CVE-2024-33410

SQL injection vulnerability in /model/deleterangegrade.php in campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the id parameter...

CVE-2024-33403

A SQL injection vulnerability in /model/getevents.php in campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the eventid parameter...

CVE-2024-33408

A SQL injection vulnerability in /model/getclassroom.php in campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the id parameter...

CVE-2024-33406

CVE-2024-33406 affects Campcodes Complete Web-Based School Management System 1.0. A SQL injection flaw exists in the /model/delete_student_grade_subject.php endpoint, exploitable via the index parameter to execute arbitrary SQL commands. The vulnerability originates from improper handling of user...

Security Bulletin: Vulnerabilities in Apache Commons Compress and PostgreSQL might affect IBM Storage Copy Data Management

Summary IBM Storage Copy Data Management can be affected by vulnerabilities in Apache Commons Compress and PostgreSQL. Vulnerabilities include causing a denial of service condition, and executing arbitrary SQL functions as the command issuer, as described by the CVEs in the "Vulnerability Details...

CVE-2024-33268

SQL Injection vulnerability in Digincube mdgiftproduct before 1.4.1 allows an attacker to run arbitrary SQL commands via the MdGiftRule::addGiftToCart method...

CVE-2024-33276

SQL Injection vulnerability in FME Modules preorderandnotication v.3.1.0 and before allows a remote attacker to run arbitrary SQL commands via the PreorderModel::getIdProductAttributesByIdAttributes method...

CVE-2024-33546 WordPress WZone plugin <= 14.0.10 - Arbitrary SQL Update Execution vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in AA-Team WZone allows SQL Injection.This issue affects WZone: from n/a through 14.0.10...

PrestaShop SQL注入漏洞

PrestaShop is an open source e-commerce solution from the American company PrestaShop. The solution provides multiple payment methods, short message alerts and product image zoom and other features. A SQL injection vulnerability exists in PrestaShop preorderandnotication 3.1.0 and earlier version...

CVE-2024-33276

SQL Injection vulnerability in FME Modules preorderandnotication v.3.1.0 and before allows a remote attacker to run arbitrary SQL commands via the PreorderModel::getIdProductAttributesByIdAttributes method...

CVE-2024-33268

CVE-2024-33268 affects Digincube mdgiftproduct prior to 1.4.1. The root cause is a SQL injection via MdGiftRule::addGiftToCart, enabling an attacker to execute arbitrary SQL commands against the database. Impact is described as high/critical in sources; exploitation details are not provided beyon...

CVE-2024-33276

CVE-2024-33276 affects the FME Modules preorderandnotication (versions 3.1.0 and earlier). The root cause is a SQL injection in PreorderModel::getIdProductAttributesByIdAttributes(), enabling remote attackers to execute arbitrary SQL commands. Documents do not specify a patch version or concrete ...

CVE-2024-32872 Umbraco Workflow's Backoffice users can execute arbitrary SQL

Umbraco workflow provides workflows for the Umbraco content management system. Prior to versions 10.3.9, 12.2.6, and 13.0.6, an Umbraco Backoffice user can modify requests to a particular API endpoint to include SQL, which will be executed by the server. Umbraco Workflow versions 10.3.9, 12.2.6,...

The vulnerability of the /admin/config_Anticrack.php file of the application security gateway, owned by NS-ASG Netentsec, allows a hacker to execute arbitrary SQL queries.

The vulnerability of the /admin/configAnticrack.php file of the application security gateway, NS-ASG Netentsec, is related to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL queries using the GroupId...

CVE-2024-30990

SQL Injection vulnerability in the "Invoices" page in phpgurukul Client Management System using PHP & MySQL 1.1 allows attacker to execute arbitrary SQL commands via "searchdata" parameter...

CVE-2024-30985

SQL Injection vulnerability in "B/W Dates Reports" page in phpgurukul Client Management System using PHP & MySQL 1.1 allows attacker to execute arbitrary SQL commands via "todate" and "fromdate" parameters...

CVE-2024-22719

SQL Injection vulnerability in Form Tools 3.1.1 allows attackers to run arbitrary SQL commands via the 'keyword' when searching for a client...

CVE-2024-22719

SQL Injection vulnerability in Form Tools 3.1.1 allows attackers to run arbitrary SQL commands via the 'keyword' when searching for a client...

CVE-2024-22719

CVE-2024-22719 describes an SQL injection in Form Tools 3.1.1 triggered by the keyword parameter during client search, enabling arbitrary SQL execution. Affected: Form Tools 3.1.1; root cause: unsanitized input in search; impact: high confidentiality/ integrity, CVSS v3.1 base = 8.1. Remediation:...

CVE-2023-50347

HCL DRYiCE MyXalytics is impacted by an insecure SQL interface vulnerability, potentially giving an attacker the ability to execute custom SQL queries. A malicious user can run arbitrary SQL commands including changing system configuration...