39 matches found
Snipe-IT 跨站脚本漏洞
Snipe-IT is a set of open-source IT asset/license management systems developed by Grokability. Versions of Snipe-IT prior to 8.4.1 contained a cross-site scripting vulnerability. This vulnerability stemmed from unescaped notes columns, which could lead to cross-site scripting attacks...
PT-2026-6102
Name of the Vulnerable Software and Affected Versions GLPI versions 0.85 through 10.0.22 Description GLPI is an asset and IT management software package. An authenticated user can perform a SQL injection. This allows for potential unauthorized access or modification of data within the system...
EUVD-2025-203855
GLPI is a free asset and IT management software package. Starting in version 9.1.0 and prior to version 10.0.21, an unauthorized user with an API access can read all knowledge base entries. Users should upgrade to 10.0.21 to receive a patch...
CVE-2025-1797 Hunan Zhonghe Baiyi Information Technology Baiyiyun Asset Management and Operations System anyUserBoundHouse.php sql injection
A vulnerability, which was classified as critical, has been found in Hunan Zhonghe Baiyi Information Technology Baiyiyun Asset Management and Operations System up to 20250217. Affected by this issue is some unknown functionality of the file /wuser/anyUserBoundHouse.php. The manipulation of the...
Zhonghe Baiyi Baiyiyun Asset Management and Operations System 注入漏洞
Zhonghe Baiyi Baiyiyun Asset Management and Operations System is an asset management and operations system of Zhonghe Baiyi, a Chinese company. An injection vulnerability exists in Zhonghe Baiyi Baiyiyun Asset Management and Operations System 20250217 and prior versions, which stems from SQL...
CVE-2025-1535
A vulnerability was found in Baiyi Cloud Asset Management System 8.142.100.161. It has been classified as critical. This affects an unknown part of the file /wuser/admin.ticket.close.php. The manipulation of the argument ticketid leads to sql injection. It is possible to initiate the attack...
CVE-2025-1464
A vulnerability, which was classified as critical, has been found in Baiyi Cloud Asset Management System up to 20250204. This issue affects some unknown processing of the file /wuser/admin.house.collect.php. The manipulation of the argument projectid leads to sql injection. The attack may be...
CVE-2025-1535 Baiyi Cloud Asset Management System admin.ticket.close.php sql injection
A vulnerability was found in Baiyi Cloud Asset Management System 8.142.100.161. It has been classified as critical. This affects an unknown part of the file /wuser/admin.ticket.close.php. The manipulation of the argument ticketid leads to sql injection. It is possible to initiate the attack...
CVE-2025-1535 Baiyi Cloud Asset Management System admin.ticket.close.php sql injection
A vulnerability was found in Baiyi Cloud Asset Management System 8.142.100.161. It has been classified as critical. This affects an unknown part of the file /wuser/admin.ticket.close.php. The manipulation of the argument ticketid leads to sql injection. It is possible to initiate the attack...
Baiyi Cloud Asset Management System 注入漏洞
Baiyi Cloud Asset Management System is a cloud asset management system from Baiyi Corporation. An injection vulnerability exists in Baiyi Cloud Asset Management System version 8.142.100.161, which is caused by SQL injection of the parameter ticketid...
CVE-2025-1464
A vulnerability, which was classified as critical, has been found in Baiyi Cloud Asset Management System up to 20250204. This issue affects some unknown processing of the file /wuser/admin.house.collect.php. The manipulation of the argument projectid leads to sql injection. The attack may be...
CVE-2025-1464 Baiyi Cloud Asset Management System admin.house.collect.php sql injection
A vulnerability, which was classified as critical, has been found in Baiyi Cloud Asset Management System up to 20250204. This issue affects some unknown processing of the file /wuser/admin.house.collect.php. The manipulation of the argument projectid leads to sql injection. The attack may be...
The vulnerability of the GLPI system’s request, incident, and asset inventory management processes, related to the lack of measures taken to protect the website structure, allows a malicious attacker to carry out XSS attacks.
The vulnerability of the GLPI system’s request, incident, and computer equipment inventory management functions is related to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to carry out XSS attacks...
The vulnerability of the GLPI system’s request and incident handling process, related to incorrect input cancellation during the generation of web pages, allows a perpetrator to execute arbitrary code.
The vulnerability of the GLPI system for handling requests and incidents is related to the improper elimination of input data during the generation of the web page. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
The vulnerability of the GLPI reports’ reporting system, related to improper handling of input data during the generation of web pages used in SQL commands, allows attackers to carry out XSS attacks.
The vulnerability of the GLPI reports plugin relates to the proper neutralization of input data during the generation of web pages. Exploiting this vulnerability allows a malicious actor to carry out XSS attacks using a specially crafted website...
The vulnerability of the GLPI system’s request and incident handling process, related to incorrect input cancellation during the generation of web pages, allows a perpetrator to execute arbitrary code.
The vulnerability of the GLPI system for handling requests and incidents is related to incorrect neutralization of input data during the generation of the web page. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using specially crafted RTF format data...
Exploit for SQL Injection in Projectworlds Asset_Management_System_Project_In_Php
CVE-2023-43144 Description Assets Management System 1.0 is...
CVE-2023-43014
Asset Management System v1.0 is vulnerable to an Authenticated SQL Injection vulnerability on the 'firstname' and 'lastname' parameters of user.php page, allowing an authenticated attacker to dump all the contents of the database contents...
CVE-2023-43014
Asset Management System v1.0 is vulnerable to an Authenticated SQL Injection vulnerability on the 'firstname' and 'lastname' parameters of user.php page, allowing an authenticated attacker to dump all the contents of the database contents...
Sql injection
Asset Management System v1.0 is vulnerable to an Authenticated SQL Injection vulnerability on the 'firstname' and 'lastname' parameters of user.php page, allowing an authenticated attacker to dump all the contents of the database contents...