Shaanxi Chanming Education Technology Score Query System SQL Injection Vulnerability

Shaanxi Chanming Education Technology Score Query System is a score query system from Shaanxi Chanming Education Technology. A security vulnerability exists in Shaanxi Chanming Education Technology Score Query System version 5.0, which originates from the presence of an unknown function that caus...

TONGDA Office Anywhere SQL Injection Vulnerability

TONGDA Office Anywhere is a collaborative office OA system. A SQL injection vulnerability exists in TONGDA Office Anywhere V11.10 and earlier versions, v2017, which originates from the presence of an unknown function in general/system/approvecenter/flowsort/flow/delete.php, which can cause a SQL...

Projectworlds Online Art gallery project SQL Injection Vulnerability

Projectworlds Online Art gallery project is an online art gallery project by Projectworlds India. A SQL injection vulnerability exists in Projectworlds Online Art gallery project v1.0, which stems from the lnm parameter in header.php that does not validate incoming characters and sends them...

SourceCodester Sticky Notes SQL Injection Vulnerability

SourceCodester Sticky Notes is a sticky notes application. A security vulnerability exists in SourceCodester Sticky Notes version 1.0, which stems from a SQL injection vulnerability in the parameter note in the file endpoint/delete-note.php...

CVE-2023-26583

Unauthenticated SQL injection in the GetCurrentPeriod method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers...

CVE-2023-26584

Unauthenticated SQL injection in the GetStudentInconsistencies method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers...

IDAttend IDWeb SQL Injection Vulnerability

IDAttend IDWeb is a web-based module from IDAttend, Inc. A security vulnerability exists in IDAttend IDWeb version 3.1.052 and prior versions that stems from an unauthenticated SQL injection in the GetExcursionList method...

PT-2023-6632

Name of the Vulnerable Software and Affected Versions F5 BIG-IP Configuration utility affected versions not specified Description An authenticated SQL injection vulnerability exists in the BIG-IP Configuration utility, which may allow an authenticated attacker with network access to the...

Vulnerability of the Server component: The Optimizer component of the MySQL Server database management system, which allows a hacker to cause a service failure.

The vulnerability of the MySQL Server component of the database management system involves insufficient validation of input data. Exploiting this vulnerability can allow a malicious actor to cause service interruptions remotely...

The vulnerability of the `parse_user_filters` function in the SupportCandy plugin of the WordPress content management system allows a hacker to execute arbitrary SQL queries.

The vulnerability of the parseuserfilters function in the SupportCandy plugin of the WordPress content management system is related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL queries remotely...

IDAttend IDWeb SQL Injection Vulnerability

IDAttend IDWeb is a web-based module from IDAttend, Inc. A security vulnerability exists in IDAttend IDWeb version 3.1.052 and prior versions that stems from an unauthenticated SQL injection in the GetRoomChanges method...

IDAttend IDWeb SQL Injection Vulnerability

IDAttend IDWeb is a web-based module from IDAttend, Inc. A security vulnerability exists in IDAttend IDWeb version 3.1.052 and prior versions that stems from an unauthenticated SQL injection in the GetStudentGroupStudents method...

IDAttend IDWeb SQL Injection Vulnerability

IDAttend IDWeb is a web-based module from IDAttend, Inc. A security vulnerability exists in IDAttend IDWeb version 3.1.052 and prior versions that stems from an unauthenticated SQL injection in the DeleteRoomChanges method...

PT-2023-29968 · Unknown · Ndk Steppingpack

Name of the Vulnerable Software and Affected Versions: ndk steppingpack versions 1.5.6 and before Description: The issue allows a guest to perform SQL injection. The method NdkSpack::getPacks has sensitive SQL calls that can be executed with a trivial HTTP call and exploited to forge a SQL...

Vulnerability of the /vm/admin/doctors.php file of the small medical institutions’ management system. SourceCodester – Free Hospital Management System for Small Practices, allowing attackers to execute arbitrary SQL queries against the database.

The vulnerability of the /vm/admin/doctors.php file in the Small Medical Institutions Management System by SourceCodester allows unauthorized access to the SQL query structure. Exploiting this vulnerability enables a malicious actor to execute arbitrary SQL queries against the database remotely...

Number withdrawn

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. This CVE number has been withdrawn...

LyLme Spage SQL Injection Vulnerability

LyLme Spage six zero navigation page is China's six zero LyLme open source a navigation page . Committed to simple and efficient advertising-free Internet navigation and search portal , support for background links , custom search engine , precipitation of the most valuable links , no commercial...

PT-2023-6237 · Ibm · Ibm Db2

Name of the Vulnerable Software and Affected Versions: IBM Db2 for Linux, UNIX, and Windows includes Db2 Connect Server version 11.5 Description: The issue is related to errors in processing input data, which can be exploited by a remote attacker to cause a denial of service with a specially...

The vulnerability of the ODBC driver for SQL Server on Windows operating systems allows a hacker to execute arbitrary code.

The vulnerability of the ODBC driver for SQL Server on Windows operating systems is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to execute arbitrary code...

The vulnerability of the software platforms for developing and managing Magento Open Source and Adobe Commerce online stores lies in the lack of protective measures for the SQL query structure, allowing attackers to execute arbitrary code.

The vulnerability of the software platforms for developing and managing Magento Open Source and Adobe Commerce online stores is related to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...