SourceCodester Point of Sales and Inventory Management System SQL注入漏洞

SourceCodester Point of Sales and Inventory Management System is a point of sale and inventory management system from SourceCodester, Inc. A SQL injection vulnerability exists in SourceCodester Point of Sales and Inventory Management System version 1.0, which originates from a SQL injection...

PT-2024-30024 · Erp · Erp

Name of the Vulnerable Software and Affected Versions: ERP affected versions not specified Description: A SQL injection vulnerability was discovered in ERP commit 44bd04. The issue is related to the id parameter at the "/index.php/basedata/inventory/delete?action=delete" endpoint. This allows for...

School-Management-System 安全漏洞

School-Management-System is a school management system by the individual developer Jyothi Babu Araja. A security vulnerability exists in School-Management-System due to an SQL injection vulnerability in the medium parameter of the dtmarks.php page...

SourceCodester Clinics Patient Management System SQL注入漏洞

SourceCodester Clinics Patient Management System is a clinic patient management system from SourceCodester, Inc. A SQL injection vulnerability exists in SourceCodester Clinics Patient Management System version 1.0, which stems from an incorrect operation of the parameter medicineid that can lead ...

The vulnerability of the QuerySet.values() and values_list() methods of the Django web application’s JSONField model allows a attacker to execute arbitrary code.

The vulnerability of the QuerySet.values and valueslist methods of the Django web application’s JSONField model is related to the lack of security measures for handling SQL queries. Exploiting this vulnerability allows an attacker to execute arbitrary code by sending a specially crafted SQL query...

CVE-2024-43145

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in AyeCode Ltd GeoDirectory.This issue affects GeoDirectory: from n/a through 2.3.61...

WordPress Tutor LMS plugin <= 2.7.2 - SQL Injection vulnerability

SQL Injection vulnerability discovered by justakazh Patchstack Alliance in WordPress Plugin Tutor LMS versions = 2.7.2...

CVE-2024-7798

A vulnerability was found in SourceCodester Simple Online Bidding System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /simple-online-bidding-system/bidding/admin/ajax.php?action=login2. The manipulation of the argument username lead...

PT-2024-24467 · Stash · Stash

Name of the Vulnerable Software and Affected Versions: Stash versions up to 0.25.1 Description: The issue is related to a SQL injection vulnerability. This vulnerability can be exploited via the sort parameter. Recommendations: For versions up to 0.25.1, as a temporary workaround, consider...

PT-2024-5850 · Aveva · Aveva Historian Server

Name of the Vulnerable Software and Affected Versions: AVEVA Historian Server affected versions not specified Description: The issue is related to the lack of protection against malicious SQL commands. If exploited, it could allow a remote attacker to execute arbitrary code under the privileges o...

Stash 安全漏洞

Stash is an open source self-hosted web application written in Go by stashapp. A security vulnerability exists in Stash version v0.25.1, which stems from an SQL injection vulnerability in the sort parameter...

Projectworlds Online Examination System 安全漏洞

Projectworlds Online Examination System is an online examination system from Projectworlds India. A security vulnerability exists in Projectworlds Online Examination System v1.0, which stems from an SQL injection vulnerability in the subject parameter of the feed.php page...

Simple Online Bidding System SQL注入漏洞

Simple Online Bidding System is an online bidding system by oretnom23 individual developer. A SQL injection vulnerability exists in Simple Online Bidding System version 1.0, which stems from an incorrect manipulation of the parameter username that can lead to sql injection...

SECOM Dr.ID Access Control System SQL注入漏洞

SECOM Dr.ID Access Control System is an access control system of China Zhongbao SECOM Corporation. A SQL injection vulnerability exists in SECOM Dr.ID Access Control System versions prior to 3.5.0.0.0.5, which stems from the presence of specific page parameters that are not properly validated,...

IBM Db2 注入漏洞

IBM Db2 is a relational database management system from International Business Machines IBM. The system's execution environments are mainly UNIX, Linux, IBMi, z/OS, and Windows server versions. IBM Db2 suffers from an injection vulnerability that can be exploited by an authenticated attacker to...

Vehicle Management System SQL注入漏洞

Vehicle Management System is a vehicle management system by Warren Daloyan, an individual developer. A SQL injection vulnerability exists in Vehicle Management System version 1.0, which stems from an incorrect manipulation of the parameter id that can lead to sql injection...

The vulnerability of the software for automation of support and control of hardware and software systems from SysAid lies in the lack of measures taken to protect the SQL query structure, allowing attackers to carry out attacks based on SQL injections.

The vulnerability of the software used for automating support and control of hardware and software systems from SysAid is related to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to carry out attacks based on SQL injections...

CVE-2024-7750

A vulnerability has been found in SourceCodester Clinics Patient Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /medicines.php. The manipulation of the argument medicinename leads to sql injection. The attack can be launche...

SourceCodester Accounts Manager App SQL注入漏洞

SourceCodester Accounts Manager App is a web-based application from SourceCodester, Inc. It is designed to manage online accounts efficiently and securely. A SQL injection vulnerability exists in SourceCodester Accounts Manager App version 1.0, which stems from the parameter account in the file...

The vulnerability of the “fields” parameter on the Pangeo Radar platform’s separate data storage and management system allows a hacker to execute arbitrary SQL queries against the database.

The vulnerability of the “fields” parameter on the Pangeo Radar platform’s separate data storage and management system is related to the lack of measures taken to neutralize special elements used in SQL queries. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL queri...