PT-2023-27044 · Unknown · Uplight Cookiebanner

Name of the Vulnerable Software and Affected Versions: UpLight cookiebanner versions prior to 1.5.1 Description: The issue is related to a SQL injection vulnerability via the component Hook::getHookModuleExecList. This vulnerability was discovered in UpLight cookiebanner. Recommendations: For...

CVE-2023-42660

In Progress MOVEit Transfer versions released before 2021.1.8 13.1.8, 2022.0.8 14.0.8, 2022.1.9 14.1.9, 2023.0.6 15.0.6, a SQL injection vulnerability has been identified in the MOVEit Transfer machine interface that could allow an authenticated attacker to gain unauthorized access to the MOVEit...

HotelDruid SQL Injection Vulnerability

Hoteldruid is a free and open source hotel management program from Hoteldruid. A security vulnerability exists in HotelDruid version v3.0.5, which stems from a SQL injection vulnerability in the parameter nutenteagg...

TONGDA Office Anywhere SQL Injection Vulnerability

TONGDA Office Anywhere is a collaborative office OA system. A SQL injection vulnerability exists in TONGDA Office Anywhere 11.10 and earlier versions, which stems from a SQL injection vulnerability in the parameter PLANID...

OpenRapid RapidCMS SQL Injection Vulnerability

OpenRapid RapidCMS is OpenRapid open source a fast and easy to use CMS system. OpenRapid RapidCMS version 1.3.1 SQL injection vulnerability , the vulnerability stems from the file /admin/article/article-add.php SQL injection vulnerability...

CVE-2023-4832

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Aceka Company Management allows SQL Injection. This issue affects Company Management: before 3072...

Exploit for SQL Injection in Simple_Online_Piggery_Management_System_Project Simple_Online_Piggery_Management_System

Online Piggery Farm Management Syst...

CVE-2023-39654

abupy up to v0.4.0 was discovered to contain a SQL injection vulnerability via the component abupy.MarketBu.ABuSymbol.searchtosymboldict...

CVE-2023-40771

SQL injection vulnerability in DataEase v.1.18.9 allows a remote attacker to obtain sensitive information via a crafted string outside of the blacklist function...

PT-2023-9132 · Synology · Video Station

Name of the Vulnerable Software and Affected Versions: Video Station versions prior to 5.7.2 Description: A SQL injection issue affects Video Station, related to a lack of protection against SQL query structure attacks. This could allow a remote attacker to execute arbitrary code by injecting...

CVE-2023-23563

An issue was discovered in Geomatika IsiGeo Web 6.0. It allows remote authenticated users to obtain sensitive database content via SQL Injection...

Maid Hiring Management System Cross-Site Scripting Vulnerability

PHPGurukul Maid Hiring Management System is a maid hiring management system from PHPGurukul, Inc. A security vulnerability exists in Maid Hiring Management System v1.0, which originates from a SQL injection vulnerability in the Search Maid page...

CVE-2023-4200

A vulnerability has been found in SourceCodester Inventory Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file productdata.php.. The manipulation of the argument columns1data leads to sql injection. The attack can be initiated remotely. The exploi...

CVE-2023-37647

SEMCMS v1.5 was discovered to contain a SQL injection vulnerability via the id parameter at /AntSuxin.php...

Hospital Management System SQL注入漏洞

Hospital Management System HMS is a computerized system that helps manage healthcare-related information and helps healthcare providers do their jobs efficiently. A SQL injection vulnerability exists in Hospital Management System version 1.0, which stems from the presence of an unknown function i...

Bylancer QuickJob SQL注入漏洞

Bylancer QuickJob is an advanced Job Board PHP script from Bylancer. A SQL injection vulnerability exists in Bylancer QuickJob version 6.1, which stems from the presence of an unknown function in the component GET Parameter Handler, which leads to sql injection via the parameters keywords/gender...

CVE-2023-37628

Online Piggery Management System 1.0 is vulnerable to SQL Injection...

Best pos management system SQL注入漏洞

Best pos management system is a best pos management system by Mayuri K. Individual developer. A SQL injection vulnerability exists in Best POS Management System version 1.0, which stems from the parameter username in the file adminclass.php that can lead to sql injection...

DOOR Property Cloud Platform Management Center SQL注入漏洞

DOOR Property Cloud Platform Management Center is a property cloud platform management center of China DOOR Corporation. A security vulnerability exists in DOOR Property Cloud Platform Management Center version 1.0, which originates from an SQL injection vulnerability...

The vulnerability of the GLPI system’s handling of requests and incidents lies in the improper neutralization of input data during the generation of web pages, as well as the improper neutralization of special elements used in SQL commands. This allows attackers to execute arbitrary SQL queries in the database.

The vulnerability of the GLPI application’s request and incident handling system lies in the insufficient cleaning of user data at the final inventory registration stage. A user who has not undergone identity verification can send specially created requests to the vulnerable application and execu...