The vulnerability of the setTaskEditorItem component in the centralized network device and port management system Advantech iView allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the setTaskEditorItem component in the Centralized Network Devices and Ports Management System of Advantech iView relates to the lack of protective measures for the SQL query structure. Exploiting this vulnerability can allow an attacker, operating remotely, to gain...

Discussion-Board SQL注入漏洞

Discussion-Board is a PHP-based online forum. Discussion-Board suffers from a SQL injection vulnerability that originates in the function displayallreplies in the file functions/main.php, which operates on the parameter str to cause SQL injection...

Online Food Ordering System SQL注入漏洞

Online Food Ordering System is an online food ordering system. an SQL injection vulnerability exists in Online Food Ordering System, which stems from a problem with some unknown functions in the file viewprod.php, where manipulation of the parameter id can lead to sql injection. No details of the...

PT-2023-10149 · Unknown · Agy Pontifex.Http

Name of the Vulnerable Software and Affected Versions: agy pontifex.http versions prior to 0.1.0 Description: A critical issue has been found in the agy pontifex.http software, affecting the lib/Http.coffee file, which can lead to sql injection. Recommendations: For versions prior to 0.1.0, upgra...

CVE-2022-46954

Dynamic Transaction Queuing System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/ajax.php?action=deletetransaction...

Online Student Enrollment System SQL注入漏洞

Online Student Enrollment System is an online student enrollment system developed by Lyndon Bermoy, an individual developer. A security vulnerability exists in Online Student Enrollment System v1.0, which stems from a username parameter in its /studentenrollment/admin/login.php file that allows a...

Dynamic Transaction Queuing System SQL注入漏洞

Dynamic Transaction Queuing System is a dynamic transaction queuing system using PHP/MySQL by Carlo Montero, an individual developer. A security vulnerability exists in Dynamic Transaction Queuing System v1.0, which stems from the id parameter of its /admin/ajax.php?action=deleteuploads component...

PT-2023-10000 · Unknown · Aeharding Classroom-Engagement-System

Name of the Vulnerable Software and Affected Versions: aeharding classroom-engagement-system affected versions not specified Description: A critical issue was found, allowing for SQL injection through some unknown functionality. The manipulation can be performed remotely. Recommendations: Apply t...

classroom-engagement-system SQL注入漏洞

classroom-engagement-system is a classroom engagement system by the individual developer Alexander Harding. A SQL injection vulnerability exists in classroom-engagement-system, which stems from a problem with some unknown functionality that can lead to sql injection...

CVE-2022-47865

Lead Management System v1.0 is vulnerable to SQL Injection via the id parameter in removeOrder.php...

The vulnerability of the software solution for managing financial indicators of the SAP Business Planning and Consolidation system lies in the lack of measures taken to protect the SQL query structure, allowing attackers to execute arbitrary SQL queries.

The vulnerability of the SAP Business Planning and Consolidation software solution for managing organizational financial indicators is related to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL queries...

Lead Management System SQL注入漏洞

Lead management system is a lead management system developed by Mayuri K. A SQL injection vulnerability exists in Lead Management System v1.0, which stems from the lack of validation of external input SQL statements in the id parameter of removeOrder.php, and can be exploited by attackers to The...

Lead Management System SQL注入漏洞

Lead management system is a lead management system by Mayuri K. Personal developer. SQL injection vulnerability exists in Lead Management System v1.0, which stems from the lack of validation of externally entered SQL statements in the id parameter of removeCategories.php. An attacker could use th...

dronfelipe SQL注入漏洞

dronfelipe is a website by Kyle Bebak, an individual developer. A SQL injection vulnerability exists in dronfelipe. An attacker could exploit this vulnerability to perform a sql injection attack...

CVE-2022-38492

An issue was discovered in EasyVista 2020.2.125.3 and 2022.1.109.0.03. One parameter allows SQL injection. Version 2022.1.110.1.02 fixes the vulnerability...

EasyVista SQL注入漏洞

EasyVista is an application from EasyVista, Inc. creates digital experiences that help organizations work smarter, faster, and better automatically. A SQL injection vulnerability exists in EasyVista version 2020.2.125.3, which stems from the presence of SQL injection on some parameters...

Terminal Operating System SQL注入漏洞

Terminal Operating System is a terminal operating system that accelerates the flow of container, general cargo, liquid cargo, ro-ro and warehouse services at the terminal. A SQL injection vulnerability exists in Terminal Operating System versions prior to 5.0.13. An attacker could exploit this...

SAP BPC MS SQL注入漏洞

SAP BPC MS is a business planning and consolidation application from SAP Germany that provides planning, budgeting, forecasting, and financial consolidation functions. SAP BPC MS version 10.0 810 contains a SQL injection vulnerability that stems from the application's lack of validation of...

PT-2023-1258 · Microsoft · Windows +1

Name of the Vulnerable Software and Affected Versions: Microsoft WDAC OLE DB provider for SQL Server affected versions not specified Description: The issue is related to insufficient input validation in the Microsoft WDAC OLE DB provider for SQL Server component in Windows operating systems. This...

PT-2023-9861 · Unknown · Web-Cyradm

Name of the Vulnerable Software and Affected Versions: web-cyradm affected versions not specified Description: A critical issue has been found in web-cyradm, affecting some unknown functionality of the file auth.inc.php. The manipulation of the argument login/login password/LANG leads to sql...