CVE-2024-35361

MTab Bookmark v1.9.5 has an SQL injection vulnerability in /LinkStore/getIcon. An attacker can execute arbitrary SQL statements through this vulnerability without requiring any user rights...

CVE-2024-35361

MTab Bookmark v1.9.5 has an SQL injection vulnerability in /LinkStore/getIcon. An attacker can execute arbitrary SQL statements through this vulnerability without requiring any user rights...

SQL Injection

doctrine/orm is vulnerable to SQL Injection. The vulnerability is due to statements in the Where-Clause not being wrapped in brackets due to improper handling of case-insensitive checks, which allows an attacker to execute arbitrary SQL statements...

CVE-2024-3750 Visualizer: Tables and Charts Manager for WordPress <= 3.10.15 - Missing Authorization to Arbitrary SQL Execution

The Visualizer: Tables and Charts Manager for WordPress plugin for WordPress is vulnerable to unauthorized modification and retrieval of data due to a missing capability check on the getQueryData function in all versions up to, and including, 3.10.15. This makes it possible for authenticated...

WordPress Visualizer plugin <= 3.10.15 - Subscriber+ Arbitrary SQL Execution vulnerability

Subscriber+ Arbitrary SQL Execution vulnerability discovered by Krzysztof Zając in WordPress Plugin Visualizer versions = 3.10.15...

CVE-2024-4893 DigiWin EasyFlow .NET - SQL Injection

DigiWin EasyFlow .NET lacks validation for certain input parameters, allowing remote attackers to inject arbitrary SQL commands. This vulnerability enables unauthorized access to read, modify, and delete database records, as well as execute system commands...

Visualizer: Tables and Charts Manager for WordPress < 3.11.0 - Missing Authorization to Arbitrary SQL Execution

Description The Visualizer: Tables and Charts Manager for WordPress plugin for WordPress is vulnerable to unauthorized modification and retrieval of data due to a missing capability check on the getQueryData function in all versions up to, and including, 3.10.15. This makes it possible for...

Siemens RUGGEDCOM CROSSBOW SQL Injection Vulnerability (CNVD-2024-24515)

Siemens RUGGEDCOM CROSSBOW is a proven secure access management solution from Siemens, Germany. Siemens RUGGEDCOM CROSSBOW suffers from a SQL injection vulnerability that can be exploited by an attacker to send arbitrary SQL commands to a SQL server...

CVE-2024-27940

A vulnerability has been identified in RUGGEDCOM CROSSBOW All versions V5.5. The affected systems allow any authenticated user to send arbitrary SQL commands to the SQL server. An attacker could use this vulnerability to compromise the whole database...

CVE-2024-27940

A vulnerability has been identified in RUGGEDCOM CROSSBOW All versions V5.5. The affected systems allow any authenticated user to send arbitrary SQL commands to the SQL server. An attacker could use this vulnerability to compromise the whole database...

CVE-2024-34226

SQL injection vulnerability in /php-sqlite-vms/?page=managevisitor&id=1 in SourceCodester Visitor Management System 1.0 allow attackers to execute arbitrary SQL commands via the id parameters...

CVE-2024-4801

CVE-2024-4801 affects Kashipara College Management System 1.0. The vulnerability is a SQL injection in the address parameter of submit_new_faculty.php, exploitable remotely, with public disclosure of exploits. Multiple sources confirm the affected component path and vulnerability class, and refer...

CVE-2024-32655

Summary of CVE-2024-32655 (Npgsql) : The vulnerability arises in the WriteBind() implementation of Npgsql, where int variables used to track the Postgres protocol message length and the sum of parameter lengths overflow when the total exceeds integer capacity. This causes the constructed message ...

CVE-2024-32655 Npgsql Vulnerable to SQL Injection via Protocol Message Size Overflow

Npgsql is the .NET data provider for PostgreSQL. The WriteBind method in src/Npgsql/Internal/NpgsqlConnector.FrontendMessages.cs uses int variables to store the message length and the sum of parameter lengths. Both variables overflow when the sum of parameter lengths becomes too large. This cause...

CVE-2024-31961

A SQL injection vulnerability in unit.php in Sonic Shopfloor.guide before 3.1.3 allows remote attackers to execute arbitrary SQL commands via the level2 parameter...

CVE-2024-31961

Sonic Shopfloor.guide (unit.php) prior to version 3.1.3 is affected by a SQL injection via the level2 parameter, enabling remote attackers to execute arbitrary SQL commands and potentially access/modify data. Root cause: improper handling of the level2 input leading to injection. Affected softwar...

CVE-2024-33409

SQL injection vulnerability in index.php in campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the name parameter...

CVE-2024-33410

SQL injection vulnerability in /model/deleterangegrade.php in campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the id parameter...

CVE-2024-33403

A SQL injection vulnerability in /model/getevents.php in campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the eventid parameter...

CVE-2024-33408

A SQL injection vulnerability in /model/getclassroom.php in campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the id parameter...