CVE-2023-23630

Eta is an embedded JS templating engine that works inside Node, Deno, and the browser. XSS attack - anyone using the Express API is impacted. The problem has been resolved. Users should upgrade to version 2.0.0. As a workaround, don't pass user supplied things directly to res.render...

PT-2025-14916 · Unknown · Eleopard Behance Portfolio Manager

Name of the Vulnerable Software and Affected Versions: eleopard Behance Portfolio Manager versions 1.7.4 and earlier Description: The issue is related to an SQL Injection vulnerability, specifically Improper Neutralization of Special Elements used in an SQL Command. This allows for Blind SQL...

PT-2025-5959 · Stylemixthemes · Ulisting

Name of the Vulnerable Software and Affected Versions: StylemixThemes uListing versions 2.1.6 and earlier Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows attackers to inject malicious SQL...

PT-2024-36638 · Ydesignservices · Yds Support Ticket System

Name of the Vulnerable Software and Affected Versions: ydesignservices YDS Support Ticket System versions n/a through 1.0 Description: The issue is related to an SQL Injection vulnerability, allowing attackers to execute malicious SQL commands. This is due to the improper neutralization of specia...

PT-2024-36641 · Unknown · Navayan Csv Export

Name of the Vulnerable Software and Affected Versions: Navayan CSV Export versions 1.0.9 and earlier Description: The issue is related to the improper neutralization of special elements used in an SQL command, allowing Blind SQL Injection. This problem enables attackers to inject malicious SQL...

PT-2024-36628 · Unknown · Site Intel

Name of the Vulnerable Software and Affected Versions: Critical Site Intel versions n/a through 1.0 Description: The issue is related to an improper neutralization of special elements used in an SQL command, also known as 'SQL Injection'. This allows for SQL Injection, which can be exploited...

PT-2024-35911 · Unknown · Beaver Builder

Name of the Vulnerable Software and Affected Versions: Beaver Builder versions through 2.8.4.3 Description: The issue is related to improper neutralization of input during web page generation, which allows stored Cross-site Scripting XSS. This means that an attacker can inject malicious scripts...

PT-2024-35275 · W3 Eden · W3 Eden

Name of the Vulnerable Software and Affected Versions: W3 Eden, Inc. Premium Packages versions n/a through 5.9.3 Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL Injection attacks...

PT-2024-33578 · WordPress · Duplicate Title Validate

Name of the Vulnerable Software and Affected Versions: Duplicate Title Validate versions n/a through 1.0 Description: The issue is related to an SQL Injection vulnerability, specifically an improper neutralization of special elements used in an SQL command. This allows for Blind SQL Injection,...

PT-2024-32940 · Unknown · Restaurant Reservations Widget

Name of the Vulnerable Software and Affected Versions: Restaurant Reservations Widget versions n/a through 1.0 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Reflected XSS. Recommendations:...

PT-2024-30778 · Unknown · Wbw Product Table Pro

Name of the Vulnerable Software and Affected Versions: WBW Product Table PRO versions 1.9.4 and earlier Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL Injection, potentially...

PT-2024-40171 · Propel · Propel

Name of the Vulnerable Software and Affected Versions: Propel versions 1.x through 3.x Description: The limit query method in Propel is susceptible to catastrophic SQL injection when used with MySQL. This occurs due to a lack of integer casting of the limit input in either...

PT-2024-25167 · Unknown · Employee Management System

Name of the Vulnerable Software and Affected Versions: Employee Task Management System version 1.0 Description: The issue allows for SQL Injection via the admin-manage-user.php page. Recommendations: For Employee Task Management System version 1.0, consider restricting access to the...

PT-2024-23641 · Netentsec · Netentsec Ns-Asg

Name of the Vulnerable Software and Affected Versions: netentsec NS-ASG version 6.3 Description: The issue is related to SQL Injection, which can be exploited via the "/WebPages/history.php" API endpoint. This allows for potential unauthorized access or manipulation of data. Recommendations: For...

PT-2024-23291

Name of the Vulnerable Software and Affected Versions Andy Moyle Church Admin versions 4.0.27 and earlier Description The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for potential exploitation by injecti...

PT-2024-20749 · Unknown · Maspik – Spam Blacklist

Name of the Vulnerable Software and Affected Versions: Maspik – Spam Blacklist versions 0.10.6 and earlier Description: The issue is related to improper neutralization of input during web page generation, which allows for stored cross-site scripting XSS. This means that an attacker can inject...

PT-2024-20259 · Unknown · Springboot-Manager

Name of the Vulnerable Software and Affected Versions: springboot-manager version 1.6 Description: The issue is related to Cross Site Scripting XSS via the "/sys/user" API endpoint. This allows for potential malicious script execution. The estimated number of potentially affected devices worldwid...

PT-2023-30168

Name of the Vulnerable Software and Affected Versions Talent Software ECOP versions prior to 32255 Description The issue is related to an Improper Neutralization of Special Elements used in an SQL Command, also known as 'SQL Injection', which allows Command Line Execution through SQL Injection...

PT-2023-31571

Name of the Vulnerable Software and Affected Versions DRDrive versions prior to 20231006 Description The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL Injection attacks. Recommendations For version...

PT-2023-8554 · Unknown · Neshan Maps

Name of the Vulnerable Software and Affected Versions: Neshan Maps versions 1.1.4 and earlier Description: The issue is related to the improper neutralization of special elements used in an SQL command, which allows for SQL injection attacks. This can be exploited by a remote attacker to conduct...