CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Positive Technologies•added 2023/08/20 12:0 a.m.•3 views

PT-2023-29215 · Sourcecodester · Sourcecodester Inventory Management System

Name of the Vulnerable Software and Affected Versions: SourceCodester Inventory Management System version 1.0 Description: A critical issue has been found in the SourceCodester Inventory Management System, affecting an unknown functionality of the file app/ajax/search sales report.php. The...

9.8CVSS7AI score0.00596EPSS

Exploits0References6

CNNVD•added 2023/08/14 12:0 a.m.•2 views

novel-plus SQL注入漏洞

novel-plus is a multi-end PC, WAP reading and functional original literary CMS system. A SQL injection vulnerability exists in novel-plus version v3.6.2. The vulnerability stems from the application's lack of validation of externally entered SQL statements. An attacker can exploit this...

9.8CVSS8.2AI score0.00659EPSS

Exploits0References4

CNNVD•added 2023/08/14 12:0 a.m.•4 views

Mitel MiVoice Office 400 SMB Controller SQL Injection Vulnerability

The Mitel MiVoice Office 400 SMB Controller is an SMB controller from Mitel Canada. A security vulnerability exists in Mitel MiVoice Office 400 SMB Controller version 1.2.5.23, which originated from a vulnerability that could allow a malicious attacker to access sensitive information and perform...

9.8CVSS6.6AI score0.00525EPSS

BDU FSTEC•added 2023/08/11 12:0 a.m.•5 views

The vulnerability of component B1i Layer of the SAP Business One resource management system allows a hacker to gain access to read, modify, or delete data.

The vulnerability of component B1i Layer in the SAP Business One resource management system is related to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to remotely gain access to read, modify, or delete data by sending...

7.1CVSS7.3AI score0.00477EPSS

Exploits0References4Affected Software1

CNNVD•added 2023/08/10 12:0 a.m.•5 views

iCMS SQL Injection Vulnerability

iCMS is a software application. An efficient and simple content management system built with PHP and MySQL. A security vulnerability exists in iCMS v7.0.16, which is caused by a SQL injection vulnerability discovered via the bakupdata function...

9.8CVSS8.1AI score0.00593EPSS

Exploits0References5

Positive Technologies•added 2023/08/10 12:0 a.m.•2 views

PT-2023-25782 · Code Projects · Code-Projects Hospital Management System

Name of the Vulnerable Software and Affected Versions: Code-Projects Online Hospital Management System version 1.0 Description: The issue allows an attacker to manipulate SQL queries executed by the application due to a failure in properly validating user-supplied input in the login id and passwo...

9.8CVSS7.8AI score0.00815EPSS

Exploits1References6

OSV•added 2023/08/09 7:15 p.m.•2 views

CVE-2022-48601

A SQL injection vulnerability exists in the “network print report” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database...

OSV•added 2023/08/09 7:15 p.m.•2 views

CVE-2022-48602

A SQL injection vulnerability exists in the “message viewer print” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database...

OSV•added 2023/08/09 7:15 p.m.•4 views

CVE-2022-48599

A SQL injection vulnerability exists in the “reporter events type” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database...

OSV•added 2023/08/09 7:15 p.m.•1 views

CVE-2022-48597

A SQL injection vulnerability exists in the “ticket event report” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database...

OSV•added 2023/08/09 6:15 p.m.•2 views

CVE-2022-48590

A SQL injection vulnerability exists in the “admin dynamic app mib errors” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database...

OSV•added 2023/08/09 6:15 p.m.•2 views

CVE-2022-48587

A SQL injection vulnerability exists in the “schedule editor” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database...

CNNVD•added 2023/08/09 12:0 a.m.•1 views

Gym Management System SQL Injection Vulnerability

Gym Management System is a gym management system. The system is developed in C and sql server and features customer and vendor management, product management, sales management, gym membership management, fitness assessment, system logging, database backup and restore. A security vulnerability...

9.8CVSS8.2AI score0.00875EPSS

Exploits1References3

CNNVD•added 2023/08/09 12:0 a.m.•2 views

ScienceLogic SL1 SQL注入漏洞

ScienceLogic SL1 is an application from ScienceLogic, Inc. Connect your real estate together to automate multidirectional data flow and workflow. A SQL injection vulnerability exists in ScienceLogic SL1 11.1.2 and earlier versions, which stems from a lack of validation of externally entered SQL...

8.8CVSS8.1AI score0.00608EPSS

CNNVD•added 2023/08/09 12:0 a.m.•2 views

ScienceLogic SL1 SQL注入漏洞

8.8CVSS8.1AI score0.00596EPSS

CNNVD•added 2023/08/09 12:0 a.m.•2 views

ScienceLogic SL1 SQL注入漏洞

8.8CVSS8.1AI score0.00608EPSS