing for the execution of arbitrary SQL queries.

The vulnerability of the Arfa-CMS content management system is related to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL queries remotely...

CVE-2024-38773

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Adrian Tobey FormLift for Infusionsoft Web Forms allows Blind SQL Injection.This issue affects FormLift for Infusionsoft Web Forms: from n/a through 7.5.17...

CVE-2024-6967

A vulnerability was found in SourceCodester Employee and Visitor Gate Pass Logging System 1.0. It has been classified as critical. This affects an unknown part of the file /employeegatepass/admin/?page=employee/manageemployee. The manipulation of the argument id leads to sql injection. It is...

WordPress uipress-lite plugin <= 3.4.06 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Nguyễn Trung Kiên Patchstack Alliance in WordPress Plugin UiPress lite versions = 3.4.06...

CVE-2024-0857

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Universal Software Inc. FlexWater Corporate Water Management allows SQL Injection. This issue affects FlexWater Corporate Water Management: before 5.452.0...

CVE-2024-40392

SourceCodester Pharmacy/Medical Store Point of Sale System Using PHP/MySQL and Bootstrap Framework with Source Code 1.0 was discovered to contain a SQL injection vulnerability via the name parameter under addnew.php...

Apache Superset 安全漏洞

Apache Superset is a data visualization and data exploration platform from the Apache USA Foundation. Apache Superset suffers from a SQL injection vulnerability that can be exploited by an attacker to view, add, modify, or delete information in the back-end database...

PT-2024-5669 · Unknown · Netcat Cms

Name of the Vulnerable Software and Affected Versions: Netcat CMS affected versions not specified Description: The issue is related to the implementation of the get component fields method in the comments module of the Netcat CMS system, which fails to take measures to protect the SQL query...

PT-2024-5690 · Unknown · Netcat Cms

Name of the Vulnerable Software and Affected Versions: Netcat CMS affected versions not specified Description: The issue is related to the implementation of the subscribes delete confirm method in the comments module of the Netcat CMS system, which fails to take measures to protect the SQL query...

CVE-2024-40560

Tmalldemo before v2024.07.03 was discovered to contain a SQL injection vulnerability...