CVE-2024-8191

SQL injection in the management console of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to achieve remote code execution...

CVE-2024-37966

Microsoft SQL Server Native Scoring Information Disclosure Vulnerability...

PT-2024-13438 · Undefined · Undefined

SageCRM Directory Traversal, SQL Injection and Server-Side Request Forgery CVEs: CVE-2023-47300, CVE-2023-47301, CVE-2023-47302,CVE-2023-47303 https://t.co/HSou9Momct...

AutoCMS 安全漏洞

AutoCMS is a content management system CMS from AutoCMS Open Source. It can help dealerships manage their website content, online advertising, social media and analytics. AutoCMS version 5.4 suffers from a SQL injection vulnerability that originates from the lack of validation of externally enter...

WordPress plugin TrueBooker 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

CVE-2024-8523

A vulnerability was found in lmxcms up to 1.4 and classified as critical. Affected by this issue is the function formatData of the file /admin.php?m=Acquisi&a=testcj&lid=1 of the component SQL Command Execution Module. The manipulation of the argument data leads to code injection. The attack may ...

PT-2024-39107 · Unknown · Itsourcecode Tailoring Management System

Name of the Vulnerable Software and Affected Versions: Itsourcecode Tailoring Management System version 1.0 Description: A critical issue was found in the Itsourcecode Tailoring Management System, affecting some unknown functionality of the file /inccatadd.php. The manipulation of the title...

The vulnerability of the Timeperiod component of the Centreon IT infrastructure monitoring software’s web interface allows a hacker to execute arbitrary SQL commands.

The vulnerability of the Timeperiod component of the Centreon IT infrastructure monitoring software’s web interface is related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL commands remotely...

The vulnerability of the Downtime web interface component of the Centreon IT infrastructure monitoring software allows a hacker to execute arbitrary SQL queries.

The vulnerability of the Downtime web interface component of the Centreon IT infrastructure monitoring software relates to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL queries remotely...

PHPGurukul Job Portal SQL注入漏洞

PHPGurukul Job Portal is a PHP-based job search website system from PHPGurukul. A SQL injection vulnerability exists in PHPGurukul Job Portal version 1.0, which originates from the search parameter in /jobportal/index.php...

CVE-2024-45174

An issue was discovered in za-internet C-MOR Video Surveillance 5.2401 and 6.00PL01. Due to improper validation of user-supplied data, different functionalities of the C-MOR web interface are vulnerable to SQL injection attacks. This kind of attack allows an authenticated user to execute arbitrar...

PT-2024-38062

Name of the Vulnerable Software and Affected Versions Semtek Sempos versions through 31072024 Description The issue is related to an SQL Injection vulnerability, specifically a Blind SQL Injection, which affects Semtek Sempos. This vulnerability is due to the improper neutralization of special...

Huachu Digital Easytest Online Test Platform 安全漏洞

Huachu Digital Easytest Online Test Platform is an online test platform from Huachu Digital. A security vulnerability exists in Huachu Digital Easytest Online Test Platform version ver.24E01 and prior versions, which originates from an SQL injection vulnerability in the search course titles metho...

The vulnerability in the AVEVA (Wonderware) Historian web server’s data archiving mechanism involves a lack of protection for the SQL query structure, allowing attackers to execute arbitrary code.

The vulnerability of AVEVA Wonderware Historian’s data archiving server is related to the lack of security measures for handling SQL query structures. Exploiting this vulnerability allows a malicious actor to execute arbitrary code, provided that the user specifically visits a specially crafted U...

PT-2024-37957

Name of the Vulnerable Software and Affected Versions NACPremium versions through 01082024 Description The issue is related to an Improper Neutralization of Special Elements used in an SQL Command, also known as a SQL Injection vulnerability. This allows for Blind SQL Injection, which can...

Exploit for SQL Injection in Ultimatemember Ultimate_Member

This is a PoC exploit for CVE-2024-1071, a SQL injection vulnera...

ZOHO ManageEngine Exchange Reporter Plus SQL注入漏洞

ZOHO ManageEngine Exchange Reporter Plus is a Web-based Exchange Server reporting software from ZOHO, Inc. A SQL injection vulnerability exists in ZOHO ManageEngine Exchange Reporter Plus versions prior to 5715, which stems from susceptibility to SQL injection attacks...

CVE-2024-6671

In WhatsUp Gold versions released before 2024.0.0, if the application is configured with only a single user, a SQL Injection vulnerability allows an unauthenticated attacker to retrieve the users encrypted password...

postgresql: PostgreSQL relation replacement during pg_dump executes arbitrary SQL

A vulnerability was found in PostgreSQL. A Race condition in pgdump allows an object creator to execute arbitrary SQL functions as the user running pgdump, which is often a superuser...

WordPress plugin WBW Product Table PRO SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection vulnerabili...