CVE-2023-35068

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in BMA Personnel Tracking System allows SQL Injection. This issue affects Personnel Tracking System: before 20230904...

Cacti SQL Injection Vulnerability

Cacti is a set of open source network traffic monitoring and analysis tools from the Cacti team. The tool obtains data via snmpget, analyzes it using RRDtool drawing graphs, and provides data and user management features. Cacti suffers from an SQL injection vulnerability that stems from regular...

Mestav Software E-commerce Software SQL Injection Vulnerability

Mestav Software E-commerce Software is an e-commerce software from Mestav Software, Turkey. An SQL injection vulnerability exists in Mestav Software E-commerce Software versions prior to 20230901, which stems from susceptibility to SQL injection attacks...

PT-2023-25121

Name of the Vulnerable Software and Affected Versions Osoft Paint Production Management versions prior to 2.1 Description The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL Injection attacks...

PT-2023-25129 · Unknown · Coyav Travel Proagent

Name of the Vulnerable Software and Affected Versions: Coyav Travel Proagent versions before 20230904 Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL Injection attacks...

The vulnerability of the Quick Post Duplicator plugin of the WordPress content management system allows a hacker to gain unauthorized access to protected information and execute arbitrary SQL code.

The vulnerability of the Quick Post Duplicator plugin of the WordPress content management system is related to the lack of protection for the SQL query structure when processing the postid parameter. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected...

The vulnerability of the MXSecurity software platform for managing security in industrial networks lies in its failure to protect the SQL query structure. This allows attackers to execute arbitrary commands and gain unauthorized access to protected information.

The vulnerability of the MXSecurity software platform for managing security in industrial networks stems from the lack of protective measures for SQL query structures. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands and gain unauthorized access to protected...

MOXA MXsecurity SQL Injection Vulnerability

MOXA MXsecurity is a management platform from China-based MOXA. It provides centralized visibility and security management to easily monitor and identify network threats and prevent security misconfigurations to create a robust threat defense. A security vulnerability exists in MXsecurity v1.0.1...

Chamilo LMS SQL Injection Vulnerability

Chamilo LMS is an open source online learning and collaboration system from the Chamilo Association. The system supports the creation of instructional content, distance training, and online question and answer sessions. A security vulnerability exists in Chamilo LMS versions v.1.11 through...

CVE-2023-41640

An improper error handling vulnerability in the component ErroreNonGestito.aspx of GruppoSCAI RealGimm 1.1.37p38 allows attackers to obtain sensitive technical information via a crafted SQL query...

Schweitzer Engineering Laboratories SEL-5030 acSELerator QuickSet SQL注入漏洞

Schweitzer Engineering Laboratories SEL-5030 acSELerator QuickSet Software is a Schweitzer Engineering Laboratories, Inc. tool for configuring, commissioning and managing power system protection, control, metering and monitoring equipment. monitoring equipment of the power system. A security...

PT-2023-6882 · Nagios Xi · Nagios Xi

Name of the Vulnerable Software and Affected Versions: NagiosXI affected versions not specified Description: The issue is related to the utils-banner message component of NagiosXI, which fails to properly protect the SQL query structure. This allows a remote attacker to execute arbitrary SQL...

TripSpark VEO SQL注入漏洞

TripSpark VEO is a software solution from TripSpark, Inc. designed for the traffic and transportation sector to manage and optimize the operations of vehicles, equipment, and personnel. A security vulnerability exists in the TripSpark VEO Transportation NovusEDU-2.2.x-XPBB-20201123-184084 version...

Inventory Management System SQL注入漏洞

Inventory Management System is an inventory management system by stemword individual developers. Inventory Management System version 1.0 has a SQL injection vulnerability that originates from the parameter customer in the file app/ajax/searchpurchasepaymenreport.php that can lead to SQL injection...

SPA-Cart eCommerce CMS SQL注入漏洞

SPA-Cart eCommerce CMS is a CMS system from SPA-Cart. A SQL injection vulnerability exists in SPA-Cart eCommerce CMS version 1.9.0.3, which stems from the parameter filterbrandid in the file /search that can lead to sql injection...

Geomatika IsiGeo Web SQL注入漏洞

Geomatika IsiGeo Web is Geomatika's geographic information system GIS software for the collection, management, analysis, and visualization of geospatial data. A security vulnerability exists in Geomatika IsiGeo Web version 6.0, which originates from a vulnerability that allows an authenticated...

Aruba Networks EdgeConnect SD-WAN Orchestrator SQL注入漏洞

Aruba Networks EdgeConnect is an edge connectivity management platform from Aruba Networks, USA. A security vulnerability exists in the Aruba Networks EdgeConnect SD-WAN Orchestrator that stems from an SQL injection vulnerability in the web-based management interface...

Aruba Networks EdgeConnect SD-WAN Orchestrator SQL注入漏洞

Aruba Networks EdgeConnect is an edge connectivity management platform from Aruba Networks, USA. A security vulnerability exists in the Aruba Networks EdgeConnect SD-WAN Orchestrator that stems from an SQL injection vulnerability in the web-based management interface...

Aruba Networks EdgeConnect SD-WAN Orchestrator SQL注入漏洞

Aruba Networks EdgeConnect is an edge connectivity management platform from Aruba Networks, USA. A security vulnerability exists in the Aruba Networks EdgeConnect SD-WAN Orchestrator that stems from an SQL injection vulnerability in the web-based management interface...

PT-2023-29215 · Sourcecodester · Sourcecodester Inventory Management System

Name of the Vulnerable Software and Affected Versions: SourceCodester Inventory Management System version 1.0 Description: A critical issue has been found in the SourceCodester Inventory Management System, affecting an unknown functionality of the file app/ajax/search sales report.php. The...