CVE-2023-2696

A vulnerability was found in SourceCodester Online Exam System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /matkul/data of the component POST Parameter Handler. The manipulation of the argument columns1data leads to sql injection. The attack may be...

Online Exam System SQL注入漏洞

Online Exam System is an online exam system by oretnom23 individual developers. A SQL injection vulnerability exists in SourceCodester Online Exam System version 1.0, which stems from a problem with the file /kelas/data in the component POST Parameter Handler, where manipulation of the parameter...

Online Exam System SQL注入漏洞

Online Exam System is an online exam system by oretnom23 individual developers. A SQL injection vulnerability exists in SourceCodester Online Exam System version 1.0, which stems from a problem with the file /dosen/data of the component POST Parameter Handler, where manipulation of the parameter...

Billing Management System SQL注入漏洞

Billing Management System is a simple web application for managing customer billing for electricity supplier companies. A SQL injection vulnerability exists in Billing Management System v1.0, which stems from a lack of validation of externally entered SQL statements in the parameter id of...

Time Tracker SQL注入漏洞

Anuko Time Tracker is an open source time counting system for individual developers. A platform for counting the time spent by employees on various tasks. A SQL injection vulnerability exists in versions prior to Time Tracker 1.22.13.5792, which stems from a blind time-based injection vulnerabili...

SDG Technologies PnPSCADA SQL注入漏洞

SDG Technologies PnPSCADA is an automated meter reading solution from SDG Technologies. SDG Technologies PnPSCADA suffers from a SQL injection vulnerability. An attacker exploiting this vulnerability could interact with the underlying database...

The vulnerability of the /InstallTab/exportFldr.asp component of the Kaseya VSA software, a virtual system administrator tool for IT systems, allows a hacker to execute arbitrary SQL code.

The vulnerability of the /InstallTab/exportFldr.asp component of the Kaseya VSA software for remote monitoring and management of IT systems is related to the lack of protection for the SQL query structure during the processing of the fldrId parameter. Exploiting this vulnerability allows an...

Food Ordering Management System SQL注入漏洞

Food Ordering Management System is a food ordering management system by Carlo Montero personal developer. It provides an online platform to order food from a restaurant or fast food chain. A SQL injection vulnerability exists in SourceCodester Food Ordering Management System version 1.0, which...

Apache Log4cxx SQL注入漏洞

Apache Log4cxx is a C++ logging framework modeled after Apache log4j from the Apache Foundation. An SQL injection vulnerability exists in Apache Log4cxx versions prior to 1.1.0 that stems from not properly escaping fields sent to the database when using the ODBC add-in to send log messages to the...

PT-2023-23116

Name of the Vulnerable Software and Affected Versions Log4cxx versions 0.9.0 through 1.1.0 Description The issue is related to SQL injection in Log4cxx when using the ODBC appender to send log messages to a database. No fields sent to the database were properly escaped for SQL injection. This has...

The vulnerability of the SQL ODBC plugin for the cross-platform development framework for Qt software allows a hacker to induce a service failure.

The vulnerability of the SQL ODBC plugin for the cross-platform development framework for Qt software relates to improper cleaning or release of resources. Exploiting this vulnerability can allow a malicious actor to cause service failures by using specially created data...

Spryker Commerce OS SQL注入漏洞

Spryker Commerce OS is a B2B, B2C and Marketplace solution from Spryker Germany. A security vulnerability exists in Spryker Commerce OS version 0.9. An attacker could exploit the vulnerability to access sensitive data...

IBM i SQL注入漏洞

IBM i is a suite of operating systems from International Business Machines IBM running in IBM Power Systems and IBM PureSystems. A security vulnerability exists in IBM i versions 7.2 through 7.5, which stems from a vulnerability that could allow an authenticated privileged administrator to gain...

CVE-2023-30944

The vulnerability was found Moodle which exists due to insufficient sanitization of user-supplied data in external Wiki method for listing pages. A remote attacker can send a specially crafted request to the affected application and execute limited SQL commands within the application database...

CVE-2022-41400

Sage 300 through 2022 uses a hard-coded 40-byte blowfish key to encrypt and decrypt user passwords and SQL connection strings stored in ISAM database files in the shared data directory. This issue could allow attackers to decrypt user passwords and SQL connection strings...

PT-2023-19396 · Sourcecodester · Ac Repair/Services System

Name of the Vulnerable Software and Affected Versions: SourceCodester AC Repair and Services System version 1.0 Description: A critical issue was found in the system, affecting the file /admin/services/view service.php. The manipulation of the id argument leads to SQL injection. It is possible to...

AC Repair and Services System SQL注入漏洞

AC Repair and Services System is an air conditioning repair and services system by Carlo Montero Personal Developer. A SQL injection vulnerability exists in AC Repair and Services System version 1.0, which stems from a misuse of the parameter id resulting in sql injection...

IBM DB2 输入验证错误漏洞

IBM DB2 is a relational database management system from International Business Machines IBM. The system is implemented in UNIX, Linux, IBMi, z/OS, and Windows server versions. IBM DB2 suffers from an input validation error vulnerability that stems from susceptibility to denial-of-service attacks,...

Service Provider Management System SQL注入漏洞

Service Provider Management System is a web-based application by Carlo Montero, an individual developer. It is designed to provide dynamic websites for service provider companies. A SQL injection vulnerability exists in Service Provider Management System version 1.0, which can be exploited by...

Medicine Tracker System SQL注入漏洞

Medicine Tracker System is a drug tracking system by Carlo Montero Personal Developer. A security vulnerability exists in Medicine Tracker System version 1.0.0. An attacker could exploit this vulnerability to perform SQL injection attacks...