SURYA SOFTWARE SYSTEMS Online Shopping System SQL Injection Vulnerability

SURYA SOFTWARE SYSTEMS Online Shopping System is an online shopping system from SURYA SOFTWARE SYSTEMS. A SQL injection vulnerability exists in SURYA SOFTWARE SYSTEMS Online Shopping System version 1.0, which stems from an incorrect manipulation of the parameter password that can lead to sql...

Netentsec NS-ASG Application Security Gateway SQL Injection Vulnerability

Netentsec NS-ASG Application Security Gateway is an application security gateway from China Netentsec. A SQL injection vulnerability exists in Netentsec NS-ASG Application Security Gateway version 6.3, which stems from an incorrect operation of the parameter GroupId that can lead to sql injection...

The vulnerability of the Ultimate Member plugin for the WordPress content management system allows a hacker to execute arbitrary SQL queries against the database.

The vulnerability of the Ultimate Member plugin for the WordPress content management system is related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL queries against the database remotely...

SEMCMS Security Breach

SEMCMS is a multilingual content management system CMS for foreign trade websites. A security vulnerability exists in SEMCMS v.4.8, which originates from an SQL injection vulnerability. The vulnerability can be exploited to execute arbitrary code and obtain sensitive information via the...

PT-2024-20897 · Unknown · Phpgurukul Zoo Management System

Name of the Vulnerable Software and Affected Versions: PHPGurukul Zoo Management System version 1.0 Description: The issue allows attackers to run arbitrary SQL commands via the editid parameter in the /zms/admin/changeimage.php API endpoint. This enables attackers to potentially extract or modif...

PT-2024-20550 · Apache · Apache Superset

Name of the Vulnerable Software and Affected Versions: Apache Superset versions prior to 3.0.4 Apache Superset versions 3.1.0 through 3.1.0 Description: A guest user could exploit a chart data REST API and send arbitrary SQL statements that, on error, could leak information from the underlying...

PT-2024-21193 · Miniorange · Miniorange Malware Scanner

Name of the Vulnerable Software and Affected Versions: miniorange Malware Scanner versions through 4.7.2 Description: The issue is related to an Improper Neutralization of Special Elements used in an SQL Command, also known as 'SQL Injection'. This allows for potential exploitation by injecting...

The vulnerability of the network management system for monitoring and managing industrial networks in SINEC NMS lies in the lack of measures to protect the SQL query structure. This allows attackers to execute arbitrary SQL queries against the server’s database.

The vulnerability of the network management system for monitoring and managing industrial networks in SINEC NMS relates to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL queries against the server’s...

CVE-2024-1924

A vulnerability was found in CodeAstro Membership Management System 1.0. It has been classified as critical. This affects an unknown part of the file /getmembershipamount.php. The manipulation of the argument membershipTypeId leads to sql injection. It is possible to initiate the attack remotely...

Scholars Tracking System 安全漏洞

Scholars Tracking System is a scholars tracking system by the individual developer Fabian Ros. A SQL injection vulnerability exists in Scholars Tracking System version 1.0, which stems from a lack of validation of externally entered SQL statements when updating employment status information, and...

Kashipara Dynamic Lab Management System SQL Injection Vulnerability

Kashipara Dynamic Lab Management System is a dynamic lab management system from Kashipara. A SQL injection vulnerability exists in Kashipara Dynamic Lab Management System version V1.0, which originates from a vulnerability that could allow a remote attacker to execute arbitrary code via specially...

Inventory Management System SQL Injection Vulnerability

Inventory Management System is an inventory management system by stemword individual developers. A SQL injection vulnerability exists in Free and Open Source Inventory Management System version 1.0, which stems from an incorrect operation of the parameter customer that can lead to an SQL injectio...

Likeshop Security Breach

Likeshop is a complete solution for social commerce strategies from Likeshop Open Source. A security vulnerability exists in Likeshop versions prior to 2.5.7 that stems from the presence of a SQL injection vulnerability that allows attackers to run arbitrary SQL commands via the...

CVE-2024-25247

SQL Injection vulnerability in /app/api/controller/Store.php in Niushop B2B2C V5 allows attackers to run arbitrary SQL commands via latitude and longitude parameters...

The vulnerability of the SQL component of the Java framework Apache Camel, which allows a hacker to execute arbitrary code.

The vulnerability of the SQL component of the Java framework Apache Camel is related to deficiencies in the deserialization mechanism. Exploiting this vulnerability allows a malicious actor to execute arbitrary code...

postgresql: non-owner 'REFRESH MATERIALIZED VIEW CONCURRENTLY' executes arbitrary SQL

A flaw was found in PostgreSQL. A late privilege drop in REFRESH MATERIALIZED VIEW CONCURRENTLY in PostgreSQL can allow an object creator to execute arbitrary SQL functions as the command issuer. The command intends to run SQL functions as the owner of the materialized view, enabling a safe refre...

CVE-2023-51828

A SQL Injection vulnerability in /admin/convert/export.class.php in PMB 7.4.7 and earlier versions allows remote unauthenticated attackers to execute arbitrary SQL commands via the query parameter in getnextnotice function...

ChurchCRM Security Breach

ChurchCRM is an open source CRM system for churches. A security vulnerability exists in ChurchCRM version 5.5.0, which stems from a SQL blind time-based vulnerability in the familyId GET parameter of the ConfirmReport.php page...

The vulnerability of the software for network monitoring and management of IT infrastructure on the SolarWinds Platform lies in the lack of protective measures for the SQL query structure, allowing attackers to execute arbitrary code.

The vulnerability of the software for network monitoring and management of IT infrastructure on the SolarWinds Platform lies in the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

CVE-2023-5155

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Utarit Information Technologies SoliPay Mobile App allows SQL Injection. This issue affects SoliPay Mobile App: before 5.0.8...