CVE-2024-35305

Unauth Time-Based SQL Injection in API allows to exploit HTTP request Authorization header. This issue affects Pandora FMS: from 700 through 777...

The vulnerability of the GetDBPatches method in the Ivanti Endpoint Manager software for managing endpoints in information networks allows a hacker to execute arbitrary code.

The vulnerability of the GetDBPatches method in the Ivanti Endpoint Manager software for managing endpoints in information networks relates to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using a...

The vulnerability of the GetDBVulnerabilities method in the Ivanti Endpoint Manager software for managing endpoints in information networks allows a hacker to execute arbitrary code.

The vulnerability of the GetDBVulnerabilities method in the Ivanti Endpoint Manager software for managing endpoints in information networks is related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary code...

The vulnerability of the NotificationX plugin of the WordPress content management system allows a hacker to execute arbitrary SQL queries.

The vulnerability of the NotificationX plugin in the WordPress content management system is related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL queries remotely...

The vulnerability of the GetVulnerabilitiesDataTable method in the Ivanti Endpoint Manager software for managing endpoints in information networks allows a hacker to execute arbitrary code.

The vulnerability of the GetVulnerabilitiesDataTable method in the Ivanti Endpoint Manager software for managing endpoints in information networks is related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary...

The functionality of the pages.php component in the Content Management System allows a hacker to execute arbitrary code or enhance their privileges.

The vulnerability of the pages.php component in the Content Management System software is related to the failure to implement measures to protect the SQL query structure. Exploiting this vulnerability allows an attacker to execute arbitrary code or gain increased privileges...

CVE-2024-35750

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in wpdevart Responsive Image Gallery, Gallery Album.This issue affects Responsive Image Gallery, Gallery Album: from n/a through 2.0.3...

The vulnerability of the GetLogFileRulesNameUniqueSQL method in the Ivanti Endpoint Manager software for managing endpoints in information networks allows a attacker to execute arbitrary code.

The vulnerability of the GetLogFileRulesNameUniqueSQL method in the Ivanti Endpoint Manager software for managing endpoints in information networks is related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrar...

Chanjet Smooth T+system SQL Injection Vulnerability

Chanjet Smooth T+system is an enterprise management software from China's Changjitong Chanjet, which is mainly for small and medium-sized enterprises, providing comprehensive solutions for finance, business, production and supply chain management. The system is designed to help enterprises realiz...

PT-2024-36833

Name of the Vulnerable Software and Affected Versions Chanjet Smooth T+ system version 3.5 Description A critical issue has been found in the system, affecting the processing of the file /tplus/UFAQD/keyEdit.aspx. The manipulation of the KeyID argument leads to SQL injection. The attack can be...

Ivanti Neurons SQL Injection Vulnerability

Ivanti Neurons is a groundbreaking platform from US-based Ivanti that simplifies and automates IT systems. Ivanti Neurons for ITSM suffers from a SQL injection vulnerability that originates from a SQL injection vulnerability in a web component that allows a remote authenticated user to read,...

Ivanti EPM 安全漏洞

Ivanti EPM is a one-stop shop for managing user profiles and all client devices from Ivanti USA. An SQL injection vulnerability exists in Ivanti EPM 2022 SU5 and prior versions, which can be exploited by an attacker to execute arbitrary code...

Ivanti EPM SQL注入漏洞

Ivanti EPM is a one-stop shop for managing user profiles and all client devices from Ivanti USA. An SQL injection vulnerability exists in Ivanti EPM 2022 SU5 and prior versions, which can be exploited by an attacker to execute arbitrary code...

Ivanti EPM SQL注入漏洞

Ivanti EPM is a one-stop shop for managing user profiles and all client devices from Ivanti USA. An SQL injection vulnerability exists in Ivanti EPM 2022 SU5 and prior versions, which can be exploited by an attacker to execute arbitrary code...

Ivanti EPM SQL注入漏洞

Ivanti EPM is a one-stop shop for managing user profiles and all client devices from Ivanti USA. An SQL injection vulnerability exists in Ivanti EPM 2022 SU5 and prior versions, which can be exploited by an attacker to execute arbitrary code...

Dino Physics School Assistant SQL Injection Vulnerability

Dino Physics School Assistant is an application. A SQL injection vulnerability exists in Dino Physics School Assistant version 2.3, which stems from unrecognized code in /classes/Master.php that causes SQL injection via the parameter id...

Dino Physics School Assistant SQL Injection Vulnerability

Dino Physics School Assistant is an application. A SQL injection vulnerability exists in Dino Physics School Assistant version 2.3, which stems from unrecognized code in /classes/Master.php that causes SQL injection via the parameter id...

PT-2024-40160 · Unknown · Tablelookupwizard

Name of the Vulnerable Software and Affected Versions: tablelookupwizard versions prior to 3.3.5 tablelookupwizard versions prior to 4.0.0 Description: The issue is related to the sanitization of widget values before they are passed to the database, which could lead to an SQL injection possibilit...

The vulnerability of the form_save() function in the Cacti network monitoring software allows a hacker to execute arbitrary SQL queries.

The vulnerability of the formsave function in the Cacti network monitoring software is related to the lack of validation for the consistency of XML objects. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL queries remotely...

CVE-2024-33805

A SQL injection vulnerability in /model/getstudent.php in campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the id parameter...