PT-2023-30965 · Unknown · Senayan Library Management Systems (Slims) 9 Bulian

Name of the Vulnerable Software and Affected Versions: Senayan Library Management Systems Slims 9 Bulian version 9.6.1 Description: The issue concerns a SQL Injection vulnerability. It can be exploited via the admin/modules/reporting/customs/fines report.php endpoint. Recommendations: For version...

VulnCheck KEV: CVE-2022-0846

The SpeakOut! Email Petitions WordPress plugin before 2.14.15.1 does not sanitise and escape the id parameter before using it in a SQL statement via the dkspeakoutsendmail AJAX action, leading to an SQL Injection exploitable by unauthenticated users...

PT-2023-14616 · Apache · Apache Cocoon

Name of the Vulnerable Software and Affected Versions: Apache Cocoon versions 2.2.0 through 2.2.x before 2.3.0 Apache Cocoon versions prior to 2.3.0 Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. Users...

Virtuoso Open-Source Edition Security Vulnerabilities

Virtuoso Open-Source Edition is a high-performance and scalable multi-model RDBMS, data integration middleware, linked data deployment and HTTP application server platform open-sourced by OpenLink Software. A security vulnerability exists in Virtuoso Open-Source Edition version v7.2.11, which ste...

The vulnerability of the Apache Submarine machine learning platform, related to the lack of protection for SQL query structures, allows attackers to execute arbitrary SQL queries.

The vulnerability of the Apache Submarine machine learning platform relates to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL queries remotely...

Free and Open Source Inventory Management System SQL Injection Vulnerability

Inventory Management System is an inventory management system by stemword individual developers. A SQL injection vulnerability exists in Free and Open Source Inventory Management System version 1.0, which stems from an incorrect manipulation of the columns parameter that can lead to sql injection...

The vulnerability of server-based corporate software for monitoring and managing project knowledge bases in Adobe RoboHelp Server lies in the lack of protective measures for SQL query structures, allowing attackers to gain unauthorized access to protected information.

The vulnerability of server-based corporate software for monitoring and managing project knowledge bases in Adobe RoboHelp Server relates to the lack of protective measures for SQL query structures. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain unauthorize...

PT-2023-25525

Name of the Vulnerable Software and Affected Versions Medart Notification Panel versions through 20231123 Description The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL Injection attacks. The vendor...

CVE-2023-5047 SQLi in DRDrive

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in DRD Fleet Leasing DRDrive allows SQL Injection. This issue affects DRDrive: before 20231006...

Veon Computer Service Tracking Software SQL Injection Vulnerability

Veon Computer Service Tracking Software is a computer service tracking software from Veon. Veon Computer Service Tracking Software 20231122 and prior versions are vulnerable to a SQL injection vulnerability that stems from the presence of a SQL injection vulnerability...

PrestaShop Security Breach

PrestaShop is an open source e-commerce solution from PrestaShop, Inc. in the United States. The solution offers multiple payment methods, short message alerts and product image scaling. A security vulnerability exists in PrestaShop Cross Selling in Modal Cart versions prior to 3.5.0. An attacker...

PrestaShop Chronopost Official Security Breach

PrestaShop is an open source e-commerce solution from PrestaShop, Inc. in the United States. The solution offers multiple payment methods, short message alerts, and product image zoom, among other features. A security vulnerability exists in PrestaShop Chronopost Official. An attacker can exploit...

PT-2023-22033 · Unknown · Veon Computer Service Tracking

Name of the Vulnerable Software and Affected Versions: Veon Computer Service Tracking Software versions prior to 2.0 Veon Computer Service Tracking Software versions through 20231122 Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special...

The vulnerability of the DELETE_STR script (General/system/censor_words/module/delete.php) in the Tongda OA automation tool allows a hacker to execute arbitrary SQL queries.

The vulnerability of the delete.php script General/system/censorwords/module/delete.php, a tool for automating business processes in Tongda OA, is related to the failure to protect the SQL query structure during the processing of the DELETESTR parameter. Exploiting this vulnerability allows an...

LuxSoft LuxCal Web Calendar Security Vulnerability

LuxSoft LuxCal Web Calendar is a free user-friendly lightweight web-based event calendar from LuxSoft Switzerland. A security vulnerability exists in LuxSoft LuxCal Web Calendar versions prior to 5.2.4M and prior to 5.2.4L, which stems from the presence of a SQL injection vulnerability. An attack...

PT-2023-29543 · Prestashop · Product Catalog (Csv

Name of the Vulnerable Software and Affected Versions: PrestaShop module "Product Catalog CSV, Excel, XML Export PRO" versions prior to 5.0.0 Description: The issue allows a guest to perform SQL injection via the exportProduct:: addDataToDb function. Recommendations: For versions prior to 5.0.0,...

Teacher Subject Allocation Management System index.php File SQL Injection Vulnerability

Teacher Subject Allocation Management System a teacher subject allocation management system. The Teacher Subject Allocation Management System suffers from a SQL injection vulnerability that stems from a lack of validation of externally-entered SQL statements in the searchdata parameter of...

Code-Projects Blood Bank Security Breach

Code-Projects Blood Bank is a blood bank system for the Code-Projects project. A security vulnerability exists in Code-Projects Blood Bank version 1.0 that originated from allowing an attacker to run arbitrary SQL commands via the bid parameter in delete.php...

Fortinet FortiWLM 安全漏洞

Fortinet FortiWLM is a wireless manager from Fortinet, Inc. Fortinet FortiWLM suffers from a SQL injection vulnerability that stems from the application's lack of validation of externally entered SQL statements. An attacker could use this vulnerability to execute unauthorized code or commands via...

Inventory Management System SQL Injection Vulnerability

Inventory Management System is an inventory management system by the individual developer of stemword. A SQL injection vulnerability exists in Inventory Management System version V1.0, which originates from a vulnerability that allows local attackers to execute arbitrary SQL commands via the id...