CVE-2024-33406

CVE-2024-33406 affects Campcodes Complete Web-Based School Management System 1.0. A SQL injection flaw exists in the /model/delete_student_grade_subject.php endpoint, exploitable via the index parameter to execute arbitrary SQL commands. The vulnerability originates from improper handling of user...

Security Bulletin: Vulnerabilities in Apache Commons Compress and PostgreSQL might affect IBM Storage Copy Data Management

Summary IBM Storage Copy Data Management can be affected by vulnerabilities in Apache Commons Compress and PostgreSQL. Vulnerabilities include causing a denial of service condition, and executing arbitrary SQL functions as the command issuer, as described by the CVEs in the "Vulnerability Details...

CVE-2024-33276

SQL Injection vulnerability in FME Modules preorderandnotication v.3.1.0 and before allows a remote attacker to run arbitrary SQL commands via the PreorderModel::getIdProductAttributesByIdAttributes method...

CVE-2024-33268

SQL Injection vulnerability in Digincube mdgiftproduct before 1.4.1 allows an attacker to run arbitrary SQL commands via the MdGiftRule::addGiftToCart method...

CVE-2024-33546 WordPress WZone plugin <= 14.0.10 - Arbitrary SQL Update Execution vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in AA-Team WZone allows SQL Injection.This issue affects WZone: from n/a through 14.0.10...

PrestaShop SQL注入漏洞

PrestaShop is an open source e-commerce solution from the American company PrestaShop. The solution provides multiple payment methods, short message alerts and product image zoom and other features. A SQL injection vulnerability exists in PrestaShop preorderandnotication 3.1.0 and earlier version...

CVE-2024-33276

SQL Injection vulnerability in FME Modules preorderandnotication v.3.1.0 and before allows a remote attacker to run arbitrary SQL commands via the PreorderModel::getIdProductAttributesByIdAttributes method...

CVE-2024-33276

CVE-2024-33276 affects the FME Modules preorderandnotication (versions 3.1.0 and earlier). The root cause is a SQL injection in PreorderModel::getIdProductAttributesByIdAttributes(), enabling remote attackers to execute arbitrary SQL commands. Documents do not specify a patch version or concrete ...

CVE-2024-33268

CVE-2024-33268 affects Digincube mdgiftproduct prior to 1.4.1. The root cause is a SQL injection via MdGiftRule::addGiftToCart, enabling an attacker to execute arbitrary SQL commands against the database. Impact is described as high/critical in sources; exploitation details are not provided beyon...

CVE-2024-32872 Umbraco Workflow's Backoffice users can execute arbitrary SQL

Umbraco workflow provides workflows for the Umbraco content management system. Prior to versions 10.3.9, 12.2.6, and 13.0.6, an Umbraco Backoffice user can modify requests to a particular API endpoint to include SQL, which will be executed by the server. Umbraco Workflow versions 10.3.9, 12.2.6,...

The vulnerability of the /admin/config_Anticrack.php file of the application security gateway, owned by NS-ASG Netentsec, allows a hacker to execute arbitrary SQL queries.

The vulnerability of the /admin/configAnticrack.php file of the application security gateway, NS-ASG Netentsec, is related to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL queries using the GroupId...

CVE-2024-30990

SQL Injection vulnerability in the "Invoices" page in phpgurukul Client Management System using PHP & MySQL 1.1 allows attacker to execute arbitrary SQL commands via "searchdata" parameter...

CVE-2024-30985

SQL Injection vulnerability in "B/W Dates Reports" page in phpgurukul Client Management System using PHP & MySQL 1.1 allows attacker to execute arbitrary SQL commands via "todate" and "fromdate" parameters...

CVE-2024-22719

SQL Injection vulnerability in Form Tools 3.1.1 allows attackers to run arbitrary SQL commands via the 'keyword' when searching for a client...

CVE-2024-22719

SQL Injection vulnerability in Form Tools 3.1.1 allows attackers to run arbitrary SQL commands via the 'keyword' when searching for a client...

CVE-2024-22719

CVE-2024-22719 describes an SQL injection in Form Tools 3.1.1 triggered by the keyword parameter during client search, enabling arbitrary SQL execution. Affected: Form Tools 3.1.1; root cause: unsanitized input in search; impact: high confidentiality/ integrity, CVSS v3.1 base = 8.1. Remediation:...

CVE-2023-50347

HCL DRYiCE MyXalytics is impacted by an insecure SQL interface vulnerability, potentially giving an attacker the ability to execute custom SQL queries. A malicious user can run arbitrary SQL commands including changing system configuration...

CVE-2023-50347

CVE-2023-50347 : The vulnerability affects HCL DRYiCE MyXalytics, described as an insecure SQL interface that could allow an attacker to execute arbitrary SQL, including changing system configuration. Multiple sources (NVD/NVD-derived records and third-party advisories) corroborate the issue but ...

ROS-20240328-01

GLPI's asset management and data center management software vulnerability is related to the SQL code injection through administration of dashboards. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary SQL queries...

ROS-20240322-03

Vulnerability of REFRESH MATERIALIZED VIEW CONCURRENTLY function of PostgreSQL database management system is related to privilege management errors in processing and checking command line parameters. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary SQ...