10512 matches found
Sql injection
Unauthenticated SQL injection in the GetExcursionDetails method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers...
Sql injection
Unauthenticated SQL injection in the GetAssignmentsDue method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers...
Sql injection
Unauthenticated SQL injection in the GetAssignmentsDue method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers...
Sql injection
Unauthenticated SQL injection in the GetStudentInconsistencies method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers...
Sql injection
Unauthenticated SQL injection in the GetCurrentPeriod method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers...
Sql injection
Unauthenticated SQL injection in the StudentPopupDetailsTimetable method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers...
CVE-2023-27260 Unauthenticated SQL Injection In IDAttend’s IDWeb Application
Unauthenticated SQL injection in the GetAssignmentsDue method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers...
CVE-2023-27255 Unauthenticated SQL Injection In IDAttend’s IDWeb Application
Unauthenticated SQL injection in the DeleteRoomChanges method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers...
CVE-2023-27255 Unauthenticated SQL Injection In IDAttend’s IDWeb Application
Unauthenticated SQL injection in the DeleteRoomChanges method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers...
CVE-2023-26584 Unauthenticated SQL Injection In IDAttend’s IDWeb Application
Unauthenticated SQL injection in the GetStudentInconsistencies method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers...
CVE-2023-26584
CVE-2023-26584 concerns unauthenticated SQL injection in the GetStudentInconsistencies method of IDAttend’s IDWeb application (version 3.1.052 and earlier). The vulnerability can allow extraction or modification of all data by an unauthenticated attacker. Reported CVSS assessments indicate high i...
CVE-2023-26583 Unauthenticated SQL Injection In IDAttend’s IDWeb Application
Unauthenticated SQL injection in the GetCurrentPeriod method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers...
CVE-2023-26571 Missing Authentication In IDAttend’s IDWeb Application
Missing authentication in the SetStudentNotes method in IDAttend’s IDWeb application 3.1.052 and earlier allows modification of student data by unauthenticated attackers...
CVE-2023-26569 Unauthenticated SQL Injection In IDAttend’s IDWeb Application
Unauthenticated SQL injection in the StudentPopupDetailsTimetable method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers...
CVE-2023-26568 Unauthenticated SQL Injection In IDAttend’s IDWeb Application
Unauthenticated SQL injection in the GetStudentGroupStudents method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers...
CVE-2023-5311 WP EXtra <= 6.2 - Missing Authorization to .htaccess File Modification
The WP EXtra plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the register function in versions up to, and including, 6.2. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to modify the...
The vulnerability of the Infrastructure component of the Oracle FLEXCUBE Universal Banking system allows a perpetrator to gain access to read, modify, add, or delete data, or to cause a partial service disruption.
The vulnerability of the Infrastructure component of the Oracle FLEXCUBE Universal Banking system exists due to insufficient validation of input data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain access to read, modify, add, or delete data, or cause a partial...
PT-2023-26326 · Unknown · Superwebmailer
Name of the Vulnerable Software and Affected Versions: SuperWebMailer version 9.00.0.01710 Description: The issue allows for Export SQL Injection via the size parameter. This enables potential attackers to inject malicious SQL code, potentially leading to unauthorized data access or modification...
The vulnerability of the CORBA software platform component of Oracle Java SE allows a perpetrator to gain read, modify, add, or delete access to data.
The vulnerability of the CORBA software platform of Oracle Java SE is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to gain read, modify, add, or delete access to data remotely...
Authorization
The wpDiscuz plugin for WordPress is vulnerable to unauthorized modification of data due to a missing authorization check on the voteOnComment function in versions up to, and including, 7.6.3. This makes it possible for unauthenticated attackers to increase or decrease the rating of a comment...