CVE-2020-24769

NexusPHP 1.5 is vulnerable to SQL injection via takeconfirm.php, parameter 'classes'. Exploitation allows remote attackers to execute arbitrary SQL commands. This is the explicit vulnerability described across CVE-2020-24769 records (NVD, Red Hat, CNVD, CVE list, OSV, CNVD/CNNVD mirrors). Connect...

CVE-2020-24770

SQL injection vulnerability in modrules.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the id parameter...

JFinalOA SQL注入漏洞

JFinalOA is an enterprise office system developed based on the JFinal framework.JFinalOA has a SQL injection vulnerability that can be exploited by attackers to execute arbitrary SQL statements...

PuneethReddyHC SQL Injection Vulnerability

PuneethReddyHC is an online shopping system. SQL injection vulnerability exists in PuneethReddyHC, which can be exploited by attackers to execute arbitrary SQL statements with the p parameter in product.php...

CVE-2022-26887

Delta Electronics DIAEnergie All versions prior to 1.8.02.004 has a blind SQL injection vulnerability exists in DIAEloopmapHandler.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands...

CVE-2022-0923

Delta Electronics DIAEnergie All versions prior to 1.8.02.004 has a blind SQL injection vulnerability that exists in HandlerDialogKID.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands...

Sql injection

Delta Electronics DIAEnergie All versions prior to 1.8.02.004 has a blind SQL injection vulnerability exists in HandlerTagKID.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands...

Sql injection

Delta Electronics DIAEnergie All versions prior to 1.8.02.004 has a blind SQL injection vulnerability exists in GetLatestDemandNode. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands...

CVE-2022-27175 Delta Electronics DIAEnergie SQL Injection in GetCalcTagList

Delta Electronics DIAEnergie All versions prior to 1.8.02.004 has a blind SQL injection vulnerability that exists in GetCalcTagList. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands...

CVE-2022-26666 Delta Electronics DIAEnergie SQL Injection in HandlerDialogECC.ashx

Delta Electronics DIAEnergie All versions prior to 1.8.02.004 has a blind SQL injection vulnerability exists in HandlerECC.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands...

CVE-2022-26065 Delta Electronics DIAEnergie SQL Injection in GetLatestDemandNode and GetDemandAnalysisData

Delta Electronics DIAEnergie All versions prior to 1.8.02.004 has a blind SQL injection vulnerability exists in GetLatestDemandNode. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands...

CVE-2022-26069 Delta Electronics DIAEnergie SQL Injection in HandlerPage_KID.ashx

Delta Electronics DIAEnergie All versions prior to 1.8.02.004 has a blind SQL injection vulnerability that exists in HandlerPageKID.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands...

CVE-2022-25980 Delta Electronics DIAEnergie SQL Injection in HandlerCommon.ashx

Delta Electronics DIAEnergie All versions prior to 1.8.02.004 has a blind SQL injection vulnerability that exists in HandlerCommon.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands...

CVE-2022-26059 Delta Electronics DIAEnergie SQL Injection in GetQueryData

Delta Electronics DIAEnergie All versions prior to 1.8.02.004 has a blind SQL injection vulnerability that exists in GetQueryData. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands...

ImpressCMS SQL Injection Vulnerability (CNVD-2022-30802)

ImpressCMS is a MySQL-based, modular content management system CMS. The system includes modules for press releases, forums, and photo albums. ImpressCMS is vulnerable to a SQL injection vulnerability that stems from insufficient cleaning of user data passed in the groupps parameter of the...

Delta Electronics DIAEnergie SQL Injection Vulnerability (CNVD-2022-27555)

Delta Electronics DIAEnergie is an industrial energy management system used to monitor and analyze energy consumption in real time, calculate energy consumption and load characteristics, optimize equipment performance, improve production processes, and maximize energy efficiency.Delta Electronics...

Design/Logic Flaw

A vulnerability exists in the RunSearch function of SearchService service in Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier, which may allow for the execution of remote unauthenticated arbitrary SQL statements...

Authentication flaw

The ArchiveService.rem service in Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier exposes functions lacking proper authentication. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary SQL statements...

CVE-2021-27472 Rockwell Automation FactoryTalk AssetCentre SQL Injection

A vulnerability exists in the RunSearch function of SearchService service in Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier, which may allow for the execution of remote unauthenticated arbitrary SQL statements...

Sql injection

McAfee Enterprise ePolicy Orchestrator ePO prior to 5.10 Update 13 allows a local attacker to point an ePO server to an arbitrary SQL server during the restoration of the ePO server. To achieve this the attacker would have to be logged onto the server hosting the ePO server restricted to...