CVE-2022-28022

Purchase Order Management System v1.0 was discovered to contain a SQL injection vulnerability via /purchaseorder/classes/Master.php?f=deleteitem...

SQL Injection

Overview blazer is an allows you to explore your data with SQL. Easily create charts and dashboards, and share them with your team. Affected versions of this package are vulnerable to SQL Injection by allowing specific variable values to modify the query rather than just the variable. This can...

CSZ CMS SQL注入漏洞

CSZ CMS is a PHP-based open source content management system CMS. CSZ CMS version 1.2.2 contains a SQL injection vulnerability, which originates from the lack of validation of external input SQL statements in cszcmsadminUsersviewUsers and can be exploited by attackers to execute illegal SQL...

Student Grading System SQL注入漏洞

Student Grading System is a student grading system by the individual developer Carlo Montero. Student Grading System v1.0 has a security vulnerability that allows an attacker to perform SQL injection via user parameters...

CVE-2021-44088

An SQL Injection vulnerability exists in Sourcecodester Attendance and Payroll System v1.0 which allows a remote attacker to bypass authentication via unsanitized login parameters...

CVE-2021-43077

A improper neutralization of special elements used in an sql command 'sql injection' in Fortinet FortiWLM version 8.6.2 and below, version 8.5.2 and below, version 8.4.2 and below, version 8.3.2 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests to the AP...

Lansweeper SQL注入漏洞

Lansweeper is an IT asset management system from Lansweeper Belgium. The system includes features such as IT asset discovery and network settings scanning. Lansweeper lansweeper EchoAssets.aspx suffers from a SQL injection vulnerability that can be triggered by an attacker making an authenticated...

CVE-2022-25096

Home Owners Collection Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter in /members/viewmember.php...

nuclei-templates

This repository is a collection of templates for the nuclei engine, a tool used to find security vulnerabilities in applications. The templates are used to identify potential vulnerabilities and are contributed by both the project's team and the community. The repository contains various template...

MingSoft MCMS 安全漏洞

Mcms is a complete open source J2ee system from Jiangxi Mingsoft Technology Co. Mcms v5.1 version has a SQL injection vulnerability, which can be exploited by attackers to perform sql injection via /ms/cms/content/list.do...

Unified Office Total Connect Now SQL注入漏洞

Unified Office Total Connect Now is a VoIp solution for small and medium-sized businesses from Unified Office USA. A security vulnerability exists in Unified Office Total Connect Now that stems from a database-based application that lacks validation of externally entered SQL statements. An attack...

CVE-2022-24124

The query API in Casdoor before 1.13.1 has a SQL injection vulnerability related to the field and value parameters, as demonstrated by api/get-organizations...

CSZ CMS SQL注入漏洞

CSZ CMS is a PHP-based open-source content management system CMS.A SQL injection vulnerability exists in CSZ CMS 1.2.9, which can be exploited by attackers via cszcms/controllers/Member.php...

CVE-2020-28679

A vulnerability in the showReports module of Zoho ManageEngine Applications Manager before build 14550 allows authenticated attackers to execute a SQL injection via a crafted request...

CVE-2021-25030

The Events Made Easy WordPress plugin before 2.2.36 does not sanitise and escape the searchtext parameter before using it in a SQL statement via the emesearchmail AJAX action, available to any authenticated users. As a result, users with a role as low as subscriber can call it and perform SQL...

WordPress 插件 SQL注入漏洞

WordPress is the Wordpress Foundation's suite of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.A SQL injection vulnerability exists in the WordPress Ni WooCommerce Custom Order Status plugin, which stems fro...

WordPress SQL注入漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers. Modern Events Calendar Lite Plugin is a WordPress open source application plugin. WordPress Modern Events Calendar Lite...

Sophos SG UTM SQL注入漏洞

Sophos SG UTM is a security gateway from Sophos UK. The product is used to protect computer nodes on a local area network. A security vulnerability exists in the user portal prior to SG UTM version 9.708 MR8, through which an authenticated user may be able to execute code...

CVE-2021-26609

A vulnerability was found in MangboardWordPress plugin. A SQL-Injection vulnerability was found in ordertype parameter. The ordertype parameter makes a SQL query using unfiltered data. This vulnerability allows a remote attacker to steal user information...

ZZCMS SQL注入漏洞

ZZCMS is a content management system CMS from the Zzcms team in China.ZZCMS version 2019 is vulnerable to a SQL injection vulnerability that originates from a missing validation of external input SQL statements in the dlid parameter on the application's /dl/dlprint.php page. An attacker could use...