PT-2021-23640 · Unknown · Sourcecodester Online Learning System

Name of the Vulnerable Software and Affected Versions: Sourcecodester Online Learning System version 2.0 Description: The issue concerns SQL injection authentication bypass in the admin login file /admin/login.php and authenticated file upload in the Master.php file. These vulnerabilities can be...

PT-2021-23074 · Zoho · Zoho Manageengine Network Configuration Manager

Name of the Vulnerable Software and Affected Versions: ManageEngine Network Configuration Manager versions prior to 125465 Description: The issue concerns a SQL Injection vulnerability in the configuration search of ManageEngine Network Configuration Manager. Recommendations: For ManageEngine...

Zoho Corporation Zoho ManageEngine Network Configuration Manager SQL注入漏洞

Zoho ManageEngine Network Configuration Manager is a network change and configuration management tool for managing the configuration of switches, routers and firewalls. A SQL injection vulnerability exists in the configuration search in Zoho ManageEngine Network Configuration Manager. No details ...

Ivanti Avalanche 安全漏洞

Ivanti Avalanche is an enterprise mobile device management system from Ivanti, USA. The system is primarily used to manage devices such as smartphones, tablets and barcode scanners. A security vulnerability exists in Ivanti Avalanche that allows a remote attacker to exploit the vulnerability to...

The vulnerability of the txtID parameter in the xp_cmdshell procedure of the BillQuick Web Suite’s time and attendance system allows a perpetrator to execute arbitrary code.

The vulnerability of the txtID parameter in the xpcmdshell procedure of the BillQuick Web Suite payroll and accounting system is related to errors during the elimination of special elements in SQL queries. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

WordPress SQL注入漏洞

WordPress is a set of blogging platforms developed using the PHP language by the Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A SQL injection vulnerability exists in the WordPress Schreikasten WordPress plugin in version 0.14.18 and...

ServiceTonic Helpdesk Software SQL注入漏洞

ServiceTonic, an ITIL-compliant service desk and enterprise services software, has a SQL injection vulnerability in the login form in versions prior to ServiceTonic 9.0.35937. An attacker could exploit the vulnerability to steal information via a specially crafted, HQL-compatible, time-series SQL...

CVE-2021-42667

A SQL Injection vulnerability exists in Sourcecodester Online Event Booking and Reservation System in PHP in event-management/views. An attacker can leverage this vulnerability in order to manipulate the sql query performed. As a result he can extract sensitive data from the web server and in som...

Phpjabbers Fundraising Script SQL注入漏洞

Phpjabbers Fundraising Script is a simple open source Php donation script from the Serbian company Phpjabbers. Phpjabbers Fundraising Script version 1.0 has a SQL injection vulnerability, attackers can attack through the pjActionLoad function...

Ericsson Network Location Mps Gmpc21 命令注入漏洞

Ericsson Network Location Mps Gmpc21 is a network mobile positioning system from Ericsson, Sweden. Ericsson Network Location MPS GMPC21 suffers from a command injection vulnerability that arises from the lack of filtering and escaping of SQL statements in the file name query in the export functio...

Simple Cashiering System SQL注入漏洞

Simple Cashiering System is a simple open source cashiering system by Carlo Montero personal developer. It is used to help businesses manage their daily transactions. Simple Cashiering System suffers from an SQL injection vulnerability that stems from a lack of filtering and escaping of...

Sourcecodester Customer Relationship Management System SQL注入漏洞

Sourcecodester Customer Relationship Management System is an open source Php project. Sourcecodester Customer Relationship Management System CRM is vulnerable to SQL injection in v1.0, which can be exploited by attackers via the username field in "customer/login .php" in the username field to...

Simple Subscription Website SQL注入漏洞

Simple Subscription Website is a web-based application. SourceCodester Simple Subscription Website 1.0 is vulnerable to SQL injection, which can be exploited by attackers to perform SQL injection via login...

CVE-2021-41676

An SQL Injection vulnerabilty exists in the oretnom23 Pharmacy Point of Sale System 1.0 in the login function in actions.php...

Yonyou TurboCrm SQL注入漏洞

Yonyou TurboCrm is a customer relationship management system from China's UFIDA Network Technology Yonyou. Yonyou TurboCRM.via suffers from a SQL injection vulnerability that allows an attacker to obtain sensitive database information via the orgcode parameter in changepswd.php...

The vulnerability of the idxGetTableInfo function in the command-line component of the embedded SQLite database, which involves reading data beyond the allowed buffer size, allows a attacker to cause a service failure.

The vulnerability of the idxGetTableInfo function in the command-line component of the embedded SQLite database relates to reading data beyond the allowable buffer size. Exploiting this vulnerability could allow a malicious actor to cause service failures by executing a specially crafted SQL quer...

CVE-2020-24932

An SQL Injection vulnerability exists in Sourcecodester Complaint Management System 1.0 via the cid parameter in complaint-details.php...

The vulnerability of the information system openSIS, related to the failure to protect the SQL query structure, allows a perpetrator to execute arbitrary SQL queries.

The vulnerability of the information system openSIS is related to the failure to implement measures to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL queries using the username parameter...

CVE-2021-37371

Online Student Admission System 1.0 is affected by an unauthenticated SQL injection bypass vulnerability in /admin/login.php...

The vulnerability of the Media Streaming add-on, a multimedia file streaming application, and the Multimedia Console console lies in the lack of protection for the SQL query structure. This allows attackers to execute arbitrary SQL queries.

The vulnerability of the Media Streaming add-on, a multimedia file streaming application, and the Multimedia Console console is related to the failure to implement measures to protect the SQL query structure. Exploiting this vulnerability allows an attacker to execute arbitrary SQL queries remote...