13181 matches found
CVE-2024-33802
A SQL injection vulnerability in /model/getstudentsubject.php in campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the index parameter...
CVE-2024-33801
A SQL injection vulnerability in /model/getsubjectrouting.php in campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the id parameter...
CVE-2024-33801
A SQL injection vulnerability in /model/getsubjectrouting.php in campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the id parameter...
CVE-2024-33799
A SQL injection vulnerability in /model/getteacher.php in campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the id parameter...
SQL Injection
mocodo is vulnerable to SQL Injection. The vulnerability is due to improper sanitization of the sqlcase input field in /web/generate.php, allowing remote attackers to execute arbitrary SQL commands and potentially command injection, leading to remote code execution RCE under certain conditions...
SQL Injection
PyMySQL is vulnerable to SQL Injection. The vulnerability is due to improper JSON sanitization within the escapedict function, which allows an attacker execute arbitrary SQL if an application handles untrusted JSON user input...
CVE-2024-34929
A SQL injection vulnerability in /view/findfriends.php in Campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the myindex parameter...
CVE-2024-34936
A SQL injection vulnerability in /view/event1.php in Campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the month parameter...
CVE-2024-34935
A SQL injection vulnerability in /view/conversationhistoryadmin.php in Campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the conversationid parameter...
CVE-2024-34935
A SQL injection vulnerability in /view/conversationhistoryadmin.php in Campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the conversationid parameter...
CVE-2024-34934
A SQL injection vulnerability in /view/emarksrangegradeupdateform.php in Campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the conversationid parameter...
CVE-2024-34934
A SQL injection vulnerability in /view/emarksrangegradeupdateform.php in Campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the conversationid parameter...
CVE-2024-34932
A SQL injection vulnerability in /model/updateexam.php in Campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the name parameter...
CVE-2024-34932
A SQL injection vulnerability in /model/updateexam.php in Campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the name parameter...
CVE-2024-34931
A SQL injection vulnerability in /model/updatesubject.php in Campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the name parameter...
CVE-2024-34930
A SQL injection vulnerability in /model/allevents1.php in Campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the month parameter...
CVE-2024-34929
A SQL injection vulnerability in /view/findfriends.php in Campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the myindex parameter...
CVE-2024-34927
A SQL injection vulnerability in /model/updateclassroom.php in Campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the name parameter...
CVE-2024-35475
A Cross-Site Request Forgery CSRF vulnerability was discovered in OpenKM Community Edition on or before version 6.3.12. The vulnerability exists in /admin/DatabaseQuery, which allows an attacker to manipulate a victim with administrative privileges to execute arbitrary SQL commands...
CVE-2024-35361
CVE-2024-35361 affects MTab Bookmark v1.9.5. A SQL injection vulnerability exists in the /LinkStore/getIcon API endpoint that allows an attacker to execute arbitrary SQL statements without any user privileges. The issue is documented across multiple sources (NVD/Red Hat/CVE records) and is rated ...