Lucene search
K

48 matches found

CNNVD
CNNVD
added 2024/05/23 12:0 a.m.5 views

Campcodes Complete Web-Based School Management System 安全漏洞

Campcodes Complete Web-Based School Management System is a Web-based school management system from Campcodes, Inc. A security vulnerability exists in Complete Web-Based School Management System version 1.0. An attacker can exploit this vulnerability to execute arbitrary SQL commands via the name...

9.8CVSS8AI score0.0051EPSS
Exploits1References2
CNNVD
CNNVD
added 2024/03/21 12:0 a.m.7 views

crmeb_java 安全漏洞

Zhongbang CRMEB is an open source e-commerce management system from Zhongbang Networks Zhongbang in Xi'an, China. A security vulnerability exists in versions prior to crmebjava v1.3.4, which stems from the presence of a SQL injection vulnerability that allows an attacker to run arbitrary SQL...

6.5CVSS7.9AI score0.00613EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2024/03/19 12:0 a.m.5 views

PT-2024-22491 · Unknown · Employee Management System

Name of the Vulnerable Software and Affected Versions: Employee Management System version 1.0 Description: The issue allows attackers to run arbitrary SQL commands via the admin id parameter in "update-admin.php". This can potentially lead to unauthorized access and manipulation of database...

9.8CVSS7.9AI score0.01229EPSS
Exploits4References6
Positive Technologies
Positive Technologies
added 2024/02/12 12:0 a.m.6 views

PT-2024-20066 · Gambio · Gambio

Name of the Vulnerable Software and Affected Versions: Gambio versions 4.9.2.0 and earlier Description: The issue allows attackers to run arbitrary SQL commands via a crafted GET request using the modifiersattribute parameter. This enables attackers to potentially extract or modify sensitive data...

9.8CVSS7.8AI score0.00629EPSS
Exploits1References6
OSV
OSV
added 2023/02/03 6:15 p.m.4 views

CVE-2021-36503

SQL injection vulnerability in native-php-cms 1.0 allows remote attackers to run arbitrary SQL commands via the cat parameter to /list.php file...

9.8CVSS6AI score0.00855EPSS
Exploits1References1
BDU FSTEC
BDU FSTEC
added 2022/10/20 12:0 a.m.12 views

The vulnerability in the virtual learning environment Moodle, related to insufficient cleaning of user data, allows a hacker to execute arbitrary SQL commands.

The vulnerability in the virtual training environment Moodle is related to insufficient cleaning of user data on the “browse list of users” page of the administration site. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL commands by sending a specially created quer...

10CVSS6.7AI score0.00852EPSS
Exploits0References8Affected Software3
CNNVD
CNNVD
added 2022/08/24 12:0 a.m.32 views

Exment SQL注入漏洞

Exment is simple, easy, lightweight and free web database. A security vulnerability exists in Exment PHP8 v5.0.2 and earlier, laravel-admin v3.0.0 and earlier, and exment PHP7 v4.4.2 and earlier, which can be exploited by attackers to execute arbitrary SQL commands...

8.8CVSS6.2AI score0.0119EPSS
Exploits0References5
CNNVD
CNNVD
added 2022/05/03 12:0 a.m.10 views

Fortinet FortiNAC SQL注入漏洞

Fortinet FortiNAC is a network access control solution from Fortinet, Inc. Fortinet FortiNAC versions 8.3.7 through 9.2.2 are vulnerable to SQL injection, a vulnerability that originates when user-provided data is not sufficiently cleaned and can be exploited to send ad-hoc requests to affected...

8.8CVSS8.4AI score0.00777EPSS
Exploits0References3
CNNVD
CNNVD
added 2021/08/26 12:0 a.m.4 views

DOYO SQL注入漏洞

DOYO doyocms is a PHP-based open source content management system CMS. A SQL injection vulnerability exists in admin.php of DOYO CMS 2.3, which can be exploited by an attacker to execute arbitrary SQL commands via the orders parameter...

8.8CVSS8.5AI score0.00887EPSS
Exploits1References2
CNVD
CNVD
added 2020/11/06 12:0 a.m.3 views

AudimexEE SQL Injection Vulnerability

AudimexEE is a system for audit management from Audimex AG, Germany. The system meets complex audit processes around the company's business, supports customization for use and is deployed platform-independently. A SQL injection vulnerability exists in the Documents component of AudimexEE versions...

