PT-2023-22590 · Ourphp · Ourphp

Name of the Vulnerable Software and Affected Versions: OURPHP versions 7.2.0 and earlier Description: The issue is related to SQL Injection. Recommendations: For OURPHP versions 7.2.0 and earlier, update to a version later than 7.2.0 to resolve the issue...

PT-2023-9990 · Arc2 · Arc2

Name of the Vulnerable Software and Affected Versions: ARC aka ARC2 through 2011-12-01 Description: The issue allows blind SQL Injection in the getTriplePatternSQL function within ARC2 StoreSelectQueryHandler.php via comments in a SPARQL WHERE clause. Recommendations: For ARC aka ARC2 through...

Joomla SQL注入漏洞

Joomla is an open source, cross-platform content management system CMS developed using PHP and MySQL by the U.S. Open Source Matters team. Joomla 3 suffers from a security vulnerability that stems from improper use of input filters leading to SQL injection. An attacker exploiting the vulnerabilit...

CVE-2023-2215

A vulnerability classified as critical has been found in Campcodes Coffee Shop POS System 1.0. Affected is an unknown function of the file /admin/user/manageuser.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been...

Campcodes Coffee Shop POS System SQL注入漏洞

Campcodes Coffee Shop POS System is a coffee shop POS system from Campcodes. A SQL injection vulnerability exists in Campcodes Coffee Shop POS System version 1.0, which can be exploited by attackers to execute illegal SQL commands to steal sensitive database data...

Campcodes Retro Basketball Shoes Online Store SQL注入漏洞

Campcodes Retro Basketball Shoes Online Store is an online store for retro basketball shoes from Campcodes. A SQL injection vulnerability exists in Campcodes Retro Basketball Shoes Online Store version 1.0, which originates from a SQL injection vulnerability in the parameter email in the file...

PT-2023-18372 · Campcodes · Campcodes Coffee Shop Pos System

Name of the Vulnerable Software and Affected Versions: Campcodes Coffee Shop POS System version 1.0 Description: A critical issue has been found in the system, affecting the /admin/products/view product.php file. The manipulation of the id argument leads to SQL injection, allowing for remote...

CVE-2023-30076

Sourcecodester Judging Management System v1.0 is vulnerable to SQL Injection via /php-jms/printjudges.php?printjudges.php=&sename=&subeventid=...

PT-2023-22782 · Archery · Archery

Name of the Vulnerable Software and Affected Versions: Archery affected versions not specified Description: The Archery project contains multiple SQL injection vulnerabilities, allowing an attacker to query connected databases. The issue arises from the explain method in sql optimize.py, where us...

CVE-2023-1873

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Faturamatik Bircard allows SQL Injection. This issue affects Bircard: before 23.04.05...

WordPress Plugin Transbank Webpay REST SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress Plugin Transbank...

SourceCodester Employee and Visitor Gate Pass Logging System SQL注入漏洞

Employee and Visitor Gate Pass Logging System is an employee and visitor pass logging system by Carlo Montero, an individual developer. SourceCodester Employee and Visitor Gate Pass Logging System version 1.0 suffers from a SQL injection vulnerability that stems from a problem in the file...

Sourcecodester Vehicle Service Management System SQL注入漏洞

Sourcecodester Vehicle Service Management System is an open source PHP project. It is a simple web application for automotive repair/service stores or businesses. SourceCodester Vehicle Service Management System version 1.0 suffers from a SQL injection vulnerability, which originates from the...

PT-2023-17447 · Unknown · Campcodes Advanced Online Voting System

Name of the Vulnerable Software and Affected Versions: Campcodes Advanced Online Voting System version 1.0 Description: A critical vulnerability has been found in the system, affecting an unknown function of the file /admin/positions row.php. The manipulation of the id argument leads to SQL...

PT-2023-17292

Name of the Vulnerable Software and Affected Versions Eskom Water Metering Software versions prior to 23.04.06 Description The issue is related to an SQL Injection vulnerability, which allows for Command Line Execution through SQL Injection. This is due to the improper neutralization of special...

Campcodes Online Traffic Offense Management System SQL注入漏洞

Campcodes Online Traffic Offense Management System is a web-based traffic offense management system. A SQL injection vulnerability exists in Campcodes Online Traffic Offense Management System v1.0. The vulnerability stems from the lack of validation of external input SQL statements in the paramet...

Campcodes Advanced Online Voting System SQL注入漏洞

Campcodes Advanced Online Voting System is an online voting system. Campcodes Advanced Online Voting System v1.0 is vulnerable to SQL injection. The vulnerability stems from the lack of validation of external input SQL statements in the parameter id of the file /admin/votersrow.php, which can be...

Control iD iDSecure SQL注入漏洞

Control iD iDSecure is an ID security program from Control iD. An SQL injection vulnerability exists in Control iD iDSecure version 23.3.19.0, which stems from a problem with the file /v2/customerdb/operator.svc/a, where manipulation of email can result in sql injection...

Campcodes Advanced Online Voting System SQL注入漏洞

Campcodes Advanced Online Voting System is an online voting system. A SQL injection vulnerability exists in Campcodes Advanced Online Voting System v1.0. The vulnerability stems from the lack of validation of external input SQL statements in the parameter id of the file /admin/positionsdelete.php...

The vulnerability of the software for managing and publishing geodata on the OSGeo GeoServer server lies in the lack of measures to neutralize special elements used in SQL queries, allowing a perpetrator to execute arbitrary SQL code.

The vulnerability of the software for managing and publishing geodata on the OSGeo GeoServer server is related to the lack of measures taken to neutralize special elements used in SQL queries. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL code by sending a...