850 matches found
Stash 安全漏洞
Stash is an open source self-hosted web application written in Go by stashapp. A security vulnerability exists in Stash version v0.25.1, which stems from an SQL injection vulnerability in the sort parameter...
Projectworlds Online Examination System 安全漏洞
Projectworlds Online Examination System is an online examination system from Projectworlds India. A security vulnerability exists in Projectworlds Online Examination System v1.0, which stems from an SQL injection vulnerability in the subject parameter of the feed.php page...
PT-2024-38492 · Sourcecodester · Sourcecodester Car Driving School Management System
Name of the Vulnerable Software and Affected Versions: SourceCodester Car Driving School Management System version 1.0 Description: A critical issue has been discovered, allowing for SQL injection through the manipulation of the id argument in an unknown function of the file view details.php. Thi...
WordPress Slider by 10Web plugin <= 1.2.57 - Authenticated (Contributor+) SQL Injection via id Parameter vulnerability
Authenticated Contributor+ SQL Injection via id Parameter vulnerability discovered by Arkadiusz Hydzik in WordPress Plugin Slider by 10Web versions = 1.2.57...
CVE-2024-7498
A vulnerability was found in itsourcecode Airline Reservation System 1.0. It has been classified as critical. Affected is the function login/login2 of the file /admin/login.php of the component Admin Login Page. The manipulation of the argument username leads to sql injection. It is possible to...
PT-2024-5584
Name of the Vulnerable Software and Affected Versions Django versions 4.2 through 4.2.14 Django versions 5.0 through 5.0.7 Description The issue is related to SQL injection in the QuerySet.values and values list methods on models with a JSONField. This vulnerability can be exploited by passing a...
CVE-2024-7449
A vulnerability, which was classified as critical, was found in itsourcecode Placement Management System 1.0. Affected is an unknown function of the file login.php. The manipulation of the argument email leads to sql injection. It is possible to launch the attack remotely. The exploit has been...
PT-2024-38228 · Sourcecodester · Sourcecodester Lot Reservation Management System
Name of the Vulnerable Software and Affected Versions: SourceCodester Lot Reservation Management System version 1.0 Description: A critical issue was found in the system, affecting the file /admin/ajax.php?action=login. The manipulation of the username argument leads to sql injection. This issue...
Society Management System SQL注入漏洞
Society Management System is itsourcecode open source a society management system. A SQL injection vulnerability exists in Society Management System version 1.0, which stems from an incorrect manipulation of the expensesid parameter that can lead to sql injection...
PT-2024-11629 · Dropbox · Dropbox
Name of the Vulnerable Software and Affected Versions: Dropbox affected versions not specified Description: The issue concerns a SQL injection vulnerability. No specific details about the vulnerability, affected devices, or real-world incidents are provided. Recommendations: At the moment, there ...
PT-2024-38084 · Unknown · Tianchoy/Blog
Name of the Vulnerable Software and Affected Versions: Tianchoy Blog versions up to 1.8.8 Description: A critical issue has been found, affecting an unknown part of the file /so.php. The manipulation of the search argument leads to sql injection. It is possible to initiate the attack remotely. Th...
CVE-2024-39250
EfroTech Timetrax v8.3 was discovered to contain an unauthenticated SQL injection vulnerability via the q parameter in the search web interface...
WordPress ListingPro plugin <= 2.9.4 - SQL Injection vulnerability
SQL Injection vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin ListingPro versions = 2.9.4...
VulnCheck KEV: CVE-2024-31750
SQL injection vulnerability in f-logic datacube3 v.1.0 allows a remote attacker to obtain sensitive information via the reqid parameter...
CVE-2024-6452
A vulnerability classified as critical was found in linlinjava litemall up to 1.8.0. Affected by this vulnerability is an unknown functionality of the file AdminGoodscontroller.java. The manipulation of the argument goodsId/goodsSn/name leads to sql injection. The attack can be launched remotely...
The vulnerability of the orderadd.php file in the Tailoring Management System allows a hacker to execute arbitrary SQL code.
The vulnerability of the orderadd.php file in the Tailoring Management System is related to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows an attacker who operates remotely to execute arbitrary SQL code through the customer parameter...
PT-2024-37496 · Unknown · Pear Admin Boot
Name of the Vulnerable Software and Affected Versions: Pear Admin Boot versions up to 2.0.2 Description: A critical vulnerability has been found in Pear Admin Boot, affecting an unknown function of the file /system/dictData/loadDictItem. The manipulation leads to sql injection, and it is possible...
PT-2024-37485 · Unknown · Sourcecodester Online Food Ordering System
Name of the Vulnerable Software and Affected Versions: itsourcecode Online Food Ordering System version 1.0 Description: A critical issue was found in the itsourcecode Online Food Ordering System, affecting some unknown functionality of the file /purchase.php. The manipulation of the customer...
OpenCart 安全漏洞
OpenCart is an open source online store management system for creating and managing e-commerce websites. It is known for its user-friendliness and flexibility for online stores of different sizes. OpenCart suffers from an SQL injection vulnerability that stems from the presence of an SQL injectio...
PrestaShop Security Breach
PrestaShop is an open source e-commerce solution from the American company PrestaShop. The solution provides multiple payment methods, short message alerts and product image zoom. A security vulnerability exists in PrestaShop Channable 3.2.1 and earlier versions, which stems from the presence of...