Oracle EMS SQL Manager 安全漏洞

Oracle EMS SQL Manager is a database management tool from Oracle Corporation USA. A security vulnerability exists in Oracle EMS SQL Manager version 3.6.2 that originates from allowing DLL hijacking, which allows users to trigger arbitrary code execution...

PT-2024-24229

Name of the Vulnerable Software and Affected Versions Ecommerce-CodeIgniter-Bootstrap version d22b54e8915f167a135046ceb857caaf8479c4da Description The issue allows a remote attacker to execute arbitrary code via the manageQuantitiesAndProcurement method of the Orders model.php component. This is ...

PT-2024-30030 · Bluenet Technology · Bluenet Technology Clinical Browsing System

Name of the Vulnerable Software and Affected Versions: BlueNet Technology Clinical Browsing System version 1.2.1 Description: A critical issue has been found, affecting an unknown part of the file /xds/deleteStudy.php. The manipulation of the documentUniqueId argument leads to SQL injection. It i...

VulnCheck KEV: CVE-2020-11530

A blind SQL injection vulnerability is present in Chop Slider 3, a WordPress plugin. The vulnerability is introduced in the id GET parameter supplied to getscript/index.php, and allows an attacker to execute arbitrary SQL queries in the context of the WP database user...

The vulnerability of the user interface of SolarWinds Platform’s network monitoring and IT infrastructure management software allows a hacker to execute arbitrary code.

The vulnerability of the user interface of SolarWinds software for network monitoring and IT infrastructure management is related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

PuneethReddyHC Event Management 安全漏洞

PuneethReddyHC Event Management is an application by Puneeth Reddy H C Individual Developer. Helps users to register for events organized in university festivals with simple logic and security. A security vulnerability exists in PuneethReddyHC Event Management version 1.0, which stems from the...

Employee Task Management System SQL注入漏洞

Employee Task Management System is an Employee Task Management System developed by Carlo Montero, an individual developer. A SQL injection vulnerability exists in Employee Task Management System v1.0, which is vulnerable to SQL injection via admin-manage-user.php...

CVE-2024-32872 Umbraco Workflow's Backoffice users can execute arbitrary SQL

Umbraco workflow provides workflows for the Umbraco content management system. Prior to versions 10.3.9, 12.2.6, and 13.0.6, an Umbraco Backoffice user can modify requests to a particular API endpoint to include SQL, which will be executed by the server. Umbraco Workflow versions 10.3.9, 12.2.6,...

Computer Laboratory Management System 安全漏洞

Computer Laboratory Management System is a computer laboratory management system. A security vulnerability exists in Computer Laboratory Management System v1.0, which originates from a SQL injection vulnerability in the parameter id of the component /admin/...

The vulnerability of the Grafana module in the monitoring and IT environment management system Pandora FMS allows a perpetrator to gain unauthorized access to protected information and execute arbitrary SQL code.

The vulnerability of the Grafana module in the monitoring and management system for IT environments developed by Pandora FMS is related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor, operating remotely, to gain unauthorized...

LibreNMS 安全漏洞

LibreNMS is an open source network monitoring system based on PHP and MySQL from the LibreNMS community. The system features customizable alerts, auto-discovery of network environments and automatic updates. A security vulnerability exists in LibreNMS versions prior to 24.4.0, which stems from a...

VulnCheck KEV: CVE-2019-9762

A SQL Injection was discovered in PHPSHE 1.7 in include/plugin/payment/alipay/pay.php with the parameter id. The vulnerability does not need any authentication...

PT-2024-23698 · Unknown · Autoexpress

Name of the Vulnerable Software and Affected Versions: autoexpress version 1.3.0 Description: The issue allows attackers to run arbitrary SQL commands via the carId parameter, potentially leading to unauthorized data access or modification. Recommendations: For autoexpress version 1.3.0, avoid...

CVE-2024-30923

SQL Injection vulnerability in DerbyNet v9.0 and below allows a remote attacker to execute arbitrary code via the where Clause in Racer Document Rendering...

CVE-2024-30985

SQL Injection vulnerability in "B/W Dates Reports" page in phpgurukul Client Management System using PHP & MySQL 1.1 allows attacker to execute arbitrary SQL commands via "todate" and "fromdate" parameters...

PT-2024-11749 · WordPress · Js Help Desk

Name of the Vulnerable Software and Affected Versions: JS Help Desk – Best Help Desk & Support Plugin versions through 2.7.1 Description: The issue is related to an Improper Neutralization of Special Elements used in an SQL Command, also known as a SQL Injection vulnerability. This allows for...

Student Record System manage-courses.php File SQL Injection Vulnerability

Student Record System is a software application. Student Record System suffers from a SQL injection vulnerability that originates from a lack of validation of externally entered SQL statements in the del parameter of the file /manage-courses.php?del=1. An attacker can exploit this vulnerability t...

Small CRM Registration Page SQL Injection Vulnerability

Small CRM is a customer relationship management system. Small CRM suffers from a SQL injection vulnerability that originates from a lack of validation of externally entered SQL statements on the registration page. An attacker can exploit this vulnerability to execute illegal SQL commands to steal...

The vulnerability of the operating environment for managing and maintaining the Dell Unity Operating Environment (DELL Unity Operating Environment) relates to the lack of protection for SQL query structures, which allows attackers to exploit the protected information.

The vulnerability of the operating environment for managing and maintaining Dell Unity Operating Environment OE storage systems is related to the lack of protection for SQL query structures. Exploiting this vulnerability can allow a malicious actor to disclose sensitive information...

WordPress Shopping Cart & eCommerce Store plugin <= 5.6.3 - Authenticated (Contributor+) SQL Injection vulnerability

Authenticated Contributor+ SQL Injection vulnerability discovered by Krzysztof Zając in WordPress Plugin WP EasyCart versions = 5.6.3...