WManager SQL注入漏洞

WManager is a business process manager from WManager open source. A security vulnerability exists in wmanager v.1.0.7 and earlier versions, which stems from the presence of a SQL injection vulnerability that allows remote attackers to obtain sensitive information through a carefully crafted scrip...

The vulnerability of the software for processing and transmitting confidential data in Progress MOVEit Transfer arises from the lack of measures taken to protect the SQL query structure. This allows attackers to circumvent security restrictions, execute arbitrary SQL code, and gain unauthorized access to read, modify, or delete data.

The vulnerability of the software for processing and transmitting confidential data using Progress MOVEit Transfer is related to the lack of measures taken to protect the SQL query structure during the processing of the UserProcessPassChangeRequest parameter at the human.aspx endpoint. Exploiting...

CVE-2023-2852

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Softmed SelfPatron allows SQL Injection. This issue affects SelfPatron : before 2.0...

Yontem Informatics Vehicle Tracking System SQL注入漏洞

Yontem Informatics Vehicle Tracking System is a vehicle tracking system from Yontem. A SQL injection vulnerability exists in Yontem Informatics Vehicle Tracking System. No information about this vulnerability is available at this time, please stay tuned to CNNVD or the vendor advisory...

WordPress plugin MStore API SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A SQL injection vulnerability exists in the...

WordPress plugin All In One Redirection SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

SourceCodester Shopping Website SQL注入漏洞

SourceCodester Shopping Website is a shopping website type CMS. A SQL injection vulnerability exists in SourceCodester Shopping Website version 1.0, which stems from a parameter email in the file checkavailability.php that can lead to sql injection...

GHSA-7Q94-QPJR-XPGM langchain SQL Injection vulnerability

SQL injection vulnerability in langchain allows a remote attacker to obtain sensitive information via the SQLDatabaseChain component...

ThinuTech ThinuCMS SQL注入漏洞

ThinuTech ThinuCMS is a fast and secure PHP blogging system from ThinuTech. A SQL injection vulnerability exists in ThinuTech ThinuCMS version 1.5, which stems from the parameter catid in the file /category.php that can lead to sql injection...

LangChain SQL注入漏洞

LangChain is an application built using LLM through composability. LangChain version v.0.0.64 suffers from a SQL injection vulnerability that stems from the presence of a SQL injection vulnerability that allows remote attackers to obtain sensitive information via the SQLDatabaseChain component...

CVE-2023-36934

In Progress MOVEit Transfer before 2020.1.11 12.1.11, 2021.0.9 13.0.9, 2021.1.7 13.1.7, 2022.0.7 14.0.7, 2022.1.8 14.1.8, and 2023.0.4 15.0.4, a SQL injection vulnerability has been identified in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain unauthorized...

Progress Software MOVEit Transfer SQL注入漏洞

Progress Software MOVEit Transfer is an automated file transfer software from Progress Software, USA. The software supports file transfer and provides file transfer activity monitoring. A security vulnerability exists in Progress Software MOVEit Transfer that stems from an SQL injection...

PT-2023-25704 · Kanboard +1 · Kanboard +1

Name of the Vulnerable Software and Affected Versions: Kanboard versions prior to 1.2.31 Description: Kanboard is project management software that focuses on the Kanban methodology. In versions prior to 1.2.31, an authenticated user is able to perform a SQL Injection, leading to a privilege...

The vulnerability of the admin/?page=items/view_item component in the Web Application SourceCodester Lost and Found Information System allows a malicious user to execute arbitrary SQL queries.

The vulnerability of the “admin/?page=items/viewitem” component in the Web application of the SourceCodester Lost and Found Information System is related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows an attacker who operates remotely to execu...

PT-2023-25007 · Ibos Oa · Ibos Oa

Name of the Vulnerable Software and Affected Versions: IBOS OA version 4.5.5 Description: A critical issue was found in the actionEdit function of the ?r=dashboard/roleadmin/edit&op=member endpoint, part of the Add User Handler component. The manipulation of the id argument leads to SQL injection...

The vulnerability of the mod_h5pactivity component in the virtual learning environment Moodle allows a hacker to execute arbitrary SQL queries in the database.

The vulnerability of the modh5pactivity component in the virtual learning environment Moodle is related to the lack of security measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL queries in the database...

The vulnerability in the web interface of the Cisco Smart Software Manager On-Prem administrative tool allows a perpetrator to execute arbitrary SQL code.

The vulnerability of the web interface of the Cisco Smart Software Manager On-Prem administration tool is related to insufficient validation of input data. Exploiting this vulnerability allows a remote attacker to execute arbitrary SQL code...

The vulnerability in the virtual training environment Moodle, related to insufficient data cleaning, allows a malicious user to execute arbitrary SQL queries in the database.

The vulnerability in the virtual training environment Moodle is related to insufficient cleaning of data provided by users in the external Wiki method for listing pages. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL queries in the database...

CVE-2023-34487

itsourcecode Online Hotel Management System Project In PHP v1.0.0 is vulnerable to SQL Injection. SQL injection points exist in the login password input box. This vulnerability can be exploited through time-based blind injection...

DOOR Property Cloud Platform Management Center SQL注入漏洞

DOOR Property Cloud Platform Management Center is a property cloud platform management center of China DOOR Corporation. A security vulnerability exists in DOOR Property Cloud Platform Management Center version 1.0, which originates from an SQL injection vulnerability...