CVE-2023-49968

Customer Support System v1 was discovered to contain a SQL injection vulnerability via the id parameter at /customersupport/managedepartment.php...

CVE-2023-49547

Customer Support System v1 was discovered to contain a SQL injection vulnerability via the username parameter at /customersupport/ajax.php?action=login...

Baizhuo Network Smart s200 Management Platform Security Vulnerability

Baizhuo Network Smart s200 Management Platform is a network management platform from Baizhuo, China. A security vulnerability exists in Baizhuo Network Smart s200 Management Platform v.S200, which originates from a SQL injection vulnerability in the /importexport.php component...

The vulnerability of the WDAC OLE DB driver for SQL Server on Windows operating systems allows a hacker to execute arbitrary code.

The vulnerability of the WDAC OLE DB driver for SQL Server on Windows operating systems is related to buffer overflows in dynamic memory. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code...

Online Mobile Management Store SQL Injection Vulnerability

Online Mobile Management Store is an online mobile store management system. A SQL injection vulnerability exists in Online Mobile Management Store version 1.0, which originates from a SQL injection vulnerability in the parameter id of the file /admin/orders/vieworder.php...

PT-2024-22114 · Arista · Arista Ng Firewall

Name of the Vulnerable Software and Affected Versions: Arista NG Firewall affected versions not specified Description: The issue concerns multiple SQL Injection vulnerabilities in the reporting application of the Arista Edge Threat Management - Arista NG Firewall. These vulnerabilities can be...

Petrol Pump Management Software SQL Injection Vulnerability

Petrol Pump Management Software is a gasoline pump management software by mayurik individual developer. A SQL injection vulnerability exists in Petrol Pump Management Software version 1.0, which originates from a SQL injection issue in the /admin/app/logincrud.php file...

Computer Inventory System SQL Injection Vulnerability

Computer Inventory System is a computer inventory system by rems individual developers. A SQL injection vulnerability exists in Computer Inventory System version 1.0, which stems from an SQL injection issue in the /endpoint/delete-computer.php file...

PT-2024-18702 · Sourcecodester · Sourcecodester Simple Online Bidding System

Name of the Vulnerable Software and Affected Versions: SourceCodester Simple Online Bidding System version 1.0 Description: A critical issue has been found in the system, affecting an unknown part of the file index.php. The manipulation of the category id argument leads to SQL injection. It is...

CVE-2023-7110

A vulnerability, which was classified as critical, has been found in code-projects Library Management System 2.0. This issue affects some unknown processing of the file login.php. The manipulation of the argument student leads to sql injection. The attack may be initiated remotely. The exploit ha...

SURYA SOFTWARE SYSTEMS Online Shopping System SQL Injection Vulnerability

SURYA SOFTWARE SYSTEMS Online Shopping System is an online shopping system from SURYA SOFTWARE SYSTEMS. A SQL injection vulnerability exists in SURYA SOFTWARE SYSTEMS Online Shopping System version 1.0, which stems from an incorrect manipulation of the parameter password that can lead to sql...

Netentsec NS-ASG Application Security Gateway SQL Injection Vulnerability

Netentsec NS-ASG Application Security Gateway is an application security gateway from China Netentsec. A SQL injection vulnerability exists in Netentsec NS-ASG Application Security Gateway version 6.3, which stems from an incorrect operation of the parameter GroupId that can lead to sql injection...

The vulnerability of the Ultimate Member plugin for the WordPress content management system allows a hacker to execute arbitrary SQL queries against the database.

The vulnerability of the Ultimate Member plugin for the WordPress content management system is related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL queries against the database remotely...

PT-2024-20897 · Unknown · Phpgurukul Zoo Management System

Name of the Vulnerable Software and Affected Versions: PHPGurukul Zoo Management System version 1.0 Description: The issue allows attackers to run arbitrary SQL commands via the editid parameter in the /zms/admin/changeimage.php API endpoint. This enables attackers to potentially extract or modif...

PT-2024-20550 · Apache · Apache Superset

Name of the Vulnerable Software and Affected Versions: Apache Superset versions prior to 3.0.4 Apache Superset versions 3.1.0 through 3.1.0 Description: A guest user could exploit a chart data REST API and send arbitrary SQL statements that, on error, could leak information from the underlying...

PT-2024-21193 · Miniorange · Miniorange Malware Scanner

Name of the Vulnerable Software and Affected Versions: miniorange Malware Scanner versions through 4.7.2 Description: The issue is related to an Improper Neutralization of Special Elements used in an SQL Command, also known as 'SQL Injection'. This allows for potential exploitation by injecting...

SEMCMS Security Breach

SEMCMS is a multilingual content management system CMS for foreign trade websites. A security vulnerability exists in SEMCMS v.4.8, which originates from an SQL injection vulnerability. The vulnerability can be exploited to execute arbitrary code and obtain sensitive information via the...

The vulnerability of the network management system for monitoring and managing industrial networks in SINEC NMS lies in the lack of measures to protect the SQL query structure. This allows attackers to execute arbitrary SQL queries against the server’s database.

The vulnerability of the network management system for monitoring and managing industrial networks in SINEC NMS relates to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL queries against the server’s...

CVE-2024-1924

A vulnerability was found in CodeAstro Membership Management System 1.0. It has been classified as critical. This affects an unknown part of the file /getmembershipamount.php. The manipulation of the argument membershipTypeId leads to sql injection. It is possible to initiate the attack remotely...

Inventory Management System SQL Injection Vulnerability

Inventory Management System is an inventory management system by stemword individual developers. A SQL injection vulnerability exists in Free and Open Source Inventory Management System version 1.0, which stems from an incorrect operation of the parameter customer that can lead to an SQL injectio...