WordPress plugin WP ERP SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection vulnerabili...

Trend Micro Apex Central SQL注入漏洞

Trend Micro Apex Central is a Web-based console from Trend Micro, Inc. Trend Micro Apex Central suffers from a SQL injection vulnerability that can be exploited by an attacker to submit a specially crafted SQL request to manipulate a database, obtain sensitive information or execute arbitrary cod...

The vulnerability of the GLPI system’s handling of requests and incidents lies in the improper neutralization of input data during the generation of web pages, as well as the improper neutralization of special elements used in SQL commands. This allows attackers to execute arbitrary SQL queries in the database.

The vulnerability of the GLPI application’s request and incident handling system lies in the insufficient cleaning of user data at the final inventory registration stage. A user who has not undergone identity verification can send specially created requests to the vulnerable application and execu...

CVE-2023-36663

it-novum openITCOCKPIT aka open IT COCKPIT 4.6.4 before 4.6.5 allows SQL Injection by authenticated users via the sort parameter of the API interface...

Webkil QloApps SQL注入漏洞

Webkil QloApps is free open source hotel booking and online reservation system. A security vulnerability exists in Webkul QloApps version 1.6.0, which stems from a SQL injection vulnerability in the GET parameter. An attacker can exploit the vulnerability to bypass the authentication and...

PT-2023-24509 · Sourcecodester · Sourcecodester Game Result Matrix System

Name of the Vulnerable Software and Affected Versions: SourceCodester Game Result Matrix System version 1.0 Description: A critical issue was found in the GET Parameter Handler component, specifically affecting the /dipam/athlete-profile.php file. The manipulation of the id argument leads to SQL...

CVE-2023-36371

An issue in the GDKfree component of MonetDB Server v11.45.17 and v11.46.0 allows attackers to cause a Denial of Service DoS via crafted SQL statements...

CVE-2023-36370

An issue in the gccol component of MonetDB Server v11.45.17 and v11.46.0 allows attackers to cause a Denial of Service DoS via crafted SQL statements...

CVE-2023-36369

An issue in the listappend component of MonetDB Server v11.45.17 and v11.46.0 allows attackers to cause a Denial of Service DoS via crafted SQL statements...

CVE-2023-36367

An issue in the BLOBcmp component of MonetDB Server v11.45.17 and v11.46.0 allows attackers to cause a Denial of Service DoS via crafted SQL statements...

The vulnerability of the WDAC OLE DB driver for SQL Server on Windows operating systems allows a hacker to execute arbitrary code.

The vulnerability of the WDAC OLE DB driver for SQL Server on Windows operating systems is related to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

CVE-2023-2805

The SupportCandy WordPress plugin before 3.1.7 does not properly sanitise and escape the agents parameter in the setaddagentleaves AJAX function before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin...

WordPress plugin WP Custom Cursors SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A SQL injection vulnerability exist...

Marksoft Mobile+ SQL注入漏洞

Marksoft is an application from Marksoft Corporation. A SQL injection vulnerability exists in Marksoft Mobile+ version v.7.1.7, Login version 1.4, and API version 20230605, which stems from an improper neutralization of a special element used to cause SQL injection...

CVE-2023-32026

Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability...

CVE-2023-32028

Microsoft SQL OLE DB Remote Code Execution Vulnerability...

Thinking Software Technology Efence SQL注入漏洞

Thinking Software Technology Efence is a mobile device management solution from China-based Thinking Software Technology. A SQL injection vulnerability exists in Thinking Software Technology Efence due to a login function that does not validate user-entered parameters...

The vulnerability of the software for processing and transmitting confidential data in Progress MOVEit Transfer arises from the lack of measures taken to protect the SQL query structure. This allows attackers to execute arbitrary SQL queries against the database.

The vulnerability of the software for processing and transmitting confidential data in Progress MOVEit Transfer is related to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL queries against the database...

The vulnerability of the Elite Technology WEBFAX faxing software lies in the lack of protection for the SQL query structure, allowing attackers to execute arbitrary SQL queries.

The vulnerability of the fax communication software Elite Technology WEBFAX lies in the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL queries remotely...

PT-2023-3448 · Microsoft · Odbc Driver For Sql Server

Name of the Vulnerable Software and Affected Versions: Microsoft ODBC Driver for SQL Server affected versions not specified Description: The issue is related to insufficient input validation in the Microsoft ODBC Driver for SQL Server library, which can allow an attacker to execute arbitrary code...