PT-2024-16413 · Tongda Oa · Tongda Oa

Name of the Vulnerable Software and Affected Versions: Tongda OA versions up to 11.10 Description: A critical vulnerability was found in Tongda OA, affecting the file /pda/workflow/check seal.php. The manipulation of the ID argument leads to SQL injection. The attack can be initiated remotely...

SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection through the GraphCypherQAChain class. An attacker can manipulate, delete, or create data, disrupt services, and compromise database integrity by injecting malicious SQL commands into prompts. Note: This vulnerability impac...

LangChain.js SQL注入漏洞

LangChain.js is a build context-aware reasoning application open-sourced by LangChain. An SQL injection vulnerability exists in LangChain.js version 0.2.5 and earlier, which stems from allowing on-the-fly injection, which leads to SQL injection, which allows an attacker to create, update, or dele...

Codezips Hospital Appointment System SQL注入漏洞

Codezips Hospital Appointment System is a Codezips open source hospital appointment system. Codezips Hospital Appointment System version 1.0 suffers from a SQL injection vulnerability that originates from the parameter Username in the file /loginAction.php that can lead to SQL injection...

FunAdmin 安全漏洞

FunAdmin is FunAdmin open source development based on ThinkPHP6 + Layui development of a lightweight high-color backend development system. A security vulnerability exists in FunAdmin version 5.0.2, which originates from an SQL injection vulnerability in the parentField parameter of the index...

CVE-2024-10350

A vulnerability was found in code-projects Hospital Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/add-doctor.php. The manipulation of the argument docname leads to sql injection. The attack can be initiated remotely. The exploi...

PT-2024-16069 · Unknown · Phpgurukul Boat Booking System

Name of the Vulnerable Software and Affected Versions: PHPGurukul Boat Booking System version 1.0 Description: A critical issue has been found in the Sign In Page component of the PHPGurukul Boat Booking System, specifically in the /admin/index.php file. The manipulation of the username argument...

PT-2024-16080 · Unknown · Codezips Sales Management System

Name of the Vulnerable Software and Affected Versions: Codezips Sales Management System version 1.0 Description: A critical vulnerability has been found in the Codezips Sales Management System. This issue affects an unknown part of the file deletecustind.php. The manipulation of the argument id...

EsafeNet CDG SQL注入漏洞

EsafeNet CDG is a document security management system from EsafeNet. EsafeNet CDG V5 version has a SQL injection vulnerability, which originates from the parameter id of the file /com/esafenet/servlet/client/MailDecryptApplicationService.java, which can lead to SQL injection...

VulnCheck KEV: CVE-2024-8877

Improper neutralization of special elements results in a SQL Injection vulnerability in Riello Netman 204. It is only limited to the SQLite database of measurement data.This issue affects Netman 204: through 4.05...

TAI Smart Factory QPLANT SF SQL注入漏洞

TAI Smart Factory QPLANT SF is a tool for managing and controlling production execution from TAI Smart Factory, Inc. A SQL injection vulnerability exists in TAI Smart Factory QPLANT SF version 1.0, which originates from allowing a remote attacker to retrieve all database information by sending a...

PT-2024-38074 · Netease Youdao · Qanything

Name of the Vulnerable Software and Affected Versions: netease-youdao/qanything version 1.4.1 Description: The issue concerns a SQL injection vulnerability where unsafe data obtained from user input is concatenated in SQL queries. This affects functions including get knowledge base name, from...

Advocate Office Management System SQL注入漏洞

Advocate Office Management System is an office management system by Mayuri K. Individual Developer. A SQL injection vulnerability exists in Advocate Office Management System version 1.0, which originates from an SQL injection vulnerability in the id parameter of the /control/editclient.php page...

PT-2024-39549 · Unknown · Dingfanzu Cms

Name of the Vulnerable Software and Affected Versions: dingfanzu CMS up to 29d67d9044f6f93378e6eb6ff92272217ff7225c Description: A critical issue has been found in the software, affecting some unknown functionality of the file saveNewPwd.php. The manipulation of the username argument leads to sql...

PT-2024-39412 · Unknown · Code-Projects Student Record System

Name of the Vulnerable Software and Affected Versions: code-projects Student Record System version 1.0 Description: A critical issue has been found in the code-projects Student Record System, affecting unknown code in the file /course.php. The manipulation of the coursename argument leads to SQL...

PT-2024-39363 · Unknown · Sourcecodester Best Online News Portal

Name of the Vulnerable Software and Affected Versions: SourceCodester Best Online News Portal version 1.0 Description: A critical vulnerability was found in the Comment Section of the SourceCodester Best Online News Portal. The issue affects unknown code in the file /news-details.php. The...

ORDAT FOSS-Online 安全漏洞

ORDAT FOSS-Online is an enterprise resource management solution from ORDAT. A security vulnerability exists in ORDAT FOSS-Online versions prior to 2.24.01, which stems from the Forgot Password feature containing a SQL injection vulnerability...

PHPGurukul Job Portal SQL注入漏洞

PHPGurukul Job Portal is a PHP-based job search website system from PHPGurukul. A SQL injection vulnerability exists in PHPGurukul Job Portal version 1.0, which originates from the search parameter in /jobportal/index.php...

PT-2024-5844 · Centreon · Centreon Web

Name of the Vulnerable Software and Affected Versions: Centreon Web versions 22.10.0 through 22.10.22 Centreon Web versions 23.04.0 through 23.04.18 Centreon Web versions 23.10.0 through 23.10.12 Centreon Web versions 24.04.0 through 24.04.2 Description: A SQL Injection vulnerability exists in th...

itsourcecode Project Expense Monitoring System SQL注入漏洞

Project Expense Monitoring System is itsourcecode open source project expense monitoring system. The SQL injection vulnerability exists in itsourcecode Project Expense Monitoring System version 1.0, which originates from a SQL injection vulnerability in the transferid parameter of the...