PT-2023-28816 · Unknown · Tianchoy/Blog

Name of the Vulnerable Software and Affected Versions: Tianchoy Blog version 1.8.8 Description: A SQL Injection issue allows a remote attacker to obtain sensitive information via the id parameter in the "login.php" API endpoint. Recommendations: For Tianchoy Blog version 1.8.8, avoid using the id...

CVE-2023-43469

SQL injection vulnerability in janobe Online Job Portal v.2020 allows a remote attacker to execute arbitrary code via the ForPass.php component...

Online Job Portal SQL Injection Vulnerability

Online Job Portal is an online job portal for janobe individual developers. A security vulnerability exists in Online Job Portal version v.2020 that could allow a remote attacker to execute arbitrary code via the ForPass.php component...

FUXA SQL Injection Vulnerability

FUXA is an open source web-based process visualization SCADA/HMI/Dashboard software. A security vulnerability exists in FUXA version 1.1.12 and earlier, which stems from vulnerability to SQL injection attacks via /api/signin...

PHP Shopping Cart SQL Injection Vulnerability

PHP Shopping Cart is Phpjabbers open source a shopping cart system . PHP Shopping Cart 4.2 version has a security vulnerability , the vulnerability stems from the parameter id SQL injection vulnerability...

PT-2023-27946 · Unknown · Novel-Plus

Name of the Vulnerable Software and Affected Versions: Novel-Plus version 4.1.0 Description: The issue allows a remote attacker to execute arbitrary code via a crafted script to the sort parameter in the "/sys/menu/list" API endpoint. This enables the attacker to inject malicious SQL code,...

CVE-2023-5014

A vulnerability was found in Sakshi2610 Food Ordering Website 1.0 and classified as critical. This issue affects some unknown processing of the file categoryfood.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed t...

Simple Membership System SQL Injection Vulnerability

Simple Membership System is a simple membership system by Razormist Personal Developer. A SQL injection vulnerability exists in Simple Membership System version 1.0, which stems from a SQL injection vulnerability in the club parameter club in the file clubvalidator.php...

CVE-2023-4673

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Sanalogy Turasistan allows SQL Injection.This issue affects Turasistan: before 20230911...

CF Software Oil Management Software SQL Injection Vulnerability

CF Software Oil Management Software is an oil management software from CF Software. A SQL injection vulnerability exists in versions of CF Software Oil Management Software prior to 20230912, which stems from improper neutralization of special elements...

OpenRefine SQL Injection Vulnerability

OpenRefine is a Java-based open source tool. The product is mainly used for loading data, analyzing data and cleaning data. OpenRefine suffers from a SQL injection vulnerability. No information about this vulnerability is available at this time, please stay tuned to CNNVD or vendor announcements...

PT-2023-30790

Name of the Vulnerable Software and Affected Versions Besttem Network Marketing Software versions prior to 1.0.2309.6 Description The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL Injection attacks...

CVE-2023-4766

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Movus allows SQL Injection.This issue affects Movus: before 20230913...

Vtiger CRM SQL Injection Vulnerability

Vtiger CRM is a set of customer relationship management system CRM based on SugarCRM developed by American Vtiger. The management system provides functions such as managing, collecting, and analyzing customer information. A security vulnerability exists in Vtiger CRM version v.7.5.0, which...

Super Store Finder SQL Injection Vulnerability

Super Store Finder is an easy-to-use Google Maps API store finder program Super Store Finder by Super Store Finder. A security vulnerability exists in Super Store Finder version v.3.6, which stems from a vulnerability that allows a remote attacker to execute arbitrary code via a carefully crafted...

Movus SQL Injection Vulnerability

Movus is a rental car service by Movus, Inc. A SQL injection vulnerability exists in versions prior to Movus 20230913, which stems from the presence of a SQL injection vulnerability...

PT-2023-30173

Name of the Vulnerable Software and Affected Versions Sanalogy Turasistan versions prior to 20230911 Description The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL Injection attacks. There is no...

The vulnerability of the ajax_hosts() and ajax_hosts_noany() functions (graphs.php) of the Cacti network monitoring tool allows a hacker to execute arbitrary SQL queries.

The vulnerability of the ajaxhosts and ajaxhostsnoany functions graphs.php of the Cacti network monitoring tool is related to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL queries using a specially...

BlackBerry AtHoc SQL Injection Vulnerability

BlackBerry AtHoc is a crisis communications solution for federal, state and local governments, public safety and law enforcement agencies, and schools from BlackBerry Canada. A security vulnerability exists in BlackBerry AtHoc version 7.15, which stems from a SQL injection vulnerability in the...

Beijing Baichuo Smart S45F Multi-Service Secure Gateway Intelligent Management Platform Operating System Command Injection Vulnerability

Beijing Baichuo Smart S45F Multi-Service Secure Gateway Intelligent Management Platform is a Multi-Service Secure Gateway Intelligent Management Platform from Beijing Baichuo, China. The Beijing Baichuo Smart S45F Multi-Service Secure Gateway Intelligent Management Platform suffers from an...