Employee Task Management System SQL注入漏洞

Employee Task Management System is an Employee Task Management System developed by Carlo Montero, an individual developer. A SQL injection vulnerability exists in Employee Task Management System v1.0, which is vulnerable to SQL injection via admin-manage-user.php...

CVE-2024-32872 Umbraco Workflow's Backoffice users can execute arbitrary SQL

Umbraco workflow provides workflows for the Umbraco content management system. Prior to versions 10.3.9, 12.2.6, and 13.0.6, an Umbraco Backoffice user can modify requests to a particular API endpoint to include SQL, which will be executed by the server. Umbraco Workflow versions 10.3.9, 12.2.6,...

Computer Laboratory Management System 安全漏洞

Computer Laboratory Management System is a computer laboratory management system. A security vulnerability exists in Computer Laboratory Management System v1.0, which originates from a SQL injection vulnerability in the parameter id of the component /admin/...

The vulnerability of the Grafana module in the monitoring and IT environment management system Pandora FMS allows a perpetrator to gain unauthorized access to protected information and execute arbitrary SQL code.

The vulnerability of the Grafana module in the monitoring and management system for IT environments developed by Pandora FMS is related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor, operating remotely, to gain unauthorized...

PT-2024-23698 · Unknown · Autoexpress

Name of the Vulnerable Software and Affected Versions: autoexpress version 1.3.0 Description: The issue allows attackers to run arbitrary SQL commands via the carId parameter, potentially leading to unauthorized data access or modification. Recommendations: For autoexpress version 1.3.0, avoid...

CVE-2024-30985

SQL Injection vulnerability in "B/W Dates Reports" page in phpgurukul Client Management System using PHP & MySQL 1.1 allows attacker to execute arbitrary SQL commands via "todate" and "fromdate" parameters...

Student Record System manage-courses.php File SQL Injection Vulnerability

Student Record System is a software application. Student Record System suffers from a SQL injection vulnerability that originates from a lack of validation of externally entered SQL statements in the del parameter of the file /manage-courses.php?del=1. An attacker can exploit this vulnerability t...

PT-2024-11749 · WordPress · Js Help Desk

Name of the Vulnerable Software and Affected Versions: JS Help Desk – Best Help Desk & Support Plugin versions through 2.7.1 Description: The issue is related to an Improper Neutralization of Special Elements used in an SQL Command, also known as a SQL Injection vulnerability. This allows for...

Small CRM Registration Page SQL Injection Vulnerability

Small CRM is a customer relationship management system. Small CRM suffers from a SQL injection vulnerability that originates from a lack of validation of externally entered SQL statements on the registration page. An attacker can exploit this vulnerability to execute illegal SQL commands to steal...

The vulnerability of the operating environment for managing and maintaining the Dell Unity Operating Environment (DELL Unity Operating Environment) relates to the lack of protection for SQL query structures, which allows attackers to exploit the protected information.

The vulnerability of the operating environment for managing and maintaining Dell Unity Operating Environment OE storage systems is related to the lack of protection for SQL query structures. Exploiting this vulnerability can allow a malicious actor to disclose sensitive information...

WordPress Shopping Cart & eCommerce Store plugin <= 5.6.3 - Authenticated (Contributor+) SQL Injection vulnerability

Authenticated Contributor+ SQL Injection vulnerability discovered by Krzysztof Zając in WordPress Plugin WP EasyCart versions = 5.6.3...

WordPress Plugin Podlove Podcast Publisher SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress Plugin...

WordPress Plugin WooCommerce Customers Manager 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL. WordPress plugin is an application plugin. A security vulnerability exists in...

Macrob7 Macs Framework Cms 安全漏洞

Macrob7 Macs Framework Cms is an open source Cms framework by the individual developer Macdonald Terrence Robinson. A security vulnerability exists in Macrob7 Macs CMS version 1.1.4f and earlier, which stems from the presence of a SQL injection vulnerability that could allow a remote attacker to...

WordPress Plugin BWL Advanced FAQ Manager SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. WordPress Plugin BWL Advanced FAQ Manager i...

PHPGurukul Small CRM SQL注入漏洞

Small CRM is a customer relationship management system. Small CRM suffers from a SQL injection vulnerability that originates from a lack of validation of externally entered SQL statements on the registration page. An attacker can exploit this vulnerability to execute illegal SQL commands to steal...

PHPGurukul Small CRM SQL注入漏洞

Small CRM is a customer relationship management system. A SQL injection vulnerability exists in Small CRM, which stems from a lack of validation of externally-entered SQL statements in the change password handler. An attacker can exploit this vulnerability to execute illegal SQL commands to steal...

Desdev DedeCMS SQL注入漏洞

Desdev DedeCMS Dream Weaving Content Management System is a PHP-based open source content management system CMS from China's Zhuozhuo Network Desdev. The system features content publishing, content management, content editing and content retrieval. DedeCMS 5.7.112-UTF8 has a SQL injection...

Church Management System SQL注入漏洞

Church Management System is a church management system. A SQL injection vulnerability exists in version 1.0 of the Church Management System, which is caused by a SQL injection vulnerability in the password parameter of the login.php file...

CVE-2024-26210

Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability...