Dolibarr ERP/CRM SQL注入漏洞

Dolibarr ERP/CRM is a web-based enterprise resource planning ERP and customer relationship management CRM system from the French Dolibarr Foundation. The system can be used to manage products, inventory, invoices, orders, etc. A SQL injection vulnerability exists in Dolibarr ERP/CRM, which stems...

Shopware SQL注入漏洞

Shopware is a suite of e-commerce software from the German company Shopware.Shopware B2B-Suite 4.4.1 and prior versions are vulnerable to SQL injection, which stems from the lack of validation of external input SQL statements applied to the sort-by parameter of the search function. An authenticat...

CVE-2022-0787

The Limit Login Attempts Spam Protection WordPress plugin before 5.1 does not sanitise and escape some parameters before using them in SQL statements via AJAX actions available to unauthenticated users, leading to SQL Injections...

CVE-2022-0787

The Limit Login Attempts Spam Protection WordPress plugin before 5.1 does not sanitise and escape some parameters before using them in SQL statements via AJAX actions available to unauthenticated users, leading to SQL Injections...

xiaohuanxiong CMS SQL注入漏洞

xiaohuanxiong is an open source comic CMS by guoguo individual developers. xiaohuanxiong version 1.0 is vulnerable to SQL injection, which originates from the id parameter in /app/controller/Books.php. No detailed vulnerability details are available...

The vulnerability of the Cyrus SASL authentication mechanism lies in the lack of protection for the structure of SQL queries, allowing attackers to execute arbitrary SQL queries.

The vulnerability of the Cyrus SASL authentication mechanism lies in the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL queries remotely...

Dreamer CMS SQL注入漏洞

Dreamer CMS is a Dreamer Content Management System by Junnan Wang, a personal developer in China. version 4.0.0 of Dreamer CMS has a security vulnerability that originates from the tableName parameter. No detailed vulnerability details are available at this time...

CVE-2021-27472

A vulnerability exists in the RunSearch function of SearchService service in Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier, which may allow for the execution of remote unauthenticated arbitrary SQL statements...

CVE-2021-27468

The AosService.rem service in Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier exposes functions lacking proper authentication. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary SQL statements...

McAfee Epolicy Orchestrator SQL注入漏洞

McAfee Epolicy Orchestrator McAfee Epo is a U.S. based solution for managing endpoint, network, data security, and compliance. a SQL injection vulnerability exists in versions of McAfee Enterprise ePolicy Orchestrator prior to 5.10 Update 13. The vulnerability stems from the application's lack of...

Delta Electronics DIAEnergie SQL注入漏洞

Delta Electronics DIAEnergie is an industrial energy management system used to monitor and analyze energy consumption in real time, calculate energy consumption and load characteristics, optimize equipment performance, improve production processes, and maximize energy efficiency.A SQL injection...

Simple Subscription Website SQL注入漏洞

Simple Subscription Website is an open source, web-based simple subscription application from Carlo Montero's personal developer. Used to provide companies with possible members to apply for plans that offer certain services, Simple Subscription Website is vulnerable to SQL injection, which can b...

CVE-2021-44345

Beijing Wisdom Vision Technology Industry Co., Ltd One Card Integrated Management System 3.0 is vulnerable to SQL Injection...

Ltd One Card Integrated Management SystemSQL注入漏洞

Ltd One Card Integrated Management System is a one-card integrated management system of Beijing Wisdom Vision Technology Industry Co. Ltd One Card Integrated Management System version V3.0 is vulnerable to SQL injection, which stems from the application's lack of validation of external input SQL...

Attendance and Payroll System SQL注入漏洞

Attendance and Payroll System is an attendance and payroll system using PHP/MySQLi source code from oretnom23 individual developers. sourcecodester Attendance and Payroll System is vulnerable to SQL injection, which can be exploited by remote attackers to bypass authentication via unprocessed log...

CVE-2022-25490

HMS v1.0 was discovered to contain a SQL injection vulnerability via the editid parameter in department.php...

CVE-2022-25492

HMS v1.0 was discovered to contain a SQL injection vulnerability via the medicineid parameter in ajaxmedicine.php...

CVE-2022-25488

Atom CMS v2.0 was discovered to contain a SQL injection vulnerability via the id parameter in /admin/ajax/avatar.php...

HMS SQL注入漏洞

HMS is a computer or web based hospital management system by Kabir Khyrul personal developer in Bangladesh. It helps to manage the operations of a hospital or any healthcare organization. A SQL injection vulnerability exists in HMS version 1.0, which allows attackers to perform SQL injection via...

CVE-2022-24606

Luocms v2.0 is affected by SQL Injection in /admin/news/sortok.php...