8.8CVSS8.5AI score0.00941EPSS
Exploits0References1
CNVD
CNVD
added 2020/07/30 12:0 a.m.3 views

Gambio GX SQL Injection Vulnerability

Gambio GX is a suite of e-commerce platforms from Gambio Germany. A SQL injection vulnerability exists in the admin/mobile.php file in Gambio GX versions prior to 4.0.1.0. The vulnerability stems from a lack of validation of externally entered SQL statements in database-based applications. An...

4.9CVSS8.1AI score0.014EPSS
Exploits1References1
CNVD
CNVD
added 2020/06/19 12:0 a.m.5 views

Mitsubishi Electric MC Works64 and MC Works32 Code Injection Vulnerability

The Mitsubishi Electric MC Works64 and MC Works32 are both data acquisition and monitoring systems SCADA from Mitsubishi Electric Japan. A code injection vulnerability exists in Mitsubishi Electric MC Works64 version 4.02C 10.95.208.31 and earlier versions, and MC Works32 version 3.00A 9.50.255.0...

9.1CVSS8.4AI score0.03029EPSS
Exploits0References1
CNVD
CNVD
added 2019/12/16 12:0 a.m.2 views

Octeth Oempro SQL Injection Vulnerability

Octeth Oempro is a suite of email marketing software from Octeth USA. An SQL injection vulnerability exists in the 'CampaignID' parameter of Campaign.Get in Octeth Oempro version 4.7. The vulnerability stems from a lack of validation of externally entered SQL statements in database-based...

9.8CVSS8.2AI score0.05762EPSS
Exploits5References1
CNVD
CNVD
added 2019/08/27 12:0 a.m.3 views

WordPress gallery-photo-gallery plugin SQL injection vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL. gallery-photo-gallery is a responsive gallery plugin used in it. A SQL injection vulnerability exists in the WordPress...

9.8CVSS8AI score0.01815EPSS
Exploits0References1
CNVD
CNVD
added 2018/06/13 12:0 a.m.4 views

Library CMS SQL Injection Vulnerability

Library CMS is a management system for corporate and personal use. Library CMS suffers from a SQL injection vulnerability that can be exploited by an attacker to execute arbitrary SQL commands...

8.5AI score
Exploits0References1
CNVD
CNVD
added 2017/09/21 12:0 a.m.3 views

WordPress SQL Injection Vulnerability (CNVD-2017-34851)

WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. WordPress WPDB SQL injection vulnerability can be exploited by an attacker to execute arbitrary SQL commands due to...

8.5AI score
Exploits0References1
CNVD
CNVD
added 2017/09/15 12:0 a.m.5 views

Wordpress plugin image-gallery-with-slideshow 'imgid' parameter SQL injection vulnerability

WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. A SQL injection vulnerability exists in the Wordpress plugin image-gallery-with-slideshow. A remote attacker can exploit the...

9.8CVSS8.5AI score0.02907EPSS
Exploits1References1
CNVD
CNVD
added 2017/09/04 12:0 a.m.8 views

Ideagen Easysite SQL Injection Vulnerability

Ideagen Easysite is a web content management system from Ideagen UK. A SQL injection vulnerability exists in the CInfoService.asmx file of WebServices in Ideagen Easysite version 7.0. The vulnerability can be exploited by remote attackers to execute arbitrary SQL commands via a specially crafted...

9.8CVSS10AI score0.01407EPSS
Exploits0References1
CNVD
CNVD
added 2017/08/21 12:0 a.m.6 views

WordPress Photo Gallery by WD - Responsive Photo Gallery SQL Injection Vulnerability

WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language, the platform supports PHP and MySQL servers to set up a personal blog site.Photo Gallery by WD - Responsive Photo Gallery is one of the image management plugin. A SQL injection vulnerabilit...

7.2CVSS7.5AI score0.01593EPSS
Exploits0References1
OSV
OSV
added 2016/11/03 9:59 p.m.3 views

CVE-2016-6453

A vulnerability in the web framework code of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to execute arbitrary SQL commands on the database. More Information: CSCva46542. Known Affected Releases: 1.30.876...

7.3CVSS6.1AI score0.01102EPSS
Exploits0References3
Rows per page
Query Builder