Shaanxi Chanming Education Technology Score Query System SQL Injection Vulnerability

Shaanxi Chanming Education Technology Score Query System is a score query system from Shaanxi Chanming Education Technology. A security vulnerability exists in Shaanxi Chanming Education Technology Score Query System version 5.0, which originates from the presence of an unknown function that caus...

CVE-2023-26583

Unauthenticated SQL injection in the GetCurrentPeriod method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers...

IDAttend IDWeb SQL Injection Vulnerability

IDAttend IDWeb is a web-based module from IDAttend, Inc. A security vulnerability exists in IDAttend IDWeb version 3.1.052 and prior versions that stems from an unauthenticated SQL injection in the DeleteRoomChanges method...

IDAttend IDWeb SQL Injection Vulnerability

IDAttend IDWeb is a web-based module from IDAttend, Inc. A security vulnerability exists in IDAttend IDWeb version 3.1.052 and prior versions that stems from an unauthenticated SQL injection in the GetRoomChanges method...

IDAttend IDWeb SQL Injection Vulnerability

IDAttend IDWeb is a web-based module from IDAttend, Inc. A security vulnerability exists in IDAttend IDWeb version 3.1.052 and prior versions that stems from an unauthenticated SQL injection in the GetStudentGroupStudents method...

Vulnerability of the Server component: The Optimizer component of the MySQL Server database management system, which allows a hacker to cause a service failure.

The vulnerability of the MySQL Server component of the database management system involves insufficient validation of input data. Exploiting this vulnerability can allow a malicious actor to cause service interruptions remotely...

The vulnerability of the `parse_user_filters` function in the SupportCandy plugin of the WordPress content management system allows a hacker to execute arbitrary SQL queries.

The vulnerability of the parseuserfilters function in the SupportCandy plugin of the WordPress content management system is related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL queries remotely...

PT-2023-29968 · Unknown · Ndk Steppingpack

Name of the Vulnerable Software and Affected Versions: ndk steppingpack versions 1.5.6 and before Description: The issue allows a guest to perform SQL injection. The method NdkSpack::getPacks has sensitive SQL calls that can be executed with a trivial HTTP call and exploited to forge a SQL...

Vulnerability of the /vm/admin/doctors.php file of the small medical institutions’ management system. SourceCodester – Free Hospital Management System for Small Practices, allowing attackers to execute arbitrary SQL queries against the database.

The vulnerability of the /vm/admin/doctors.php file in the Small Medical Institutions Management System by SourceCodester allows unauthorized access to the SQL query structure. Exploiting this vulnerability enables a malicious actor to execute arbitrary SQL queries against the database remotely...

Number withdrawn

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. This CVE number has been withdrawn...

LyLme Spage SQL Injection Vulnerability

LyLme Spage six zero navigation page is China's six zero LyLme open source a navigation page . Committed to simple and efficient advertising-free Internet navigation and search portal , support for background links , custom search engine , precipitation of the most valuable links , no commercial...

PT-2023-6237 · Ibm · Ibm Db2

Name of the Vulnerable Software and Affected Versions: IBM Db2 for Linux, UNIX, and Windows includes Db2 Connect Server version 11.5 Description: The issue is related to errors in processing input data, which can be exploited by a remote attacker to cause a denial of service with a specially...

The vulnerability of the ODBC driver for SQL Server on Windows operating systems allows a hacker to execute arbitrary code.

The vulnerability of the ODBC driver for SQL Server on Windows operating systems is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to execute arbitrary code...

The vulnerability of the software platforms for developing and managing Magento Open Source and Adobe Commerce online stores lies in the lack of protective measures for the SQL query structure, allowing attackers to execute arbitrary code.

The vulnerability of the software platforms for developing and managing Magento Open Source and Adobe Commerce online stores is related to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

SQL Injection

Overview magento/project-community-edition is an eCommerce Platform for Growth Community Edition Affected versions of this package are vulnerable to SQL Injection due to improper neutralization of special elements used in an SQL command. An attacker can execute arbitrary code by injecting SQL...

1E Platform SQL Injection Vulnerability

1E Platform is a terminal endpoint management and automation solution from 1E. A security vulnerability exists in 1E Platform versions prior to v8.1.2, prior to v8.4.1, prior to v9.0.1, and prior to v23.7.1 SaaS, which stems from the incorrect neutralization of special elements used in SQL...

CVE-2023-23651

Auth. subscriber+ SQL Injection SQLi vulnerability in MainWP Google Analytics Extension plugin = 4.0.4 versions...

CVE-2023-5046

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Biltay Technology Procost allows SQL Injection, Command Line Execution through SQL Injection. This issue affects Procost: before 1390...

CVE-2023-36420

Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability...

Microsoft ODBC Driver Security Vulnerability

Microsoft ODBC Driver is a driver from Microsoft. It allows applications to access data in a database management system DBMS using SQL as the standard for accessing data. A security vulnerability exists in Microsoft ODBC Driver. An attacker could exploit the vulnerability to remotely execute code...