PT-2022-24016 · Owncast · Owncast

Name of the Vulnerable Software and Affected Versions: owncast versions prior to 0.0.13 Description: The issue is related to SQL Injection in the GitHub repository owncast/owncast. Recommendations: For versions prior to 0.0.13, update to version 0.0.13 or later to resolve the issue...

CVE-2022-3865

The WP User Merger WordPress plugin before 1.5.3 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as admin...

CVE-2022-3849

The WP User Merger WordPress plugin before 1.5.3 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as admin...

OpenDaylight SQL注入漏洞

OpenDaylight ODL is an open source SDN controller from OpenDaylight Open Source. A security vulnerability exists in versions of OpenDaylight ODL prior to 0.16.5, which originates in its aaa-idm-store-h2/src/main/java/org/opendaylight/aaa/datastore/h2/RoleStore.java component in the /auth/ v1/role...

Automotive Shop Management System SQL注入漏洞

Automotive Shop Management System is an automotive shop management system by Carlo Montero Personal Developer. A security vulnerability exists in Automotive Shop Management System v1.0, which was discovered to contain a SQL injection vulnerability via the id parameter in...

Vulnerability fixed in IBM DB2

A vulnerability has been fixed in IBM DB2. This vulnerability allows a malicious party to perform a denial-of-service DoS cause by using the db2expln tool and entering an incorrect SQL statement into it. IBM has made an update available to fix the vulnerability. fix. For more information, see:...

CVE-2022-44117

Boa 0.94.14rc21 is vulnerable to SQL Injection via username. NOTE: the is disputed by multiple third parties because Boa does not ship with any support for SQL...

JIZHICMS SQL注入漏洞

Extreme Networks Technology JIZHICMS Extreme CMS is an open source content management system CMS from China's Extreme Networks Technology. A security vulnerability exists in JIZHICMS v2.3.3, which can be exploited by an attacker to perform SQL injection via the...

CVE-2022-43212

Billing System Project v1.0 was discovered to contain a SQL injection vulnerability via the orderId parameter at fetchOrderData.php...

The vulnerability of the Field::set_default component in the MariaDB database, which allows a hacker to trigger a service failure.

The vulnerability of the Field::setdefault component in the MariaDB database management system is related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor to trigger a service failure through a specially crafted SQL query...

Billing System Project SQL注入漏洞

Billing System Project is a billing system project by Mayuri K. Individual developer. Billing System Project v1.0 suffers from a SQL injection vulnerability that stems from a lack of validation of the orderId parameter in printOrder.php against an externally entered SQL statement. An attacker cou...

Silverstripe CMS SQL注入漏洞

Silverstripe CMS is an application from Silverstripe New Zealand. Empower powerful digital teams by creating a platform for digital change. Silverstripe CMS suffers from a SQL injection vulnerability that can be exploited by an attacker to execute arbitrary SQL statements by adding a SQL load to...

PT-2022-25410 · Unknown · Attendance Management System

Name of the Vulnerable Software and Affected Versions: Student Attendance Management System affected versions not specified Description: A critical issue affects the Student Attendance Management System, specifically the file /Admin/createClass.php. The manipulation of the Id argument leads to sq...

PT-2022-26779 · Unknown · Online Diagnostic Lab Management System

Name of the Vulnerable Software and Affected Versions: Online Diagnostic Lab Management System version 1.0 Description: The issue is related to a SQL injection vulnerability. This vulnerability can be exploited via the id parameter at the "/tests/view test.php" API endpoint. Recommendations: For...

MonikaBrzica scm 安全漏洞

scm is a supply chain management software by MonikaBrzica Individual Developer. A security vulnerability exists in MonikaBrzica scm, which stems from some unknown function of its upisubazu.php component that operates on the email/lozinka/ime/id parameter, leading to an attacker to implement SQL...

Simmeth System Supplier Manager SQL注入漏洞

Simmeth System Supplier Manager is a supply chain software from Simmeth System, Germany. versions prior to Simmeth System Supplier Manager 5.6 contain a design error vulnerability that could be exploited by attackers to obtain sensitive database information...

CVE-2022-43288

Rukovoditel v3.2.1 was discovered to contain a SQL injection vulnerability via the orderby parameter at /rukovoditel/index.php?module=logs/view&type=php...

Arches SQL注入漏洞

Arches is an Arches open source web platform for creating, managing and visualizing geospatial data. A security vulnerability exists in Arches versions prior to 6.1.2, 6.2.1, and 7.1.2, which stems from an attacker being able to implement SQL injection via a crafted web request...

Delta Electronics DIAEnergie SQL注入漏洞

Delta Electronics DIAEnergie is an industrial energy management system from Delta Electronics Taiwan, China used to monitor and analyze energy consumption in real time, calculate energy consumption and load characteristics, optimize equipment performance, improve production processes and maximize...

CVE-2022-39069

There is a SQL injection vulnerability in ZTE ZAIP-AIE. Due to lack of input verification by the server, an attacker could trigger an attack by building malicious requests. Exploitation of this vulnerability could cause the leakage of the current table content...