PT-2024-5690 · Unknown · Netcat Cms

Name of the Vulnerable Software and Affected Versions: Netcat CMS affected versions not specified Description: The issue is related to the implementation of the subscribes delete confirm method in the comments module of the Netcat CMS system, which fails to take measures to protect the SQL query...

PT-2024-5669 · Unknown · Netcat Cms

Name of the Vulnerable Software and Affected Versions: Netcat CMS affected versions not specified Description: The issue is related to the implementation of the get component fields method in the comments module of the Netcat CMS system, which fails to take measures to protect the SQL query...

CVE-2024-40560

Tmalldemo before v2024.07.03 was discovered to contain a SQL injection vulnerability...

CVE-2024-6743

AguardNet's Space Management System does not properly validate user input, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents...

Employee and Visitor Gate Pass Logging System SQL Injection Vulnerability

Employee and Visitor Gate Pass Logging System is an employee and visitor pass logging system developed by Carlo Montero, an individual developer. An SQL injection vulnerability exists in Employee and Visitor Gate Pass Logging System version 1.0, which stems from a parameter id in the file...

PT-2024-5175 · Unknown · Tailoring Management System

Name of the Vulnerable Software and Affected Versions: Tailoring Management System version 1.0 Description: The issue is related to a lack of protection against SQL query structure exploitation in the templateadd.php file. This allows a remote attacker to execute arbitrary SQL code, gain...

PT-2024-5100 · Apache · Apache Linkis

Name of the Vulnerable Software and Affected Versions: Apache Linkis versions = 1.8.0 241. For Apache Linkis versions = 1.5.0, upgrade Linkis to version 1.6.0...

PT-2024-5860 · Glpi +2 · Glpi +2

Name of the Vulnerable Software and Affected Versions: GLPI versions prior to 10.0.16 Description: The issue is related to a SQL injection vulnerability in some AJAX scripts of the GLPI software. This vulnerability can be exploited by an authenticated user to alter another user's account data and...

CVE-2024-37870

SQL injection vulnerability in processscore.php in Learning Management System Project In PHP With Source Code 1.0 allows attackers to execute arbitrary SQL commands via the id parameter...

CVE-2024-37323

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability...

MegaBIP Security Vulnerabilities

MegaBIP is a software for creating BIP websites. A security vulnerability exists in MegaBIP version 5.13 and earlier, which stems from a SQL injection vulnerability in the parameters that allows an unauthorized attacker to disclose database content and obtain an administrator token to modify page...

Kelixun Communication Command and Dispatch Management Platform Security Vulnerability

Kelixun Communication Command and Dispatch Management Platform Kelixun is a communication command and dispatch management platform from Kelixun, China. A security vulnerability exists in Kelixun Communication Command and Dispatch Management Platform version 7.6.6.439 and prior versions, which...

PT-2024-5453 · Microsoft · Sql Server Native Client Ole Db Provider

Name of the Vulnerable Software and Affected Versions: SQL Server Native Client OLE DB Provider affected versions not specified Description: The issue is related to an integer overflow in the SQL Server Native Client OLE DB Provider. Exploitation of this issue may allow a remote attacker to execu...

Billing System security breach

Billing System is a billing system by angel jude suarez personal developer. A security vulnerability exists in Billing System version 1.0, which stems from an SQL injection vulnerability that allows remote attackers to execute arbitrary SQL commands via the username parameter...

NHibernate Security Vulnerabilities

NHibernate is a mature, open source object-relational mapper from NHibernate Open Source. A security vulnerability exists in NHibernate. An attacker exploiting this vulnerability can construct SQL queries directly on the user side using the ObjectToSQLString method...

VulnCheck KEV: CVE-2024-31750

SQL injection vulnerability in f-logic datacube3 v.1.0 allows a remote attacker to obtain sensitive information via the reqid parameter...

CVE-2024-6452

A vulnerability classified as critical was found in linlinjava litemall up to 1.8.0. Affected by this vulnerability is an unknown functionality of the file AdminGoodscontroller.java. The manipulation of the argument goodsId/goodsSn/name leads to sql injection. The attack can be launched remotely...

PT-2024-37625 · Unknown · Hitout Carsale

Name of the Vulnerable Software and Affected Versions: Hitout Carsale version 1.0 Description: A critical issue has been discovered, affecting the OrderController.java file. The manipulation of the orderBy argument leads to SQL injection. This issue can be exploited remotely. Recommendations: For...

The vulnerability of the orderadd.php file in the Tailoring Management System allows a hacker to execute arbitrary SQL code.

The vulnerability of the orderadd.php file in the Tailoring Management System is related to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows an attacker who operates remotely to execute arbitrary SQL code through the customer parameter...

Vanna Code Issue Vulnerability

Vanna is a personalized AI SQL agent from Vanna Inc. Vanna version v0.3.4 suffers from a code issue vulnerability that stems from vulnerability to SQL injection attacks, where an attacker can inject malicious SQL training data and generate corresponding queries to write arbitrary files on the...