The vulnerability of the control interface for delivering web applications in NetScaler SD-WAN and the software-based network management solution in Citrix SD-WAN allows attackers to execute arbitrary SQL queries.

The vulnerability of the delivery interface component in NetScaler SD-WAN and Citrix SD-WAN software management tools is related to the lack of security measures for handling SQL query structures. Exploiting this vulnerability allows an attacker to execute arbitrary SQL queries remotely...

Student Management System SQL注入漏洞

Student Management System is a simple web-based student management software by the individual developer of Sk.Amir Hamza, Bangladesh. SourceCodester Online Student Management System version 1.0 has a SQL injection vulnerability that originates from a problem with the file...

OpenCycleCompass server-php SQL注入漏洞

server-php is an OpenCycleCompass open source server for iBis applications. An SQL injection vulnerability exists in OpenCycleCompass server-php, which stems from an incorrect manipulation of the parameter user resulting in sql injection...

Simple Customer Relationship Management SQL注入漏洞

Simple Customer Relationship Management Simple CRM is a Simple Customer Relationship Management System by Carlo Montero Personal Developer. A security vulnerability exists in Simple Customer Relationship Management System v1.0, which stems from a SQL injection vulnerability via the username...

Simple Customer Relationship Management SQL注入漏洞

Simple Customer Relationship Management Simple CRM is a Simple Customer Relationship Management System by Carlo Montero Personal Developer. A security vulnerability exists in Simple Customer Relationship Management System v1.0, which stems from a SQL injection vulnerability via the parameter...

PT-2023-1564 · Unknown · Class/Exam Timetabling System

Name of the Vulnerable Software and Affected Versions: Class and Exam Timetabling System version 1.0 Description: The issue is related to the lack of protection against SQL query structure manipulation when handling the password parameter in the index3.php script of the Class and Exam Timetabling...

Online Graduate Tracer System SQL注入漏洞

Online Graduate Tracer System is an online graduate tracer system by the individual developer Carlo Montero. SourceCodester Online Graduate Tracer System version 1.0 suffers from a SQL injection vulnerability that stems from incorrect manipulation of the parameter id resulting in sql injection...

CVE-2023-26550

A SQL injection vulnerability in BMC Control-M before 9.0.20.214 allows attackers to execute arbitrary SQL commands via the memname JSON field...

DEBIAN-CVE-2023-26032

ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 contain SQL Injection via malicious jason web token. The Username field of the JWT token was trusted when performing an SQL...

Gentoo SQL注入漏洞

Gentoo is an open source Linux system from the Gentoo Foundation. A security vulnerability exists in Gentoo soko versions prior to 1.0.1, which stems from the presence of a SQL injection vulnerability that can be exploited by an attacker to cause a denial of service...

BMC Control-M SQL注入漏洞

BMC Control-M is an application from BMC Corporation. Simplifies application and data workflow orchestration locally or as a service. A security vulnerability exists in BMC Control-M versions prior to 9.0.20.214, which stems from the presence of a SQL injection vulnerability that can be exploited...

CVE-2023-0981

A vulnerability was found in SourceCodester Yoga Class Registration System 1.0. It has been classified as critical. Affected is an unknown function of the component Delete User. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The identifie...

PT-2023-16626

Name of the Vulnerable Software and Affected Versions Online Services Software versions prior to 1.17 Description The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL Injection attacks. Recommendation...

CVE-2023-0910

A vulnerability has been found in SourceCodester Online Pizza Ordering System 1.0 and classified as critical. This vulnerability affects unknown code of the file viewprod.php of the component GET Parameter Handler. The manipulation of the argument ID leads to sql injection. The attack can be...

Intern Record System SQL注入漏洞

Intern Record System is an intern record system from the individual developers at Codeprojects. A security vulnerability exists in Intern Record System version 1.0. An attacker can exploit this vulnerability to execute arbitrary code and obtain sensitive information...

Luckyframe SQL注入漏洞

LuckyFrame is a free and open source testing platform. A security vulnerability exists in Luckyframe v3.5, which originates from a SQL injection vulnerability in the dataScope parameter in /system/UserMapper.xml...

PT-2023-11774 · Unknown · Projectworlds Online Doctor Appointment Booking System

Name of the Vulnerable Software and Affected Versions: Projectworlds Online Doctor Appointment Booking System affected versions not specified Description: The issue allows attackers to gain sensitive information via the "getuser.php" endpoint, specifically through the q parameter. This is a SQL...

SUSE CVE-2007-4437

SQL injection vulnerability in albums.php in Ampache before 3.3.3.5 allows remote attackers to execute arbitrary SQL commands via the match parameter. NOTE: some details are obtained from third party information...

SUSE CVE-2009-3125

SQL injection vulnerability in the Bug.search WebService function in Bugzilla 3.3.2 through 3.4.1, and 3.5, allows remote attackers to execute arbitrary SQL commands via unspecified parameters...

SUSE CVE-2011-4349

Multiple SQL injection vulnerabilities in 1 cd-mapping-db.c and 2 cd-device-db.c in colord before 0.1.15 allow local users to execute arbitrary SQL commands via vectors related to color devices and a device id, b property, or c profile id...