13185 matches found
Human Resource Management System security breach
Human Resource Management System is a human resource management system by maverickosama Personal Developer. A security vulnerability exists in SourceCodester Human Resource Management System version 1.0, which originates from a SQL injection vulnerability that allows an attacker to execute...
CVE-2024-33402
A SQL injection vulnerability in /model/approvepettycash.php in campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the id parameter...
CVE-2024-33808
A SQL injection vulnerability in /model/gettimetable.php in campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the id parameter...
CVE-2024-33804
A SQL injection vulnerability in /model/getsubject.php in campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the id parameter...
CVE-2024-33802
A SQL injection vulnerability in /model/getstudentsubject.php in campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the index parameter...
CVE-2024-33801
A SQL injection vulnerability in /model/getsubjectrouting.php in campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the id parameter...
CVE-2024-33801
A SQL injection vulnerability in /model/getsubjectrouting.php in campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the id parameter...
CVE-2024-33799
A SQL injection vulnerability in /model/getteacher.php in campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the id parameter...
SQL Injection
mocodo is vulnerable to SQL Injection. The vulnerability is due to improper sanitization of the sqlcase input field in /web/generate.php, allowing remote attackers to execute arbitrary SQL commands and potentially command injection, leading to remote code execution RCE under certain conditions...
SQL Injection
PyMySQL is vulnerable to SQL Injection. The vulnerability is due to improper JSON sanitization within the escapedict function, which allows an attacker execute arbitrary SQL if an application handles untrusted JSON user input...
CVE-2024-34929
A SQL injection vulnerability in /view/findfriends.php in Campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the myindex parameter...
CVE-2024-34936
A SQL injection vulnerability in /view/event1.php in Campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the month parameter...
CVE-2024-34935
A SQL injection vulnerability in /view/conversationhistoryadmin.php in Campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the conversationid parameter...
CVE-2024-34935
A SQL injection vulnerability in /view/conversationhistoryadmin.php in Campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the conversationid parameter...
CVE-2024-34934
A SQL injection vulnerability in /view/emarksrangegradeupdateform.php in Campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the conversationid parameter...
CVE-2024-34934
A SQL injection vulnerability in /view/emarksrangegradeupdateform.php in Campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the conversationid parameter...
CVE-2024-34932
A SQL injection vulnerability in /model/updateexam.php in Campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the name parameter...
CVE-2024-34932
A SQL injection vulnerability in /model/updateexam.php in Campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the name parameter...
CVE-2024-34931
A SQL injection vulnerability in /model/updatesubject.php in Campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the name parameter...
CVE-2024-34930
A SQL injection vulnerability in /model/allevents1.php in Campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the month parameter...