Code-Projects Responsive Hotel Site 注入漏洞

Responsive Hotel Site is a responsive hotel website. Responsive Hotel Site suffers from a SQL injection vulnerability that stems from a lack of validation of externally-entered SQL statements in the parameter troom of file /admin/room.php. An attacker can exploit this vulnerability to execute...

Devolutions Remote Desktop Manager 安全漏洞

Devolutions Remote Desktop Manager is an application from Devolutions Canada Inc. It provides remote desktop management functionality. A security vulnerability exists in Devolutions Remote Desktop Manager version 2024.3.17 and prior versions, which stems from incorrect authentication in SQL data...

Code-Projects Inventory Management System 注入漏洞

Inventory Management is an inventory management system. Inventory Management suffers from a SQL injection vulnerability that stems from a lack of validation of externally entered SQL statements in the id parameter of the /model/editProduct.php file. An attacker can exploit this vulnerability to...

Moodle SQL Injection Vulnerability (CNVD-2024-44850)

Moodle is Moodle open source set of free e-learning software platform, also known as course management system, learning management system or virtual learning environment. Moodle suffers from an SQL injection vulnerability that stems from a lack of validation of externally entered SQL statements i...

CVE-2024-42404

SQL injection vulnerability in Welcart e-Commerce prior to 2.11.2 allows an attacker who can login to the product to obtain or alter the information stored in the database...

SportsNET SQL注入漏洞

SportsNET is a sports event network application from SportsNET, Inc. SportsNET suffers from a SQL injection vulnerability that can be exploited by an attacker to retrieve, update, and delete all information in the database via a specially crafted SQL query...

PT-2024-38944 · Gether Technology · 6Shr System

Name of the Vulnerable Software and Affected Versions: 6SHR system from Gether Technology affected versions not specified Description: The 6SHR system from Gether Technology does not properly validate the specific page parameter, allowing remote attackers with regular privilege to inject SQL...

Kashipara Music Management System SQL Injection Vulnerability

Kashipara Music Management System is a music management system from Kashipara. A SQL injection vulnerability exists in Kashipara Music Management System v1.0, which originates from the lack of validation of the "id" parameter of /music/viewuser.php against external SQL input, and can be exploited...

Kashipara Music Management System SQL Injection Vulnerability (CNVD-2024-37435)

Kashipara Music Management System is a music management system from Kashipara. Kashipara Music Management System v1.0 suffers from a SQL injection vulnerability, which originates from the lack of validation of the search parameter of /music/ajax.php?action=findmusic against external SQL input,...

WordPress plugin Contact Form by Bit Form 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on servers running PHP and MySQL. WordPress plugin is an application plugin. A security vulnerability exists in t...

CVE-2024-38482

CloudLink, versions 7.1.x and 8.x, contain an Improper check or handling of Exceptional Conditions Vulnerability in Cluster Component. A highly privileged malicious user with remote access could potentially exploit this vulnerability, leading to execute unauthorized actions and retrieve sensitive...

Computer Laboratory Management System SQL Injection Vulnerability

Computer Laboratory Management System is a computerized laboratory management system. A SQL injection vulnerability exists in Computer Laboratory Management System version 1.0 due to a lack of validation of externally entered SQL statements in the parameter id. An attacker can exploit this...

Mini-Tmall SQL Injection Vulnerability

Mini-Tmall is a Spring Boot-based mini-Tmall mall , fast deployment run , suitable for use as a bijou template . SQL injection vulnerability exists in versions prior to Mini-Tmall v2024.07.03. The vulnerability stems from the application's lack of validation of externally entered SQL statements,...

Broadcom Symantec Privileged Access Management 安全漏洞

Broadcom Symantec Privileged Access Management Broadcom Symantec PAM is a security software from Broadcom, Inc. It helps prevent security breaches by protecting sensitive administrative credentials, controlling privileged user access, proactively enforcing security policies, and monitoring and...

SAP Global Label Management SQL Injection Vulnerability

SAP Global Label Management is a global label management system from SAP. SAP Global Label Management suffers from a SQL injection vulnerability that stems from the application's lack of validation of externally entered SQL statements. An attacker could use this vulnerability to execute illegal S...

J2EEFAST SysTenantMapper.xml file SQL injection vulnerability

J2eeFAST is a Java EE enterprise-class rapid development platform , is committed to building the best small and medium-sized open source free back-end framework platform . J2EEFAST v2.7.0 version of the SQL injection vulnerability , the vulnerability stems from the SysTenantMapper.xml findPage...

J2EEFAST ProcessDefinitionMapper.xml File SQL Injection Vulnerability

J2eeFAST is a Java EE enterprise-class rapid development platform , is committed to building the best small and medium-sized open source free back-end framework platform . J2EEFAST v2.7.0 version of the SQL injection vulnerability , the vulnerability stems from ProcessDefinitionMapper.xml findPag...

J2EEFAST SysLoginInfoMapper.xml File SQL Injection Vulnerability

J2eeFAST is a Java EE enterprise-class rapid development platform , is committed to building the best small and medium-sized open source free back-end framework platform . J2EEFAST v2.7.0 version of the SQL injection vulnerability , the vulnerability stems from the SysLoginInfoMapper.xml findPage...

J2EEFAST SysMsgPushMapper.xml File SQL Injection Vulnerability

J2eeFAST is a Java EE enterprise-class rapid development platform , is committed to building the best small and medium-sized open source free back-end framework platform . J2EEFAST v2.7.0 version of the SQL injection vulnerability , the vulnerability stems from SysMsgPushMapper.xml findPage...

RuvarOA office_missive_id Parameter SQL Injection Vulnerability

RuvarOA is an office automation system of Ruvar China. A SQL injection vulnerability exists in RuvarOA v6.01 and v12.01, which is caused by the lack of validation of the officemissiveid parameter in the /WorkFlow/wfworkformsave.aspx file against external SQL input. An attacker can exploit this...