CVE-2023-25330

A SQL injection vulnerability in Mybatis plus below 3.5.3.1 allows remote attackers to execute arbitrary SQL commands via the tenant ID valuer. NOTE: the vendor's position is that this can only occur in a misconfigured application; the documentation discusses how to develop applications that avoi...

Online Payroll System SQL注入漏洞

Online Payroll System is a system for distributing payroll online. Online Payroll System is vulnerable to SQL injection, which can be exploited by attackers to submit special SQL requests to manipulate the database and obtain sensitive information...

SourceCodester Online Payroll System SQL注入漏洞

Online Payroll System is a system for distributing payroll online. Online Payroll System is vulnerable to SQL injection, which can be exploited by attackers to submit special SQL requests to manipulate the database and obtain sensitive information...

Online Payroll System SQL注入漏洞

Online Payroll System is a system for distributing payroll online. Online Payroll System is vulnerable to SQL injection, which can be exploited by attackers to submit special SQL requests to manipulate the database and obtain sensitive information...

I-TECH TrainSmart SQL注入漏洞

I-TECH TrainSmart is an open source web-based training data collection system from I-TECH. A security vulnerability exists in I-TECH TrainSmart version r1044 that stems from the presence of a SQL injection vulnerability...

Online Payroll System SQL注入漏洞

Online Payroll System is a system for distributing payroll online. Online Payroll System is vulnerable to SQL injection, which can be exploited by attackers to submit special SQL requests that manipulate the database and can obtain sensitive information...

SourceCodester Centralized Covid Vaccination Records System SQL注入漏洞

Centralized Covid Vaccination Records System is a new Covid Pneumonia Vaccination Records System by Carlo Montero Individual Developer. SourceCodester Centralized Covid Vaccination Records System is vulnerable to SQL injection. No information about this vulnerability is available at this time,...

The vulnerability of HMI/SCADA CONPROSYS HMI lies in the lack of protective measures for SQL query structures, allowing attackers to gain unauthorized access to protected information.

The vulnerability of HMI/SCADA CONPROSYS HMI lies in the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information by sending specially crafted SQL queries to the databas...

PublicCMS SQL注入漏洞

PublicCMS is an open source content management system CMS written in Java by PublicCMS China. A security vulnerability exists in PublicCMS v.4.0. An attacker exploits the vulnerability to execute arbitrary code via the sql parameter of SysSiteAdminControl...

Akbim Computer Panon SQL注入漏洞

Akbim Computer Panon is an application from Akbim, Inc. An SQL injection vulnerability exists in Akbim Computer Panon versions prior to 1.0.2, which stems from improper neutralization of a special element used, resulting in SQL injection...

BluePage CMS SQL注入漏洞

BluePage CMS is a content management system from BluePage open source. A security vulnerability exists in BluePage CMS version 3.9 and earlier versions , the vulnerability stems from SQL injection when processing insufficiently cleaned HTTP headers...

Red Gate SQL Monitor 跨站脚本漏洞

Red Gate Software Redgate SQL Monitor is a database monitoring tool from Red Gate Software, UK. The product supports Microsoft SQL Server monitoring, alerting, analysis and more. A security vulnerability exists in Red Gate SQL Monitor version 12.1.31.893, which stems from a cross-site scripting X...

The vulnerability of the Apache Fineract digital financial services platform, related to the lack of protection for the SQL query structure, allows attackers to gain access to read, modify, or delete data.

The vulnerability of the Apache Fineract digital financial services platform relates to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows an attacker operating remotely to gain read, modify, or delete access to data...

PT-2023-14807 · Xman · Xman

Name of the Vulnerable Software and Affected Versions: X-Man version 1.0 Description: The issue is related to a SQL injection vulnerability, which can cause data leakage. Recommendations: For X-Man version 1.0, consider applying a patch or fix to resolve the SQL injection vulnerability. As a...

Grade Point Average GPA Calculator SQL注入漏洞

Grade Point Average GPA Calculator is an online and automated platform for calculating a student's grade point average or GPA built using the Bootstrap framework. A security vulnerability exists in SourceCodester Grade Point Average GPA Calculator version 1.0, which stems from a problem with the...

Young Entrepreneur E-Negosyo System SQL注入漏洞

Young Entrepreneur E-Negosyo System is a Young Entrepreneur E-Negosyo System for janobe individual developers. A security vulnerability exists in SourceCodester Young Entrepreneur E-Negosyo System version 1.0, which stems from an incorrect manipulation of the parameter UUSERNAME resulting in sql...

HashiCorp Vault SQL注入漏洞

HashiCorp Vault is a private key access management tool from HashiCorp Inc. in the United States. A SQL injection vulnerability exists in HashiCorp Vault versions 0.8.0 through 1.13.1, which stems from the fact that when configuring the MSSQL plugin locally, certain parameters are not cleaned up...

Centreon SQL注入漏洞

Centreon Merethis Centreon is a set of open source system monitoring tools from the French company Centreon . The product provides monitoring capabilities for resources such as networks, systems, and applications. A SQL injection vulnerability exists in Centreon, which arises from failure to...

Centreon SQL注入漏洞

Centreon Merethis Centreon is a set of open source system monitoring tools from the French company Centreon . The product provides monitoring capabilities for resources such as networks, systems, and applications. A SQL injection vulnerability exists in Centreon, which arises from failure to...

Ivanti Avalanche SQL注入漏洞

Ivanti Avalanche is an enterprise mobile device management system from Ivanti, USA. The system is primarily used to manage devices such as smartphones, tablets and barcode scanners. Ivanti Avalanche version 6.3.2.3490 suffers from a SQL injection vulnerability that stems from a crafted request in...