PT-2024-36833

Name of the Vulnerable Software and Affected Versions Chanjet Smooth T+ system version 3.5 Description A critical issue has been found in the system, affecting the processing of the file /tplus/UFAQD/keyEdit.aspx. The manipulation of the KeyID argument leads to SQL injection. The attack can be...

Ivanti Neurons SQL Injection Vulnerability

Ivanti Neurons is a groundbreaking platform from US-based Ivanti that simplifies and automates IT systems. Ivanti Neurons for ITSM suffers from a SQL injection vulnerability that originates from a SQL injection vulnerability in a web component that allows a remote authenticated user to read,...

Ivanti EPM SQL注入漏洞

Ivanti EPM is a one-stop shop for managing user profiles and all client devices from Ivanti USA. An SQL injection vulnerability exists in Ivanti EPM 2022 SU5 and prior versions, which can be exploited by an attacker to execute arbitrary code...

Ivanti EPM SQL注入漏洞

Ivanti EPM is a one-stop shop for managing user profiles and all client devices from Ivanti USA. An SQL injection vulnerability exists in Ivanti EPM 2022 SU5 and prior versions, which can be exploited by an attacker to execute arbitrary code...

Ivanti EPM SQL注入漏洞

Ivanti EPM is a one-stop shop for managing user profiles and all client devices from Ivanti USA. An SQL injection vulnerability exists in Ivanti EPM 2022 SU5 and prior versions, which can be exploited by an attacker to execute arbitrary code...

Ivanti EPM 安全漏洞

Ivanti EPM is a one-stop shop for managing user profiles and all client devices from Ivanti USA. An SQL injection vulnerability exists in Ivanti EPM 2022 SU5 and prior versions, which can be exploited by an attacker to execute arbitrary code...

Ivanti EPM SQL注入漏洞

Ivanti EPM is a one-stop shop for managing user profiles and all client devices from Ivanti USA. An SQL injection vulnerability exists in Ivanti EPM 2022 SU5 and prior versions, which can be exploited by an attacker to execute arbitrary code...

Dino Physics School Assistant SQL Injection Vulnerability

Dino Physics School Assistant is an application. A SQL injection vulnerability exists in Dino Physics School Assistant version 2.3, which stems from unrecognized code in /classes/Master.php that causes SQL injection via the parameter id...

Dino Physics School Assistant SQL Injection Vulnerability

Dino Physics School Assistant is an application. A SQL injection vulnerability exists in Dino Physics School Assistant version 2.3, which stems from unrecognized code in /classes/Master.php that causes SQL injection via the parameter id...

PT-2024-40160 · Unknown · Tablelookupwizard

Name of the Vulnerable Software and Affected Versions: tablelookupwizard versions prior to 3.3.5 tablelookupwizard versions prior to 4.0.0 Description: The issue is related to the sanitization of widget values before they are passed to the database, which could lead to an SQL injection possibilit...

The vulnerability of the form_save() function in the Cacti network monitoring software allows a hacker to execute arbitrary SQL queries.

The vulnerability of the formsave function in the Cacti network monitoring software is related to the lack of validation for the consistency of XML objects. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL queries remotely...

CVE-2024-33808

A SQL injection vulnerability in /model/gettimetable.php in campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the id parameter...

CVE-2024-33805

A SQL injection vulnerability in /model/getstudent.php in campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the id parameter...

CVE-2024-33807

A SQL injection vulnerability in /model/getteachertimetable.php in campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the grade parameter...

Finereport 安全漏洞

FanRuan Software Finereport is a BI reporting and dashboard software from China-based FanRuan Software. A security vulnerability exists in Finereport version v.8.0, which originates from a SQL injection issue...

PT-2024-25495 · Unknown · Campcodes Complete Web-Based School Management System

Name of the Vulnerable Software and Affected Versions: campcodes Complete Web-Based School Management System version 1.0 Description: A SQL injection issue allows an attacker to execute arbitrary SQL commands via the id parameter in the "/model/get timetable.php" API endpoint. This could...

Campcodes Complete Web-Based School Management System 安全漏洞

Campcodes Complete Web-Based School Management System is a Web-based school management system from Campcodes, Inc. A security vulnerability exists in Complete Web-Based School Management System version 1.0. An attacker can exploit this vulnerability to execute arbitrary SQL commands via the id...

Campcodes Complete Web-Based School Management System 安全漏洞

Campcodes Complete Web-Based School Management System is a Web-based school management system from Campcodes, Inc. A security vulnerability exists in the Complete Web-Based School Management System version 1.0. An attacker can exploit this vulnerability to execute arbitrary SQL commands via the...

CVE-2024-4533

The KKProgressbar2 Free WordPress plugin through 1.1.4.2 does not sanitize and escape a parameter before using it in a SQL statement, allowing admin users to perform SQL injection attacks...

CVE-2024-5384

A vulnerability classified as critical was found in SourceCodester Facebook News Feed Like 1.0. This vulnerability affects unknown code of the file index.php. The manipulation of the argument page leads to sql injection. The attack can be initiated remotely. VDB-266302 is the identifier assigned ...