CVE-2024-6743

AguardNet's Space Management System does not properly validate user input, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents...

Employee and Visitor Gate Pass Logging System SQL Injection Vulnerability

Employee and Visitor Gate Pass Logging System is an employee and visitor pass logging system developed by Carlo Montero, an individual developer. An SQL injection vulnerability exists in Employee and Visitor Gate Pass Logging System version 1.0, which stems from a parameter id in the file...

PT-2024-5175 · Unknown · Tailoring Management System

Name of the Vulnerable Software and Affected Versions: Tailoring Management System version 1.0 Description: The issue is related to a lack of protection against SQL query structure exploitation in the templateadd.php file. This allows a remote attacker to execute arbitrary SQL code, gain...

PT-2024-5100 · Apache · Apache Linkis

Name of the Vulnerable Software and Affected Versions: Apache Linkis versions = 1.8.0 241. For Apache Linkis versions = 1.5.0, upgrade Linkis to version 1.6.0...

PT-2024-5860 · Glpi +2 · Glpi +2

Name of the Vulnerable Software and Affected Versions: GLPI versions prior to 10.0.16 Description: The issue is related to a SQL injection vulnerability in some AJAX scripts of the GLPI software. This vulnerability can be exploited by an authenticated user to alter another user's account data and...

CVE-2024-37870

SQL injection vulnerability in processscore.php in Learning Management System Project In PHP With Source Code 1.0 allows attackers to execute arbitrary SQL commands via the id parameter...

CVE-2024-37323

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability...

PT-2024-5453 · Microsoft · Sql Server Native Client Ole Db Provider

Name of the Vulnerable Software and Affected Versions: SQL Server Native Client OLE DB Provider affected versions not specified Description: The issue is related to an integer overflow in the SQL Server Native Client OLE DB Provider. Exploitation of this issue may allow a remote attacker to execu...

Kelixun Communication Command and Dispatch Management Platform Security Vulnerability

Kelixun Communication Command and Dispatch Management Platform Kelixun is a communication command and dispatch management platform from Kelixun, China. A security vulnerability exists in Kelixun Communication Command and Dispatch Management Platform version 7.6.6.439 and prior versions, which...

MegaBIP Security Vulnerabilities

MegaBIP is a software for creating BIP websites. A security vulnerability exists in MegaBIP version 5.13 and earlier, which stems from a SQL injection vulnerability in the parameters that allows an unauthorized attacker to disclose database content and obtain an administrator token to modify page...

Billing System security breach

Billing System is a billing system by angel jude suarez personal developer. A security vulnerability exists in Billing System version 1.0, which stems from an SQL injection vulnerability that allows remote attackers to execute arbitrary SQL commands via the username parameter...

NHibernate Security Vulnerabilities

NHibernate is a mature, open source object-relational mapper from NHibernate Open Source. A security vulnerability exists in NHibernate. An attacker exploiting this vulnerability can construct SQL queries directly on the user side using the ObjectToSQLString method...

PT-2024-37625 · Unknown · Hitout Carsale

Name of the Vulnerable Software and Affected Versions: Hitout Carsale version 1.0 Description: A critical issue has been discovered, affecting the OrderController.java file. The manipulation of the orderBy argument leads to SQL injection. This issue can be exploited remotely. Recommendations: For...

Vanna Code Issue Vulnerability

Vanna is a personalized AI SQL agent from Vanna Inc. Vanna version v0.3.4 suffers from a code issue vulnerability that stems from vulnerability to SQL injection attacks, where an attacker can inject malicious SQL training data and generate corresponding queries to write arbitrary files on the...

PT-2024-37575 · Bethesda · Bethesda Online Reservation System

Name of the Vulnerable Software and Affected Versions: Bethesda Online Reservation System version 1.0 Description: A critical issue has been found in the Bethesda Online Reservation System, affecting some unknown functionality of the file controller.php. The manipulation of the rmtype id argument...

The vulnerability of the software for FileCatalyst Workflow’s file exchange mechanism lies in the lack of protective measures for the SQL query structure, allowing attackers to exploit their privileges.

The vulnerability of the FileCatalyst Workflow file sharing software relates to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor to enhance their privileges by injecting specially crafted SQL queries...

Magarsus Consultancy SSO SQL Injection Vulnerability

Magarsus Consultancy SSO is a single sign-on application from Magarsus Consultancy. A SQL injection vulnerability exists in Magarsus Consultancy SSO Single Sign On versions 1.0 through 1.1, which arises from an improper neutralization of special elements used in SQL commands, insufficient...

Intrado 911 Emergency Gateway Security Vulnerability

Intrado 911 Emergency Gateway is an on-premise management appliance from Intrado USA. A security vulnerability exists in Intrado 911 Emergency Gateway that stems from a login form that is susceptible to a blind SQL injection attack, which allows an attacker to execute malicious code, steal data, ...

VulnCheck KEV: CVE-2023-2215

A vulnerability classified as critical has been found in Campcodes Coffee Shop POS System 1.0. Affected is an unknown function of the file /admin/user/manageuser.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been...

CVE-2024-5989

Due to an improper input validation, an unauthenticated threat actor can send a malicious message to invoke SQL injection into the program and cause a remote code execution condition on the Rockwell Automation ThinManager® ThinServer™...