6586 matches found
PT-2022-14100
Name of the Vulnerable Software and Affected Versions carrcommunications rsvpmaker versions 9.3.2 and earlier Description An unauthenticated SQL injection flaw exists in the rsvpmaker-email.php file. This allows for database extraction with minimal barriers to access. It is estimated that over...
PT-2022-14123 · WordPress · Export Any Wordpress Data To Xml/Csv
Name of the Vulnerable Software and Affected Versions: Export any WordPress data to XML/CSV WordPress plugin versions prior to 1.3.5 Description: The issue arises from the lack of sanitization of the cpt POST parameter when exporting post data, which is then used in a database query. This leads t...
phplist SQL注入漏洞
phplist is a suite of open source newsletter and email marketing software from the UK-based phplist. Version 3.2.6 of phplist contains a security vulnerability that can be exploited by attackers to conduct SQL injection attacks...
CVE-2022-23169
attacker needs to craft a SQL payload. the vulnerable parameter is "agentid" must be authenticated to the admin panel...
CVE-2022-1690
The Note Press WordPress plugin through 0.1.10 does not sanitise and escape the ids from the bulk actions before using them in a SQL statement in an admin page, leading to an SQL injection...
CVE-2022-1683
The amtyThumb WordPress plugin through 4.2.0 does not sanitise and escape a parameter before using it in a SQL statement via its shortcode, leading to an SQL injection and is exploitable by any authenticated user and not just Author+ like the original advisory mention due to the fact that they ca...
WordPress plugin Note Press SQL注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. WordPress Note Press plugin 0.1.10 and earlier versions are vulnerable to SQL injection, which stems...
Neetai Tech SQL注入漏洞
Neetai Tech is a web development, GST software and accounting software from Neetai India.Neetai Tech is vulnerable to SQL injection, which can be exploited by attackers to cause sql injection issues via manipulation of the /product.php file...
Virtua Cobranca SQL注入漏洞
Virtua Cobranca, a CRM software for call centers and collection and finance departments from Virtua Brazil, is vulnerable to SQL injection in versions prior to Virtua Cobranca 12R. The vulnerability stems from a missing data filter escape in the idusuario parameter in login.php. An attacker could...
CVE-2022-30927
A SQL injection vulnerability exists in Simple Task Scheduling System 1.0 when MySQL is being used as the application database. An attacker can issue SQL commands to the MySQL database through the vulnerable "id" parameter...
CVE-2022-32012
Complete Online Job Search System v1.0 is vulnerable to SQL Injection via /eris/admin/employee/index.php?view=edit&id=...
CVE-2022-32015
Complete Online Job Search System v1.0 is vulnerable to SQL Injection via /eris/index.php?q=category&search=...
CVE-2022-32010
Complete Online Job Search System v1.0 is vulnerable to SQL Injection via /eris/admin/user/index.php?view=edit&id=...
CVE-2022-32006
Badminton Center Management System v1.0 is vulnerable to SQL Injection via /bcms/admin/services/viewservice.php?id=...
CVE-2022-31984
Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/admin/requests/takeaction.php?id=...
CVE-2022-31975
Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/admin/?page=user/manageuser&id=...
CVE-2022-31974
Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/admin/?page=reports&date=...
CVE-2022-31952
Rescue Dispatch Management System v1.0 is vulnerable to SQL injection via /rdms/classes/Master.php?f=deleteincident...
CVE-2022-31343
Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/admin/?page=bookings/viewdetails&id=...
CVE-2022-31351
Online Car Wash Booking System v1.0 by oretnom23 has SQL injection via /ocwbs/admin/services/manageprice.php?id=...