JFinalCMS SQL注入漏洞

JFinalCMS is a content management system. JFinalCMS version 5.0.0 suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the file /admin/divdata/delete. An attacker can exploit this vulnerability to execute illegal SQL comman...

PandaX SQL Injection Vulnerability

PandaX is PandaX open source a Go language open source low-code development framework for enterprise IoT platforms. An SQL injection vulnerability exists in PandaX version 20240310 and earlier versions, which stems from the fact that incorrect manipulation of the parameter roleKey can lead to sql...

Online-College-Event-Hall-Reservation-System Security Vulnerability

Online-College-Event-Hall-Reservation-System is an online college event hall reservation system by Magesh K individual developer. Designed to automate the hall booking process to eliminate manual logging and increase efficiency. A security vulnerability exists in...

CVE-2024-2480

A vulnerability classified as critical was found in MHA Sistemas arMHAzena 9.6.0.0. This vulnerability affects unknown code of the component Executa Page. The manipulation of the argument Companhia/Planta/Agente de/Agente até leads to sql injection. The attack can be initiated remotely. The explo...

The vulnerability of the Fortinet FortiClient Enterprise Management Server (EMS) server lies in the lack of security measures for the SQL query structure, allowing attackers to execute arbitrary code or commands.

The vulnerability of the Fortinet FortiClient Enterprise Management Server EMS server relates to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary code or commands by sending specially crafted SQL queries...

PrestaShop SQL Injection Vulnerability

PrestaShop is an open source e-commerce solution from PrestaShop, Inc. in the United States. The solution provides multiple payment methods, short message alerts, and product image scaling. A SQL injection vulnerability exists in PrestaShop stproductcomments v.1.0.5 and earlier versions, which...

SourceCodester Best POS Management System SQL Injection Vulnerability

SourceCodester Best POS Management System is a POS management system from SourceCodester, Inc. A SQL injection vulnerability exists in SourceCodester Best POS Management System version 1.0, which stems from a parameter id in the file /vieworder.php that can lead to SQL injection...

CVE-2024-26164

Microsoft Django Backend for SQL Server Remote Code Execution Vulnerability...

CVE-2023-48788

A improper neutralization of special elements used in an sql command 'sql injection' in Fortinet FortiClientEMS version 7.2.0 through 7.2.2, FortiClientEMS 7.0.1 through 7.0.10 allows attacker to execute unauthorized code or commands via specially crafted packets...

Fortinet FortiClientEMS SQL注入漏洞

Fortinet FortiClientEMS is part of Fortinet's Endpoint Management solution from Fortinet, a U.S.-based company, and is designed to help organizations effectively manage endpoint devices in their networks and provide monitoring and control of endpoint security. A SQL injection vulnerability exists...

Microsoft OLE DB Provider for SQL Server Security Vulnerability

Microsoft OLE DB Provider for SQL Server is an API from Microsoft Corporation that allows access to data from a variety of sources in a unified way. A security vulnerability exists in Microsoft OLE DB Provider for SQL Server. An attacker could exploit the vulnerability to remotely execute code. T...

Microsoft Django Backend for SQL Server Security Vulnerability

Microsoft Django Backend for SQL Server is a database backend for the Django web framework for connecting to and manipulating Microsoft SQL Server databases from Microsoft USA. A security vulnerability exists in Microsoft Django Backend for SQL Server. An attacker can exploit the vulnerability to...

CVE-2024-1068

The 404 Solution WordPress plugin before 2.35.8 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admins...

CVE-2024-2283

A vulnerability classified as critical has been found in boyiddha Automated-Mess-Management-System 1.0. Affected is an unknown function of the file /member/view.php. The manipulation of the argument date leads to sql injection. It is possible to launch the attack remotely. The exploit has been...

CVE-2023-49989

Hotel Booking Management v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at update.php...

Hotel Booking Management Security Breach

Hotel Booking Management is a database web application for hotel booking management by Pratham Personal Developer. A security vulnerability exists in Hotel Booking Management v1.0, which was discovered to contain an SQL injection vulnerability through the npss parameter in rooms.php...

Hospital Management System Security Vulnerability

The Hospital Management System HMS is a computerized system that helps manage healthcare-related information and helps healthcare providers do their jobs efficiently. A security vulnerability exists in Hospital Management System version 1.0 that stems from an SQL injection vulnerability contained...

AZL-35763 CVE-2024-27289 affecting package telegraf for versions less than 1.29.4-4

pgx is a PostgreSQL driver and toolkit for Go. Prior to version 4.18.2, SQL injection can occur when all of the following conditions are met: the non-default simple protocol is used; a placeholder for a numeric value must be immediately preceded by a minus; there must be a second placeholder for ...

Lost and Found Information System SQL Injection Vulnerability

Lost and Found Information System is a lost and found information system by oretnom23 individual developers. A SQL injection vulnerability exists in the Sourcecodester Lost and Found Information System version 1.0, which originates from the system's susceptibility to unauthenticated SQL injection...

The vulnerability of the MSSQL Database Storage Backend component in the platform for archiving corporate information, HashiCorp Vault and Vault Enterprise, allows a perpetrator to execute arbitrary SQL commands.

The vulnerability of the MSSQL Database Storage Backend component in the HashiCorp Vault and Vault Enterprise archiving platforms relates to the lack of security measures for SQL query structures. Exploiting this vulnerability allows attackers to execute arbitrary SQL commands...