Kashipara Dynamic Lab Management System SQL Injection Vulnerability

Kashipara Dynamic Lab Management System is a dynamic lab management system from Kashipara. A SQL injection vulnerability exists in Kashipara Dynamic Lab Management System version V1.0, which originates from a vulnerability that could allow a remote attacker to execute arbitrary code via specially...

Scholars Tracking System 安全漏洞

Scholars Tracking System is a scholars tracking system by the individual developer Fabian Ros. A SQL injection vulnerability exists in Scholars Tracking System version 1.0, which stems from a lack of validation of externally entered SQL statements when updating employment status information, and...

CVE-2024-25247

SQL Injection vulnerability in /app/api/controller/Store.php in Niushop B2B2C V5 allows attackers to run arbitrary SQL commands via latitude and longitude parameters...

The vulnerability of the SQL component of the Java framework Apache Camel, which allows a hacker to execute arbitrary code.

The vulnerability of the SQL component of the Java framework Apache Camel is related to deficiencies in the deserialization mechanism. Exploiting this vulnerability allows a malicious actor to execute arbitrary code...

postgresql: non-owner 'REFRESH MATERIALIZED VIEW CONCURRENTLY' executes arbitrary SQL

A flaw was found in PostgreSQL. A late privilege drop in REFRESH MATERIALIZED VIEW CONCURRENTLY in PostgreSQL can allow an object creator to execute arbitrary SQL functions as the command issuer. The command intends to run SQL functions as the owner of the materialized view, enabling a safe refre...

CVE-2023-51828

A SQL Injection vulnerability in /admin/convert/export.class.php in PMB 7.4.7 and earlier versions allows remote unauthenticated attackers to execute arbitrary SQL commands via the query parameter in getnextnotice function...

ChurchCRM Security Breach

ChurchCRM is an open source CRM system for churches. A security vulnerability exists in ChurchCRM version 5.5.0, which stems from a SQL blind time-based vulnerability in the familyId GET parameter of the ConfirmReport.php page...

The vulnerability of the software for network monitoring and management of IT infrastructure on the SolarWinds Platform lies in the lack of protective measures for the SQL query structure, allowing attackers to execute arbitrary code.

The vulnerability of the software for network monitoring and management of IT infrastructure on the SolarWinds Platform lies in the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

CVE-2023-5155

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Utarit Information Technologies SoliPay Mobile App allows SQL Injection. This issue affects SoliPay Mobile App: before 5.0.8...

CVE-2023-48987

Blind SQL Injection vulnerability in CU Solutions Group CUSG Content Management System CMS before v.7.75 allows a remote attacker to execute arbitrary code, escalate privileges, and obtain sensitive information via a crafted script to the pages.php component...

F5 BIG-IP SQL Injection Vulnerability

F5 BIG-IP is an application delivery platform that integrates network traffic management, application security management, load balancing, and other features from F5 USA. F5 BIG-IP suffers from an SQL injection vulnerability that originates from an SQL injection vulnerability in an undisclosed pa...

Online Medicine Ordering System SQL Injection Vulnerability

Online Medicine Ordering System is an online medicine ordering system by Carlo Montero, an individual developer. A security vulnerability exists in Online Medicine Ordering System v1.0, which is caused by a SQL injection vulnerability in the component /omos/?p=products/viewproduct...

Barangay Population Monitoring System SQL Injection Vulnerability

Barangay Population Monitoring System is a regional population monitoring system by the individual developer Remy Andrade. A security vulnerability exists in Barangay Population Monitoring System version 1.0, which originates from a SQL injection vulnerability in the file...

CVE-2024-21361

Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability...

Microsoft WDAC OLE DB provider for SQL Security Vulnerability

Microsoft OLE DB Provider for SQL Server is an API from Microsoft Corporation that allows access to data from a variety of sources in a unified way. A security vulnerability exists in Microsoft WDAC OLE DB provider for SQL. The following products and versions are affected: Windows 10 Version 22H2...

Dell Unity SQL注入漏洞

Dell Unity is a set of virtual Unity storage environments from Dell USA. A SQL injection vulnerability exists in Dell Unity prior to version 5.4, which stems from the inclusion of an operating system command injection vulnerability in its svccava utility. An attacker could exploit this...

PT-2024-4033 · Cu Solutions · Cu Solutions Group Content Management System

Name of the Vulnerable Software and Affected Versions: CU Solutions Group CUSG Content Management System CMS versions prior to 7.75 Description: The issue is related to a Blind SQL Injection vulnerability in the pages.php component, which can be exploited by a remote attacker to execute arbitrary...

PT-2024-19672 · Centreon · Centreon

Name of the Vulnerable Software and Affected Versions: Centreon affected versions not specified Description: This issue allows remote attackers to execute arbitrary code on affected installations of Centreon. Authentication is required to exploit this issue. The specific flaw exists within the...

PrestaShop SQL Injection Vulnerability

PrestaShop is a set of open source e-commerce solutions from PrestaShop, USA. The solution provides multiple payment methods, short message alerts and product image scaling. A SQL injection vulnerability exists in PrestaShop hsmultiaccessoriespro version 5.1.1 and earlier versions. A remote...

PT-2024-19674 · Centreon · Centreon

Name of the Vulnerable Software and Affected Versions: Centreon affected versions not specified Description: This issue allows remote attackers to execute arbitrary code on affected installations of Centreon. Authentication is required to exploit this issue. The specific flaw exists within the...