School-Management-System SQL Injection Vulnerability

School-Management-System is a school management system by the individual developer Lahiru Danushka. A SQL injection vulnerability exists in School Management System version 1.0.0, 1.0.1, which stems from an incorrect operation of the parameter update that can lead to sql injection...

School-Management-System SQL Injection Vulnerability

School-Management-System is a school management system by the individual developer Lahiru Danushka. A SQL injection vulnerability exists in School-Management-System version 1.0.0, 1.0.1, which stems from an incorrect operation of the parameter update that can lead to sql injection...

PT-2024-37504 · Unknown · Lahirudanushka School Management System

Name of the Vulnerable Software and Affected Versions: lahirudanushka School Management System versions 1.0.0 through 1.0.1 Description: A critical issue has been found in the Teacher Page component, specifically in the file teacher.php. The manipulation of the update argument leads to sql...

CVE-2023-49989

Hotel Booking Management v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at update.php...

CVE-2023-52257

LogoBee 0.2 allows updates.php?id= XSS...

CVE-2023-45119

Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'n' parameter of the /update.php?q=quiz resource does not validate the characters received and they are sent unfiltered to the database...

CVE-2023-45119 Online Examination System v1.0 - Multiple Authenticated SQL Injections (SQLi)

Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'n' parameter of the /update.php?q=quiz resource does not validate the characters received and they are sent unfiltered to the database...

Projectworlds Online Examination System SQL Injection Vulnerability

Projectworlds Online Examination System is an online examination system from Projectworlds India. Projectworlds Online Examination System v1.0 suffers from a SQL injection vulnerability, which stems from the "n" parameter of update.php not validating received characters and sending them to the...

PT-2023-29422 · Unknown · Online Examination System

Name of the Vulnerable Software and Affected Versions: Online Examination System version 1.0 Description: The issue concerns multiple Authenticated SQL Injection vulnerabilities. Specifically, the right parameter of the "update.php" resource does not validate the characters received and they are...

CVE-2023-6411

A vulnerability has been reported in Voovi Social Networking Script that affects version 1.0 and consists of a SQL injection via home.php in the update parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all...

CVE-2023-6411 SQL injection in Voovi Social Networking Script

A vulnerability has been reported in Voovi Social Networking Script that affects version 1.0 and consists of a SQL injection via home.php in the update parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all...

CVE-2023-6411 SQL injection in Voovi Social Networking Script

A vulnerability has been reported in Voovi Social Networking Script that affects version 1.0 and consists of a SQL injection via home.php in the update parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all...

CVE-2022-1689

The Note Press WordPress plugin through 0.1.10 does not sanitise and escape the Update parameter before using it in a SQL statement when updating a note via the admin dashboard, leading to an SQL injection...

Note Press <= 0.1.10 - Admin+ SQLi via Update

The plugin does not sanitise and escape the Update parameter before using it in a SQL statement when updating a note via the admin dashboard, leading to an SQL injection PoC POST /wp-admin/admin.php?page=NotePress-Main-Menu=edit=17 HTTP/1.1 Accept:...

CVE-2021-25205

SQL injection vulnerability in SourceCodester E-Commerce Website V 1.0 allows remote attackers to execute arbitrary SQL statements, via the update parameter to empViewUpdate.php...

SourceCodester E-Commerce Website SQL注入漏洞

SourceCodester E-Commerce Website is a software application. A PHP e-commerce website project for bookstores. A SQL injection vulnerability exists in SourceCodester E-Commerce Website version V1.0, which originates from a lack of validation of the update parameter of empViewUpdate.php against an...

CVE-2018-18670

GNUBOARD5 5.3.1.9 has XSS that allows remote attackers to inject arbitrary web script or HTML via the "Extra Contents" parameter, aka the adm/configformupdate.php cf110 parameter...

CVE-2017-14444

An exploitable buffer overflow vulnerability exists in Insteon Hub running firmware version 1012. The HTTP server implementation incorrectly handles the URL parameter during a firmware update request, leading to a buffer overflow on a global section. An attacker can send an HTTP GET request to...

CVE-2018-7777

The vulnerability is due to insufficient handling of updatefile request parameter on updatemodule.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. A remote, authenticated attacker can exploit this vulnerability by sending a crafted request to the target server...

CVE-2018-7777

The vulnerability is due to insufficient handling of updatefile request parameter on updatemodule.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. A remote, authenticated attacker can exploit this vulnerability by sending a crafted request to the target server...