847 matches found
Webkil QloApps SQL注入漏洞
Webkil QloApps is free open source hotel booking and online reservation system. A security vulnerability exists in Webkul QloApps version 1.6.0, which stems from a SQL injection vulnerability in the GET parameter. An attacker can exploit the vulnerability to bypass the authentication and...
Thinking Software Technology Efence SQL注入漏洞
Thinking Software Technology Efence is a mobile device management solution from China-based Thinking Software Technology. A SQL injection vulnerability exists in Thinking Software Technology Efence due to a login function that does not validate user-entered parameters...
CVE-2021-4340
The uListing plugin for WordPress is vulnerable to generic SQL Injection via the ‘listingid’ parameter in versions up to, and including, 1.6.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...
CVE-2023-33762
eMedia Consulting simpleRedak up to v2.47.23.05 was discovered to contain a SQL injection vulnerability via the Activity parameter...
PT-2023-12143 · Unknown · Fighting Cock Information System
Name of the Vulnerable Software and Affected Versions: Fighting Cock Information System version 1.0 Description: A SQL Injection issue allows a remote attacker to obtain sensitive information via the 'edit breed.php' parameter. Recommendations: For Fighting Cock Information System version 1.0,...
PT-2023-24194 · Xibo · Xibo
Name of the Vulnerable Software and Affected Versions: Xibo versions 1.4.0 through 2.3.16 Xibo versions 2.3.17 is not affected, but versions prior to 3.3.5 are affected, so the correct range is Xibo versions 3.3.0 through 3.3.4 Description: A SQL injection issue was discovered in the...
Pimcore SQL注入漏洞
Pimcore is Austria Pimcore company's set of open source for creating and managing Web applications Web content management platform. The platform integrates Web content management, e-commerce framework and product information management applications. A SQL injection vulnerability exists in Pimcore...
Online Voting System SQL注入漏洞
Campcodes Advanced Online Voting System is an online voting system. The Campcodes Advanced Online Voting System v1.0 is vulnerable to SQL injection. The vulnerability stems from the lack of validation of external input SQL statements in the parameter description of the file /admin/positionsadd.ph...
PT-2023-17375 · Sourcecodester · Sourcecodester Best Online News Portal
Name of the Vulnerable Software and Affected Versions: SourceCodester Best Online News Portal version 1.0 Description: A critical issue was found in the file /admin/forgot-password.php, specifically in the POST Parameter Handler component. The manipulation of the username argument leads to SQL...
PT-2023-17356 · Sourcecodester · Sourcecodester Simple/Beautiful Shopping Cart System
Name of the Vulnerable Software and Affected Versions: SourceCodester Simple and Beautiful Shopping Cart System version 1.0 Description: A critical issue was found in the delete user query.php file, where the manipulation of the user id argument leads to SQL injection. The attack can be initiated...
BP Monitoring Management System SQL注入漏洞
BP Monitoring Management System is a web-based application by the individual developer of phpgurukul. A SQL injection vulnerability exists in HPGurukul BP Monitoring Management System version 1.0. The vulnerability stems from a SQL injection vulnerability in the name/mobno parameter...
Young Entrepreneur E-Negosyo System SQL注入漏洞
Young Entrepreneur E-Negosyo System is a Young Entrepreneur E-Negosyo System for janobe individual developers. A security vulnerability exists in SourceCodester Young Entrepreneur E-Negosyo System version 1.0, which stems from an incorrect manipulation of the parameter UUSERNAME resulting in sql...
Utarit Information Technologies Persolus SQL注入漏洞
Utarit Information Technologies Persolus is an application from Utarit Information Technologies. A security vulnerability exists in Utarit Information Technologies Persolus versions prior to 2.03.93 that stems from the presence of a SQL injection vulnerability...
CVE-2023-1251
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Akinsoft Wolvox. This issue affects Wolvox: before 8.02.03...
Intern Record System SQL注入漏洞
Intern Record System is an intern record system from the individual developers at Codeprojects. A security vulnerability exists in Intern Record System version 1.0. An attacker can exploit this vulnerability to execute arbitrary code and obtain sensitive information...
PT-2023-10256 · Webbuilders · Silverstripe-Kapost-Bridge
Name of the Vulnerable Software and Affected Versions: webbuilders-group silverstripe-kapost-bridge version 0.3.3 Description: A critical issue has been found, affecting the index/getPreview function of the file code/control/KapostService.php. This issue leads to sql injection and can be launched...
PT-2023-15127 · Tuzicms · Tuzicms
Name of the Vulnerable Software and Affected Versions: Tuzicms version 2.0.6 Description: A SQL injection issue was found in the UserController.class.php component, located in AppManageController. Recommendations: For Tuzicms version 2.0.6, update to a newer version that contains a fix for this...
PT-2023-10002 · Unknown · Bricco Authenticator Plugin
Name of the Vulnerable Software and Affected Versions: Bricco Authenticator Plugin versions prior to 1.39 Description: A critical issue was found in the Bricco Authenticator Plugin, affecting the authenticate/compare function of the DBAuthenticator.java file. This issue leads to sql injection...
CVE-2022-46955
Dynamic Transaction Queuing System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/ajax.php?action=savequeue...
PT-2023-16141 · Sourcecodester · Online Flight Booking Management System
Name of the Vulnerable Software and Affected Versions: SourceCodester Online Flight Booking Management System affected versions not specified Description: A critical issue has been discovered, affecting the file review search.php, specifically the POST Parameter Handler component. The manipulatio...