JFinal SQL注入漏洞

JFinal is a Java language based WEB + ORM open source framework . JFinal CMS version 5.1.0 SQL injection vulnerability exists , the vulnerability stems from the interface does not use the same components , there is no filter , but each use their own SQL splicing , resulting in SQL injection...

Aruba Networks ClearPass Policy Manager SQL注入漏洞

Aruba Networks ClearPass Policy Manager is an Aruba Networks application that provides a secure access management system for wireless networks. A security vulnerability exists in Aruba Networks ClearPass Policy Manager versions 6.10.x through 6.10.6 and 6.9.x through 6.9.11. An attacker could...

CVE-2022-3142

The NEX-Forms WordPress plugin before 7.9.7 does not properly sanitise and escape user input before using it in SQL statements, leading to SQL injections. The attack can be executed by anyone who is permitted to view the forms statistics chart, by default administrators, however can be configured...

WordPress plugin NEX-Forms SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A SQL injection vulnerability exists in the...

CVE-2022-37207

JFinal CMS 5.1.0 is affected by: SQL Injection. These interfaces do not use the same component, nor do they have filters, but each uses its own SQL concatenation method, resulting in SQL injection...

CVE-2022-38594

Church Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/editvisitor.php...

mysql: Server: Options unspecified vulnerability (CPU Oct 2021)

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Options. Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attac...

CVE-2022-36669

Hospital Information System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass...

CVE-2022-37138

Loan Management System 1.0 is vulnerable to SQL Injection at the login page, which allows unauthorized users to login as Administrator after injecting username form...

PT-2022-23832 · Unknown · Alton Management System

Name of the Vulnerable Software and Affected Versions: Loan Management System version 1.0 Description: The issue allows unauthorized users to login as Administrator after injecting the username form at the login page, specifically through SQL Injection. Recommendations: For Loan Management System...

CVE-2022-39817

In NOKIA 1350 OMS R14.2, multiple SQL Injection vulnerabilities occurs. Exploitation requires an authenticated attacker. Through the injection of arbitrary SQL statements, a potential authenticated attacker can modify query syntax and perform unauthorized and unexpected operations against the...

mariadb: server crash at Field::set_default via specially crafted SQL statements

A flaw was found in MariaDB. The component, Field::setdefault, allows attackers to cause a denial of service DoS via specially crafted SQL statements, affecting availability...

PT-2022-24494 · Unknown · Hospital Management System

Name of the Vulnerable Software and Affected Versions: Hospital Management System version 1.0 Description: The issue is related to multiple SQL injection vulnerabilities. These vulnerabilities can be exploited via the Username and Password parameters on the Login page, specifically the '/login' A...

PT-2022-5866 · Microsoft · Dynamics Crm

Name of the Vulnerable Software and Affected Versions: Microsoft Dynamics CRM on-premises affected versions not specified Description: The issue is related to a lack of protection for the SQL query structure in Microsoft Dynamics CRM, allowing for potential remote code execution by an attacker...

Archery SQL注入漏洞

Archery is a set of open source vulnerability assessment and management tools. A security vulnerability exists in Archery versions v1.8.3 through v1.8.5, which stems from the starttime and stoptime parameters in the my2sql interface containing SQL injection vulnerabilities...

Archery SQL注入漏洞

Archery is a set of open source vulnerability assessment and management tools. A security vulnerability exists in Archery versions v1.4.0 through v1.8.5, which stems from the ThreadIDs parameter in the createkillsession interface containing a SQL injection vulnerability...

InventoryManagementSystem SQL注入漏洞

InventoryManagementSystem is an inventory management system by Sajan Rajbhandari, an individual developer. It provides an easy way to track products, suppliers, customers, and purchasing and sales information. A security vulnerability exists in InventoryManagementSystem version 1.0, which...

JFinal SQL注入漏洞

JFinal is a Java-based WEB + ORM open source framework. JFinal CMS version 5.1.0 has a security vulnerability , the vulnerability stems from /admin/imagealbum/list SQL injection vulnerability...

CVE-2022-38269

School Activity Updates with SMS Notification v1.0 was discovered to contain a SQL injection vulnerability via the component /modules/modstudent/index.php?view=edit&id=...

PT-2022-24316 · Unknown · Interview Management System

Name of the Vulnerable Software and Affected Versions: Interview Management System version 1.0 Description: The issue is related to a SQL injection vulnerability. This vulnerability can be exploited via the id parameter at the "/interview/editQuestion.php" API endpoint. Recommendations: For...