Cinema Seat Reservation System SQL Injection Vulnerability

Cinema Seat Reservation System is a Code-projects open source movie theater seat reservation system . Cinema Seat Reservation System version 1.0 has a SQL injection vulnerability , the vulnerability stems from allowing SQL injection via the id parameter in Cinema-Reservation/booking.php...

Hotel Managment System SQL Injection Vulnerability

Hotel Managment System is an open source hotel management system from Code-projects. Hotel Managment System version 1.0 suffers from a SQL injection vulnerability that originates from allowing SQL injection via the rid parameter in Hotel/admin/roombook.php...

The vulnerability of the pollers.php script, a network monitoring software, allows a hacker to execute arbitrary code.

The vulnerability of the pollers.php script, a network monitoring software, is related to the lack of protection for the SQL query structure. Exploiting this vulnerability allows an attacker to execute arbitrary code remotely...

PrestaShop SQL Injection Vulnerability

PrestaShop is an open source e-commerce solution from PrestaShop, Inc. in the United States. The solution provides multiple payment methods, short message alerts and product image scaling. A SQL injection vulnerability exists in PrestaShop hiadvancedgiftwrapping versions prior to 1.4.1. An attack...

Novel-Plus Security Vulnerability

Novel-Plus is an online social reading and writing platform from Novel-Plus, Inc. A security vulnerability exists in Novel-Plus version v4.3.0-RC1 and earlier versions. An attacker can exploit the vulnerability to pass specially crafted offset, limit, and sort parameters to perform a SQL injectio...

TONGDA Office Anywhere SQL Injection Vulnerability

TONGDA Office Anywhere is a collaborative office OA system. A SQL injection vulnerability exists in TONGDA Office Anywhere 2017 version 11.9 and earlier versions, which stems from the fact that incorrect operation of the parameter ASKDUTYID can lead to SQL injection...

The vulnerability in the web interface of the Cisco Prime Infrastructure monitoring and management system, as well as the Cisco Evolved Programmable Network (EPN) Manager software, allows a perpetrator to alter confidential information stored in the base database.

The vulnerability of the web interface for managing Cisco Prime Infrastructure network equipment and the Cisco Evolved Programmable Network EPN Manager software relates to the lack of security measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor to alter...

ManageEngine SQL Injection Vulnerability

ManageEngine is a family of IT management solutions from ManageEngine, Inc. A security vulnerability exists in ManageEngine ADAudit Plus 7270 and prior versions that stems from vulnerability to authenticated SQL injection attacks...

School Task Manager Security Vulnerability

School Task Manager is a school task manager by rems personal developer. A security vulnerability exists in School Task Manager version 1.0, which is caused by a SQL injection vulnerability in the task parameter...

The vulnerability of the Nginx UI server’s user interface allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the Nginx UI server’s user interface relates to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability can allow an attacker operating remotely to gain unauthorized access to protected information...

YonBIP 安全漏洞

YonBIP is a new generation of products developed by UFIDA, as the world's leading enterprise digital intelligence platform and application software. A SQL injection vulnerability exists in YonBIP, which can be exploited by attackers to obtain sensitive information or execute arbitrary code...

ForU CMS SQL注入漏洞

ForU CMS is ForU open source a website building system . ForU CMS 2020-06-23 and earlier versions suffer from a SQL injection vulnerability that can be exploited by attackers to obtain sensitive database data...

PHPGurukul Company Visitor Management System 安全漏洞

Company Visitor Management System is a visitor management system. Company Visitor Management System suffers from a SQL injection vulnerability that stems from a lack of validation of externally entered SQL statements in the file search-visitor.php. An attacker can exploit this vulnerability to...

The vulnerability of the /admin/ file of the Admin Login component of the Engineers Online Portal allows a malicious user to execute arbitrary SQL queries.

The vulnerability of the /admin/ file of the Admin Login component of the Engineers Online Portal is related to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL queries remotely...

CVE-2023-3211

The WordPress Database Administrator WordPress plugin through 1.0.3 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection...

WordPress plugin WordPress Database Administrator security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blog sites on PHP and MySQL servers.WordPress plugin is an...

WordPress plugin Newsletters security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A security vulnerability in the WordPress plugin...

CVE-2024-0497

A vulnerability was found in Campcodes Student Information System 1.0. It has been classified as critical. Affected is an unknown function of the file /classes/Users.php?f=save. The manipulation of the argument username leads to sql injection. It is possible to launch the attack remotely. The...

CVE-2024-0493

A vulnerability, which was classified as critical, has been found in Kashipara Billing Software 1.0. Affected by this issue is some unknown functionality of the file submitdeliverylist.php of the component HTTP POST Request Handler. The manipulation of the argument customerdetails leads to sql...

CVE-2024-0489

A vulnerability was found in code-projects Fighting Cock Information System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/action/editchicken.php. The manipulation of the argument ref leads to sql injection. The attack can be initiated remotely...