Centreon SQL注入漏洞

Centreon Merethis Centreon is a set of open source system monitoring tools from the French company Centreon . The product mainly provides monitoring of network, system and application resources. A SQL injection vulnerability exists in Centreon versions prior to 20.04.14, 20.10.8, and 21.04.2. An...

WordPress SQL注入漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A SQL injection vulnerability exists in the WordPress plugin Survey Maker prior to version 1.5.6,...

SourceCodester Phone Shop Sales Managements System SQL注入漏洞

SourceCodester Phone Shop Sales Managements System is a PHP project by SourceCodester, Inc. to manage phone store sales transactions. sourcecodester Phone Shop Sales Managements System 1.0 has a SQL injection vulnerability that can be exploited by attackers to cause SQL injection...

whatsns SQL注入漏洞

whatsns is an open source online question and answer system. The system supports cloud storage, image watermark settings, full-text search, on-site behavior monitoring, SMS registration and notification, and other features. A SQL injection vulnerability exists in Whatsns, which originates from th...

NavigateCMS SQL注入漏洞

Navigate CMS is a powerful and intuitive content management system. A sql injection vulnerability exists in the childrenorder parameter in structure.php in Navigate CMS 2.9.4 and earlier versions. An attacker can exploit this vulnerability to execute arbitrary sql queries in the backend database...

WordPress SQL注入漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A SQL injection vulnerability exists in WordPress Woocommerce. The vulnerability stems from a lack o...

WordPress SQL注入漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. The platform supports the hosting of personal blog sites on PHP and MySQL servers.WooCommerce Blocks plugin is a WordPress open source application plugin.WooCommerce Blocks feature plugin version...

OESA-2021-1274 python-sqlalchemy security update

SQLAlchemy is an Object Relational Mapper ORM that provides a flexible, high-level interface to SQL databases. It contains a powerful mapping layer that users can choose to work as automatically or as manually, determining relationships based on foreign keys or to bridge the gap between database...

CASAP Automated Enrollment SQL注入漏洞

CASAP Automated Enrollment is an automated enrollment system for the CASAP organization in the United States. The purpose of the project is to provide CASAP with an automated enrollment system to streamline the school process and make it more effective, efficient and easy to retrieve...

PHPGurukul Student Record System SQL注入漏洞

PHPGurukul Student Record System is an application that is vulnerable to SQL injection. The vulnerability stems from a lack of validation of external input SQL statements in the cid parameter of edit-course.php, which can be exploited by remote attackers to through to execute arbitrary SQL...

Sourcecodester Simple College Website SQL注入漏洞

Sourcecodester Simple College Website is a Sourcecodester open source application. A content management system. SourceCodester Simple College Website v 1.0 is vulnerable to SQL injection, which can be exploited by remote attackers to execute arbitrary SQL statements against news.php via the id...

SourceCodester E-Commerce Website SQL注入漏洞

SourceCodester E-Commerce Website is a software application. A PHP e-commerce website project for bookstores. A SQL injection vulnerability exists in SourceCodester E-Commerce Website version V1.0, which originates from a lack of validation of the update parameter of empViewUpdate.php against an...

Teachers Record Management System SQL注入漏洞

Teachers Record Management System is an open source Teachers Record Management System. A security vulnerability in PHPGurukul Employee Record Management System 1.1 allows remote attackers to bypass authentication by executing arbitrary SQL commands...

ShareCare SQL注入漏洞

ShareCare is a clinical and financial software system from Echo Group. An SQL injection vulnerability exists in Echo ShareCare version 8.15.5 that stems from not performing authentication or authorization checks when accessing a subset of sensitive resources, which could allow an unauthenticated...

ShareCare SQL注入漏洞

ShareCare is a clinical and financial software system of Echo Group. Echo ShareCare suffers from an SQL injection vulnerability that stems from ShareCare's susceptibility to SQL injection vulnerabilities when processing remote input from arbitrary users...

WordPress 插件 SQL注入漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports PHP and MySQL servers to set up a personal blog site.WordPress Plugin is a WordPress open source application plugin . The WordPress plugin suffers from a code injection...

Aruba ClearPass Policy Manager SQL注入漏洞

Aruba ClearPass Policy Manager is an application from Aruba, Inc. that provides a wireless network security access management system. Aruba ClearPass Policy Manager has a security vulnerability that could allow a remote attacker to perform a SQL injection attack on a ClearPass instance...

IBM InfoSphere Information Server SQL注入漏洞

IBM InfoSphere Information Server is a set of data integration platforms from IBM in the United States. The platform can be used to integrate data information obtained from various sources. IBM InfoSphere Information Server has a security vulnerability that can be exploited by an attacker to view...

The vulnerability in the “main/inc/ajax/model.ajax.php” file of the Chamilo e-learning and content management system allows a perpetrator to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability in the main/inc/ajax/model.ajax.php file of the Chamilo e-learning and content management system relates to the lack of protection for SQL query structures. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and accessibility of t...

SQL Injection

Amendment This was deemed not a vulnerability. Overview Affected versions of this package are vulnerable to SQL Injection due to the sql.gsub function in lib/arjdbc/jdbc/adapter.rb not properly sanitizing user-supplied input beforeusing it in SQL queries. This may allow a remote attacker to injec...