Johnson Controls CKS CEVAS 跨站脚本漏洞

Johnson Controls CKS CEVAS is a web-based billing and reporting solution from Johnson Controls, Inc. It is used for rescue and emergency services. A security vulnerability exists in Johnson Controls CKS CEVAS versions prior to 1.01.46. An attacker exploited the vulnerability to retrieve data via ...

PT-2022-24929 · Metabase · Metabase

Name of the Vulnerable Software and Affected Versions: Metabase versions prior to 0.41.9, 0.42.6, 0.43.7, 0.44.5, 1.41.9, 1.42.6, 1.43.7, and 1.44.5 Description: The issue allows Remote Code Execution RCE in Metabase, a data visualization software, when users can write SQL queries on H2 databases...

Metabase 安全漏洞

Metabase is an open source data analytics platform from Metabase, Inc. in the United States. A security vulnerability exists in Metabase that stems from the fact that H2 the example database can allow Remote Code Execution RCE, which can be abused by users who are able to write SQL queries on the...

Changing Information Technology RAVA certificate validation system SQL注入漏洞

Changing Information Technology RAVA certificate validation system Panorama Software RAVA certificate validation system website is a credential validation system from China-based Changing Information Technology. The Panorama Software RAVA certificate validation system suffers from a SQL injection...

PT-2022-22961 · Sourcecodester · Sourcecodester Cashier Queuing System

Name of the Vulnerable Software and Affected Versions: SourceCodester Cashier Queuing System version 1.0 Description: A critical issue was found in the Login Page component, specifically in the /queuing/login.php file. The manipulation of the username and password arguments leads to SQL injection...

Open Source SACCO Management System SQL注入漏洞

Open Source SACCO Management System is an open source SACCO management system by Mayuri K. Individual developer. A security vulnerability exists in Open Source SACCO Management System v1.0, which can be exploited by an attacker to perform SQL injection via its /saccoshield/managepayment.php...

Simple Online Public Access Catalog SQL注入漏洞

Simple Online Public Access Catalog OPAC is a web-based application by Carlo Montero Personal Developer. It is used to manage library materials or book databases for a particular school or university. A SQL injection vulnerability exists in Simple Online Public Access Catalog version 1.0, which...

Purchase Order Management System SQL注入漏洞

Purchase Order Management System is a purchase order management system by Carlo Montero, an individual developer. A security vulnerability exists in Purchase Order Management System version 1.0, which is caused by a sql injection due to manipulation of the parameter id...

Human Resource Management System 安全漏洞

Human Resource Management System is a human resource management system by maverickosama Personal Developer. A security vulnerability exists in Human Resource Management System, which stems from an unknown function in its city.php component that operates on the parameter searccity to cause SQL...

CVE-2022-37982

Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability...

Simple Cold Storage Management System SQL注入漏洞

Sourcecodester Simple Cold Storage Management System is a web-based application used as a cold storage business website to provide their customers or prospects with an easily accessible platform to learn about their company. A SQL injection vulnerability exists in Simple Cold Storage Management...

CVE-2022-40825

B.C. Institute of Technology CodeIgniter =3.1.13 is vulnerable to SQL Injection via system\database\DBquerybuilder.php wherein function. Note: Multiple third parties have disputed this as not a valid vulnerability...

PT-2022-25559 · Unknown · Codeigniter

Name of the Vulnerable Software and Affected Versions: CodeIgniter versions =3.1.13 Description: The issue concerns SQL Injection via the where function in the system/database/DB query builder.php file. Note that the validity of this issue has been disputed by multiple third parties...

PT-2022-26430 · Centreon · Centreon

Name of the Vulnerable Software and Affected Versions: Centreon affected versions not specified Description: This issue allows remote attackers to escalate privileges on affected installations. Authentication is required to exploit this issue. The specific flaw exists within the handling of...

Online Diagnostic Lab Management System SQL注入漏洞

Online Diagnostic Lab Management System is an online diagnostic lab management system. A SQL injection vulnerability exists in Online Diagnostic Lab Management System v1.0, which originates from a security issue with the id parameter in /diagnostic/edittest.php...

Online Pet Shop We App SQL注入漏洞

Online Pet Shop We App is an online pet store web application. A SQL injection vulnerability exists in Online Pet Shop We App v1.0, which stems from an SQL injection in the id parameter. No details of the vulnerability are available at this time...

PT-2022-26426 · Centreon · Centreon

Name of the Vulnerable Software and Affected Versions: Centreon affected versions not specified Description: This issue allows remote attackers to escalate privileges on affected installations. Authentication is required to exploit this issue. The specific flaw exists within the handling of...

PT-2022-26428 · Centreon · Centreon

Name of the Vulnerable Software and Affected Versions: Centreon affected versions not specified Description: This issue allows remote attackers to escalate privileges on affected installations. Authentication is required to exploit this issue. The specific flaw exists within the handling of...

CVE-2022-42243

Simple Cold Storage Management System v1.0 is vulnerable to SQL injection via /csms/admin/storages/managestorage.php?id=...

CVE-2022-42250

Simple Cold Storage Management System v1.0 is vulnerable to SQL injection via /csms/admin/inquiries/viewdetails.php?id=...