Lucene search
K

183 matches found

CNNVD
CNNVD
added 2024/10/21 12:0 a.m.3 views

Mitel MiCollab SQL注入漏洞

Mitel MiCollab is an enterprise-grade audio, web and video conferencing solution that provides efficient collaboration and communication capabilities. An SQL injection vulnerability exists in Mitel MiCollab, which can be exploited by an attacker to access non-sensitive user configuration...

9.4CVSS8.1AI score0.00458EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/10/21 12:0 a.m.29 views

CVE-2024-47189

The API Interface of the AWV Audio, Web and Video Conferencing component of Mitel MiCollab through 9.8 SP1 FP2 9.8.1.201 could allow an unauthenticated attacker to conduct SQL injection due to insufficient sanitization of user input. A successful exploit could allow an attacker with knowledge of...

0.004EPSS
Exploits0References1
CVE
CVE
added 2024/10/21 12:0 a.m.58 views

CVE-2024-47223

CVE-2024-47223 affects the AWV (Audio, Web and Video Conferencing) component of Mitel MiCollab up to version 9.8 SP1 FP2 (9.8.1.201). The Red Hat/NCSC/PTSecurity and CVE records describe an unauthenticated SQL injection caused by insufficient input sanitization, enabling access to non-sensitive u...

9.4CVSS8.2AI score0.00458EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2024/09/01 12:0 a.m.5 views

PT-2024-30645 · Unknown · Easytest Online Test Platform

Name of the Vulnerable Software and Affected Versions: Easytest Online Test Platform versions 24E01 and earlier Description: The issue allows remote attackers to execute arbitrary SQL commands via the cstr parameter in the download class learning course function. This enables attackers to...

9.8CVSS8.7AI score0.00487EPSS
Exploits0References7
CNNVD
CNNVD
added 2024/06/07 12:0 a.m.5 views

WordPress plugin Music Store security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

6.5CVSS7.8AI score0.00519EPSS
Exploits0References5
CNNVD
CNNVD
added 2024/06/03 12:0 a.m.5 views

PHPGurukul Online Fire Reporting System 安全漏洞

Online Fire Reporting System is an online fire reporting system. The Online Fire Reporting System suffers from a SQL injection vulnerability that originates from a lack of validation of external input SQL statements in ofrs/admin/index.php. The vulnerability can be exploited by an attacker to...

9.1CVSS8.2AI score0.00607EPSS
Exploits1References2
CNNVD
CNNVD
added 2024/05/28 12:0 a.m.6 views

Complete Web-Based School Management System 安全漏洞

Campcodes Complete Web-Based School Management System is a Web-based school management system from Campcodes, Inc. A security vulnerability exists in Complete Web-Based School Management System version 1.0. An attacker can exploit this vulnerability to execute arbitrary SQL commands via the index...

6.5CVSS8AI score0.00426EPSS
Exploits1References2
CNNVD
CNNVD
added 2024/05/23 12:0 a.m.3 views

Campcodes Complete Web-Based School Management System 安全漏洞

Campcodes Complete Web-Based School Management System is a Web-based school management system from Campcodes, Inc. A security vulnerability exists in Complete Web-Based School Management System version 1.0. An attacker can exploit this vulnerability to execute arbitrary SQL commands via the name...

9.8CVSS8AI score0.0051EPSS
Exploits1References2
NVD
NVD
added 2024/05/14 4:17 p.m.13 views

CVE-2024-33009

SAP Global Label Management is vulnerable to SQL injection. On exploitation the attacker can use specially crafted inputs to modify database commands resulting in the retrieval of additional information persisted by the system. This could lead to low impact on Confidentiality and Integrity of the...

4.2CVSS5AI score0.0029EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/05/14 3:58 a.m.14 views

CVE-2024-33009 SQL injection vulnerability in SAP Global Label Management (GLM)

SAP Global Label Management is vulnerable to SQL injection. On exploitation the attacker can use specially crafted inputs to modify database commands resulting in the retrieval of additional information persisted by the system. This could lead to low impact on Confidentiality and Integrity of the...

4.2CVSS7.7AI score0.0029EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/03/21 12:0 a.m.7 views

crmeb_java 安全漏洞

Zhongbang CRMEB is an open source e-commerce management system from Zhongbang Networks Zhongbang in Xi'an, China. A security vulnerability exists in versions prior to crmebjava v1.3.4, which stems from the presence of a SQL injection vulnerability that allows an attacker to run arbitrary SQL...

