5729 matches found
VulnCheck KEV: CVE-2024-46510
ESAFENET CDG v5 was discovered to contain a SQL injection vulnerability via the id parameter in the NavigationAjax interface...
Turna Advertising Administration Panel SQL Injection Vulnerability
Turna Advertising Administration Panel is an advertising administration panel from Turna. Turna Advertising Administration Panel versions prior to 1.1 are vulnerable to a SQL injection vulnerability that stems from the presence of a SQL injection vulnerability...
IDM Sistemas QSige SQL Injection Vulnerability
IDM Sistemas QSige is a communication management system from IDM Sistemas. A security vulnerability exists in IDM Sistemas QSige that stems from the absence of an access control mechanism to verify that a user requesting a resource has sufficient privileges to perform this operation...
The vulnerability in the importexport.php script of the D-Link DAR-8000 router’s software allows a hacker to execute arbitrary commands.
The vulnerability of the importexport.php script in the D-Link DAR-8000 router microprogramming system is related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows an attacker to execute arbitrary commands remotely...
The vulnerability of the /autheditpwd.php script in the D-Link DAR-8000 router microprogramming system, allowing a hacker to execute arbitrary commands.
The vulnerability of the /autheditpwd.php script in the D-Link DAR-8000 router microprogramming system is related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows an attacker to execute arbitrary commands remotely...
PT-2023-29055 · Presto Changeo · Testsitecreator
Name of the Vulnerable Software and Affected Versions: Presto Changeo testsitecreator versions up to 1.1.1 Description: The issue is related to a SQL injection vulnerability. This vulnerability is present in the component disable json.php. Recommendations: For Presto Changeo testsitecreator...
D-Link DAR-7000 SQL Injection Vulnerability
D-Link DAR-7000 is an Internet behavior auditing gateway from China AUO D-Link. A SQL injection vulnerability exists in the D-Link DAR-7000 version 20151231 and earlier versions, which stems from the fact that incorrect manipulation of the parameter id can lead to sql injection...
TTSPlanning SQL Injection Vulnerability
TTSPlanning is a solar power monitoring application from TTSPlanning Japan. TTSPlanning suffers from a SQL injection vulnerability that stems from the fact that manipulation of the parameter uid can lead to sql injection...
CVE-2023-5272
A vulnerability classified as critical has been found in SourceCodester Best Courier Management System 1.0. This affects an unknown part of the file editparcel.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. The exploit has been disclosed to...
CVE-2023-5268
A vulnerability was found in DedeBIZ 6.2 and classified as critical. This issue affects some unknown processing of the file /src/admin/makehtmltaglistaction.php. The manipulation of the argument mktime leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to...
PT-2023-32003 · Unknown · Sourcecodester Engineers Online Portal
Name of the Vulnerable Software and Affected Versions: SourceCodester Engineers Online Portal version 1.0 Description: A critical vulnerability was found in the SourceCodester Engineers Online Portal, affecting unknown code in the file seed message student.php. The manipulation of the teacher id...
DedeBIZ SQL Injection Vulnerability
DedeBIZ is a content management system from China Muyun Intelligent Technology DedeBIZ company. A SQL injection vulnerability exists in DedeBIZ version 6.2, which stems from the fact that incorrect manipulation of the mktime parameter can lead to sql injection...
SourceCodester Best Courier Management System SQL Injection Vulnerability
Best Courier Management System is a courier management system by Mayuri K. Individual developer. SourceCodester Best Courier Management System version 1.0 suffers from a SQL injection vulnerability that stems from a parameter email in the file editparcel.php that can lead to sql injection...
Tongda OA SQL Injection Vulnerability
Tongda2000 is a web-based intelligent office system from China Tongda Tongda. Tongda OA 2017 suffers from a SQL injection vulnerability that stems from the fact that incorrect operation of the parameter EXPERTID can lead to SQL injection...
TONGDA Office Anywhere SQL Injection Vulnerability
TONGDA Office Anywhere is a collaborative office OA system. TONGDA Office Anywhere 2017 suffers from a SQL injection vulnerability that stems from the fact that incorrect operation of the parameter RECRUITMENTID can lead to SQL injection...
Projectworlds Hospital Management System SQL Injection Vulnerability
Projectworlds Hospital Management System is a hospital management system from the Austrian company Projectworlds. Projectworlds Hospital Management System version 378c157 suffers from a SQL injection vulnerability that originates from allowing bypassing authentication and is vulnerable to SQL...
CVE-2023-43192
SQL injection can exist in a newly created part of the SpringbootCMS 1.0 background, and the parameters submitted by users are not filtered. As a result, special characters in parameters destroy the original logic of SQL statements. Attackers can use this vulnerability to execute any SQL statemen...
CLSA-2023-1695834945 openldap: Fix of 2 CVEs
CVE-2022-29155: fix a SQL injection vulnerability in the back-sql backend to slapd - CVE-2021-27212: fix denial of service daemon exit via a short timestamp if slapd is used...
CVE-2023-4737
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Hedef Tracking Admin Panel allows SQL Injection. This issue affects Admin Panel: before 1.2...
PT-2023-30432
Name of the Vulnerable Software and Affected Versions Hedef Tracking Admin Panel versions prior to 1.2 Description The issue is related to an SQL Injection vulnerability due to the improper neutralization of special elements used in an SQL command. This allows for SQL Injection attacks...