Exploit for Code Injection in Oretnom23 Simple_Student_Attendance_System

CVE-2023-51801 Simple Student Attendance System v.1.0 - Mult...

PT-2024-2986 · Grafana +1 · Grafana +1

Name of the Vulnerable Software and Affected Versions: Pandora FMS versions 700 through 776 Description: The issue is related to an SQL Injection vulnerability, which allows for improper neutralization of special elements used in an SQL command. This vulnerability affects the Grafana module,...

CVE-2023-39336

An unspecified SQL Injection vulnerability in Ivanti Endpoint Manager released prior to 2022 SU 5 allows an attacker with access to the internal network to execute arbitrary SQL queries and retrieve output without the need for authentication. Under specific circumstances, this may also lead to RC...

CVE-2023-39336

An unspecified SQL Injection vulnerability in Ivanti Endpoint Manager released prior to 2022 SU 5 allows an attacker with access to the internal network to execute arbitrary SQL queries and retrieve output without the need for authentication. Under specific circumstances, this may also lead to RC...

Kashipara Food Management System SQL注入漏洞

Kashipara Food Management System is a food management system from Kashipara. A SQL injection vulnerability exists in Kashipara Food Management System version 1.0, which is caused by the lack of validation of the parameter itemype in the stockentrysubmit.php file for externally entered SQL...

CVE-2023-44088

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Pandora FMS on all allows SQL Injection. Arbitrary SQL queries were allowed to be executed using any account with low privileges. This issue affects Pandora FMS: from 700 through 774...

CVE-2023-44088 SQL Injection in Visual Console

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Pandora FMS on all allows SQL Injection. Arbitrary SQL queries were allowed to be executed using any account with low privileges. This issue affects Pandora FMS: from 700 through 774...

Design/Logic Flaw

Cacti provides an operational monitoring and fault management framework. In versions 1.2.25 and prior, it is possible to execute arbitrary SQL code through the pollers.php script. An authorized user may be able to execute arbitrary SQL code. The vulnerable component is the pollers.php. Impact of...

PT-2024-12: SQL Injection in Cacti

The vulnerability was identified in Cacti version 1.2.25 and below. It allows to execute arbitrary SQL code. The vulnerability can be exploited by an authorized user using the vulnerable component pollers.php. Vulnerability status: Confirmed by vendor Date of vulnerability detection: 22.12.2023...

PT-2023-8525 · Cacti +1 · Cacti +1

Name of the Vulnerable Software and Affected Versions: Cacti versions 1.2.25 and prior Description: The issue is related to a lack of protection in the SQL query structure of the Cacti network monitoring tool, specifically in the pollers.php script. This allows an authorized user to execute...

CVE-2023-47990

SQL Injection vulnerability in components/tablemanager/html/editadmintable.php in CuppaCMS V1.0 allows attackers to run arbitrary SQL commands via the table parameter...

SQL Injection

Apache Superset is vulnerable to SQL Injection. The vulnerability is due improper user input validation and sanitization in the wherein JINJA macro. This issue can be exploited by an attacker by injecting a quote within the JINJA macro resulting in the execution of arbitrary SQL statements...

CVE-2023-47990

SQL Injection vulnerability in components/tablemanager/html/editadmintable.php in CuppaCMS V1.0 allows attackers to run arbitrary SQL commands via the table parameter...

PT-2023-30663 · Cuppacms · Cuppacms

Name of the Vulnerable Software and Affected Versions: CuppaCMS version V1.0 Description: The issue allows attackers to run arbitrary SQL commands via the table parameter in the components/table manager/html/edit admin table.php file. This can be exploited by sending malicious input to the affect...

CVE-2023-48395 Kaifa Technology WebITR - SQL Injection

Kaifa Technology WebITR is an online attendance system, it has insufficient validation for user input within a special function. A remote attacker with regular user privilege can exploit this vulnerability to inject arbitrary SQL commands to read database...

CVE-2023-48372 ITPison OMICARD EDM 's SMS - SQL Injection

ITPison OMICARD EDM 's SMS-related function has insufficient validation for user input. An unauthenticated remote attacker can exploit this vulnerability to inject arbitrary SQL commands to access, modify and delete database...

Sql injection

A SQL injection vulnerability in Zultys MX-SE, MX-SE II, MX-E, MX-Virtual, MX250, and MX30 with firmware versions prior to 17.0.10 patch 17161 and 16.04 patch 16109 allows an authenticated attacker to execute arbitrary SQL queries on the backend database via the filter parameter in requests to th...

CVE-2023-43743

A SQL injection vulnerability in Zultys MX-SE, MX-SE II, MX-E, MX-Virtual, MX250, and MX30 with firmware versions prior to 17.0.10 patch 17161 and 16.04 patch 16109 allows an authenticated attacker to execute arbitrary SQL queries on the backend database via the filter parameter in requests to th...

CVE-2023-46700

SQL injection vulnerability in LuxCal Web Calendar prior to 5.2.4M MySQL version and LuxCal Web Calendar prior to 5.2.4L SQLite version allows a remote unauthenticated attacker to execute an arbitrary SQL command by sending a crafted request, and obtain or alter information stored in the database...

CVE-2023-46700

SQL injection vulnerability in LuxCal Web Calendar prior to 5.2.4M MySQL version and LuxCal Web Calendar prior to 5.2.4L SQLite version allows a remote unauthenticated attacker to execute an arbitrary SQL command by sending a crafted request, and obtain or alter information stored in the database...