The vulnerability of the information system openSIS, related to the failure to protect the SQL query structure, allows a perpetrator to execute arbitrary SQL queries.

The vulnerability of the information system openSIS is related to the failure to implement measures to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL queries using the /opensis/functions/GetStuListFnc.php &Grade= parameter...

The vulnerability of the group_list component of the Advantech R-SeeNet monitoring software allows a hacker to execute arbitrary SQL queries.

The vulnerability of the “ord” parameter in the grouplist component of the Advantech R-SeeNet monitoring software for routers is related to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL queries remote...

The vulnerability of the implementations of the QuerySet.annotate(), aggregate(), and extra() methods in the Django web application framework allows attackers to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the implementation of the QuerySet.annotate, aggregate, and extra methods in the Django software platform is related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor to compromise the confidentiality,...

HealthNode Hospital Management System SQL注入漏洞

Hospital Management System is a hospital management system. The system includes patient information management, ward management, surgery schedule management and financial management, etc. A SQL injection vulnerability exists in Hospital Management System v1.0, which stems from the lack of...

TYPO3 SQL注入漏洞

TYPO3 is a content management system framework CMS/CMF from the Swiss TYPO3 Association.TYPO3 One is Enough Library 4.1.5 and earlier versions are vulnerable to SQL injection, which stems from inadequate cleaning of user-supplied data. A remote attacker could use this vulnerability to send a...

CuppaCMS SQL注入漏洞

CuppaCMS is a content management system CMS. SQL injection vulnerability exists in CuppaCMS v1.0, which originates from the missing validation of external input in the menufilter parameter in /administrator/templates/default/html/windows/right.php. SQL statement validation. An attacker could use...

The vulnerability of the Used_tables_and_const_cache::used_tables_and_const_cache_join component of the MariaDB database management system allows a hacker to cause a service failure.

The vulnerability of the Usedtablesandconstcache::usedtablesandconstcachejoin component of the MariaDB database management system is related to the lack of protective measures for SQL query structures. Exploiting this vulnerability allows a malicious actor to trigger service failures using...

Link Group Link-Admin SQL注入漏洞

Link Group Link-Admin is a pension fund system administration service from Link Group Australia. v0.0.1 of Link-Admin is vulnerable to SQL injection, which stems from the lack of SQL data filtering in DictRest.ResponseResult. An attacker could exploit this vulnerability to cause SQL injection...

CVE-2022-28421

Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via /admin.php?id=posts&action=display&value=1&postid=...

CVE-2022-28415

Home Owners Collection Management System v1.0 was discovered to contain a SQL injection vulnerability via /hocms/classes/Master.php?f=deletecollection...

CVE-2022-28022

Purchase Order Management System v1.0 was discovered to contain a SQL injection vulnerability via /purchaseorder/classes/Master.php?f=deleteitem...

CVE-2022-28020

Attendance and Payroll System v1.0 was discovered to contain a SQL injection vulnerability via the component \admin\positionedit.php...

CVE-2022-28020

Attendance and Payroll System v1.0 was discovered to contain a SQL injection vulnerability via the component \admin\positionedit.php...

CVE-2022-28030

Simple Real Estate Portal System v1.0 was discovered to contain a SQL injection vulnerability via /reps/classes/Master.php?f=deleteestate...

SQL Injection

Overview blazer is an allows you to explore your data with SQL. Easily create charts and dashboards, and share them with your team. Affected versions of this package are vulnerable to SQL Injection by allowing specific variable values to modify the query rather than just the variable. This can...

Attendance and Payroll System SQL注入漏洞

Attendance and Payroll System is a PHP/MySQLi source code attendance and payroll system from oretnom23 individual developers. version v1.0 of Attendance and Payroll System is vulnerable to SQL injection, which originates from the component adminposition delete.php lacks validation for external...

Sourcecodester Baby Care System SQL注入漏洞

Sourcecodester Baby Care System is an application of the Sourcecodester community in the United States. Sourcecodester Baby Care System v1.0 is vulnerable to SQL injection, which originates from /admin/uesrs.php & action=type & userrole=User & userid= in the userid parameter missing validation of...

Sourcecodester Baby Care System SQL注入漏洞

Sourcecodester Baby Care System is an application of the Sourcecodester community in the United States. Sourcecodester Baby Care System v1.0 is vulnerable to SQL injection, which originates from /admin.php?id=posts...

Sourcecodester Baby Care System SQL注入漏洞

Sourcecodester Baby Care System is an application of the Sourcecodester community in the United States. Sourcecodester Baby Care System v1.0 contains a SQL injection vulnerability that originates in /admin/inbox.php & action=read & msgid= where the msgid parameter lacks validation for external...

Rukovoditel SQL注入漏洞

Rukovoditel is a set of Web-based open source project management software from the Rukovoditel team. The software features project management, customer relationship management, and more. A security vulnerability exists in Rukovoditel Project Management App 2.7.2, which can be triggered by an...