CVE-2024-50971

A SQL injection vulnerability in print.php of Itsourcecode Construction Management System 1.0 allows remote attackers to execute arbitrary SQL commands via the mapid parameter...

CVE-2024-50970

A SQL injection vulnerability in orderview1.php of Itsourcecode Online Furniture Shopping Project 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter...

CVE-2024-50971

A SQL injection vulnerability in print.php of Itsourcecode Construction Management System 1.0 allows remote attackers to execute arbitrary SQL commands via the mapid parameter...

CVE-2024-50972

CVE-2024-50972 affects Itsourcecode Construction Management System 1.0. A SQL injection flaw exists in printtool.php that allows remote attackers to execute arbitrary SQL commands via the borrow_id parameter. The issue is supported by multiple sources (NVD, Red Hat, CNNVD, PT Security, CIRCL, CVE...

CVE-2024-50971

CVE-2024-50971 affects Itsourcecode Construction Management System 1.0. A SQL injection in the print.php endpoint (parameter: map_id) enables remote attackers to execute arbitrary SQL commands. The vulnerability is described with high impact on confidentiality, integrity, and availability in the ...

CVE-2024-50972

A SQL injection vulnerability in printtool.php of Itsourcecode Construction Management System 1.0 allows remote attackers to execute arbitrary SQL commands via the borrowid parameter...

CVE-2024-50971

A SQL injection vulnerability in print.php of Itsourcecode Construction Management System 1.0 allows remote attackers to execute arbitrary SQL commands via the mapid parameter...

Vulnerabilities fixed in Microsoft SQL Server

Microsoft has fixed vulnerabilities in SQL Server. A malicious person could exploit the vulnerabilities to execute arbitrary SQL code on the database environment. With the exception of the vulnerabilities marked CVE-2024-49021 and CVE-2024-49043, the vulnerabilities are in the SQL Native Client...

SQL Injection

org.jeecgframework.boot, jeecg-boot-parent is vulnerable to SQL Injection. The vulnerability is due to a SQL injection in the /onlDragDatasetHead/getTotalData component, which allows attackers to execute arbitrary SQL commands...

CVE-2024-11020

CVE-2024-11020 affects Grand Vice info Webopac (Webopac from Grand Vice info). The vulnerability is a SQL Injection in the Webopac web interface that allows an unauthenticated remote attacker to inject arbitrary SQL commands to read, modify, and delete database contents. Several sources corrobora...

CVE-2024-11016 Grand Vice info Webopac - SQL Injection

Webopac from Grand Vice info has a SQL Injection vulnerability, allowing unauthenticated remote attacks to inject arbitrary SQL commands to read, modify, and delete database contents...

CVE-2024-50989

A SQL injection vulnerability in /omrs/admin/search.php in PHPGurukul Online Marriage Registration System v1.0 allows an attacker to execute arbitrary SQL commands via the "searchdata " parameter...

CVE-2024-51030

A SQL injection vulnerability in manageclient.php and viewcab.php of Sourcecodester Cab Management System 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter, leading to unauthorized access and potential compromise of sensitive data within the database...

CVE-2024-51211

SQL injection vulnerability exists in OS4ED openSIS-Classic Version 9.1, specifically in the resetuserinfo.php file. The vulnerability is due to improper input validation of the $usernamestnid parameter, which can be manipulated by an attacker to inject arbitrary SQL commands...

CVE-2024-51211

openSIS-Classic 9.1 (OS4ED) contains a SQL injection in resetuserinfo.php via improper input validation of the username_stn_id parameter, enabling an attacker to inject arbitrary SQL commands. Affected component/file: resetuserinfo.php in OS4ED openSIS-Classic version 9.1. Root cause: insufficien...

CVE-2024-51030

A SQL injection vulnerability in manageclient.php and viewcab.php of Sourcecodester Cab Management System 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter, leading to unauthorized access and potential compromise of sensitive data within the database...

RHEL 8 : postgresql:12 (RHSA-2024:6000)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:6000 advisory. PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: PostgreSQL relation replacement during pgdum...

SQL Injection

Funadmin is vulnerable to SQL injection. The vulnerability is due to improper input validation in the Curd one-click command mode plugin, allowing user-supplied data to be directly included in SQL queries without sanitization. Attackers can exploit this to execute arbitrary SQL commands...

SQL Injection

Funadmin is vulnerable to SQL injection. The vulnerability is due to improper input sanitization in the /curd/table/list endpoint, which allows attackers to inject arbitrary SQL queries into the database...

RHEL 9 : postgresql:16 (RHSA-2024:5929)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:5929 advisory. PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: PostgreSQL pgstatsext and...