6.5CVSS7.9AI score0.00613EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2024/03/19 12:0 a.m.5 views

PT-2024-22491 · Unknown · Employee Management System

Name of the Vulnerable Software and Affected Versions: Employee Management System version 1.0 Description: The issue allows attackers to run arbitrary SQL commands via the admin id parameter in "update-admin.php". This can potentially lead to unauthorized access and manipulation of database...

9.8CVSS7.9AI score0.01229EPSS
Exploits4References6
Positive Technologies
Positive Technologies
added 2024/02/12 12:0 a.m.6 views

PT-2024-20066 · Gambio · Gambio

Name of the Vulnerable Software and Affected Versions: Gambio versions 4.9.2.0 and earlier Description: The issue allows attackers to run arbitrary SQL commands via a crafted GET request using the modifiersattribute parameter. This enables attackers to potentially extract or modify sensitive data...

9.8CVSS7.8AI score0.00629EPSS
Exploits1References6
ATTACKERKB
ATTACKERKB
added 2023/12/29 3:15 p.m.9 views

CVE-2023-4675

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in GM Information Technologies MDO allows SQL Injection. This issue affects MDO: through 20231229. NOTE: The vendor was contacted early about this disclosure but did not respond in any way...

9.8CVSS7.3AI score0.00527EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2023/12/28 12:0 a.m.4 views

PT-2023-30168

Name of the Vulnerable Software and Affected Versions Talent Software ECOP versions prior to 32255 Description The issue is related to an Improper Neutralization of Special Elements used in an SQL Command, also known as 'SQL Injection', which allows Command Line Execution through SQL Injection...

9.8CVSS7.5AI score0.00646EPSS
Exploits0References9
BDU FSTEC
BDU FSTEC
added 2023/11/15 12:0 a.m.6 views

The vulnerability of the GLPI system for managing requests, incidents, and inventory of computer equipment arises from the use of a field in the ITIL form for submitting requests, which allows an attacker to obtain the administrator’s account information.

The vulnerability of the GLPI system for managing requests, incidents, and inventory of computer equipment lies in the use of a input field for ITIL entities in the request form. Exploiting this vulnerability could allow a malicious actor to gain access to the administrator’s account by sending a...

10CVSS7.8AI score0.00899EPSS
Exploits0References3Affected Software2
BDU FSTEC
BDU FSTEC
added 2023/11/13 12:0 a.m.7 views

The vulnerability of the GLPI system’s request, incident, and asset inventory management processes, related to the improper elimination of special elements used in SQL commands, allows a hacker to gain access to the administrator account.

The vulnerability of the GLPI system for requests, incidents, and inventory management is related to the improper elimination of special elements used in SQL commands. Exploiting this vulnerability can allow a malicious actor to gain control of the administrator’s account remotely...

10CVSS7.8AI score0.31871EPSS
Exploits0References3Affected Software2
OSV
OSV
added 2023/11/06 9:15 a.m.4 views

CVE-2023-45830

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Online ADA Accessibility Suite by Online ADA allows SQL Injection.This issue affects Accessibility Suite by Online ADA: from n/a through 4.12...

9.8CVSS7.3AI score0.0055EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/09/20 12:0 a.m.2 views

PT-2023-24930 · Prestashop +1 · Opartsavecart +1

Name of the Vulnerable Software and Affected Versions: PrestaShop opartsavecart versions through 2.0.7 Description: The issue allows remote attackers to run arbitrary SQL commands via OpartSaveCartDefaultModuleFrontController::initContent and...

9.8CVSS9.7AI score0.00745EPSS
Exploits1References6
CNNVD
CNNVD
added 2023/09/19 12:0 a.m.5 views

Nagios XI SQL Injection Vulnerability

Nagios XI is a suite of IT infrastructure monitoring solutions from the US-based Nagios. The solution supports monitoring and alerting of applications, services, operating systems, and more. A security vulnerability exists in Nagios XI version 5.11.1 and earlier, which originated from a...

7.2CVSS8AI score0.0321EPSS
Exploits0References4
Rows per page
Query Builder