The vulnerability of the multi-site content management system UMI CMS, related to the lack of measures taken to protect the SQL query structure, allows for the execution of arbitrary SQL queries.

The vulnerability of the multi-site content management system UMI CMS is related to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL queries through the creation of queries...

ZOHO ManageEngine ADAudit Plus 安全漏洞

ZOHO ManageEngine ADAudit Plus is used by ZOHO to simplify auditing, demonstrate compliance and detect threats. A security vulnerability exists in ZOHO ManageEngine ADAudit Plus version 8003 and prior versions, which arises from vulnerability to authenticated SQL injection attacks in user session...

PT-2024-38492 · Sourcecodester · Sourcecodester Car Driving School Management System

Name of the Vulnerable Software and Affected Versions: SourceCodester Car Driving School Management System version 1.0 Description: A critical issue has been discovered, allowing for SQL injection through the manipulation of the id argument in an unknown function of the file view details.php. Thi...

PT-2024-28866 · Unknown · Kashipara Online Exam System

Name of the Vulnerable Software and Affected Versions: Kashipara Online Exam System version 1.0 Description: A SQL injection vulnerability in "/admin/quizquestion.php" allows remote attackers to execute arbitrary SQL commands via the eid parameter. Recommendations: For Kashipara Online Exam Syste...

WordPress Slider by 10Web plugin <= 1.2.57 - Authenticated (Contributor+) SQL Injection via id Parameter vulnerability

Authenticated Contributor+ SQL Injection via id Parameter vulnerability discovered by Arkadiusz Hydzik in WordPress Plugin Slider by 10Web versions = 1.2.57...

The vulnerability of the OLE DB driver for SQL Server, related to integer overflow, allows an attacker to execute arbitrary code.

The vulnerability of the OLE DB driver for SQL Server is related to integer overflow. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

PT-2024-29316 · Unknown · Kashipara Responsive School Management System

Name of the Vulnerable Software and Affected Versions: Kashipara Responsive School Management System version 1.0 Description: A SQL injection issue allows an attacker to execute arbitrary SQL commands via the username parameter in the /smsa/student login.php endpoint. This can lead to data theft...

The vulnerability of the OLE DB driver for SQL Server, related to insufficient validation of input data, allows a hacker to execute arbitrary code.

The vulnerability of the OLE DB driver for SQL Server is related to buffer overflow in the “heap”. Exploiting this vulnerability can allow a malicious actor to execute arbitrary code remotely...

PT-2024-38373 · Avaya · Avaya Aura System Manager

Name of the Vulnerable Software and Affected Versions: Avaya Aura System Manager versions 10.1.x.x through 10.2.x.x Avaya Aura System Manager versions prior to 10.1 Description: A SQL injection issue was discovered, allowing a command line interface user with administrative privileges to execute...

WordPress plugin Slider by 10Web – Responsive Image Slider 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

CVE-2024-33964

SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following 'id' in '/admin/modusers/index.php'...

CVE-2024-33960

SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following 'end' in...

CVE-2024-7498

A vulnerability was found in itsourcecode Airline Reservation System 1.0. It has been classified as critical. Affected is the function login/login2 of the file /admin/login.php of the component Admin Login Page. The manipulation of the argument username leads to sql injection. It is possible to...

The vulnerability of the OLE DB driver for SQL Server, related to insufficient validation of input data, allows a hacker to execute arbitrary code.

The vulnerability of the OLE DB driver for SQL Server is related to buffer overflow in the “heap”. Exploiting this vulnerability can allow a malicious actor to execute arbitrary code remotely...

PT-2024-5584

Name of the Vulnerable Software and Affected Versions Django versions 4.2 through 4.2.14 Django versions 5.0 through 5.0.7 Description The issue is related to SQL injection in the QuerySet.values and values list methods on models with a JSONField. This vulnerability can be exploited by passing a...

CVE-2024-7449

A vulnerability, which was classified as critical, was found in itsourcecode Placement Management System 1.0. Affected is an unknown function of the file login.php. The manipulation of the argument email leads to sql injection. It is possible to launch the attack remotely. The exploit has been...

Computer Laboratory Management System 安全漏洞

Computer Laboratory Management System is a computer laboratory management system. A security vulnerability exists in Computer Laboratory Management System version 1.0, which originates from vulnerability to SQL injection attacks...

PT-2024-22383 · Azuresoft · Azuresoft Myhorus

Name of the Vulnerable Software and Affected Versions: AzureSoft MyHorus version 4.3.5 Description: A SQL injection issue allows authenticated users to execute arbitrary SQL commands. Recommendations: For AzureSoft MyHorus version 4.3.5, update to a newer version that contains a fix for this issu...

BM SOFT BMPlanning 安全漏洞

BM SOFT BMPlanning is a powerful resource planning tool from the French company BM SOFT. A security vulnerability exists in BM SOFT BMPlanning version 1.0.0.1, which originates from the presence of a SQL injection vulnerability that allows an authenticated user to execute arbitrary SQL commands...

SourceCodester Simple Realtime Quiz System SQL注入漏洞

SourceCodester Simple Realtime Quiz System is a real-time quiz system from SourceCodester, Inc. A SQL injection vulnerability exists in SourceCodester Simple Realtime Quiz System version 1.0, which stems from an SQL injection vulnerability in the id parameter of the /managequestion.php file...