601 matches found
CVE-2024-11430 SQL Chart Builder <= 2.3.6 - Authenticated (Contributor+) SQL Injection
The SQL Chart Builder plugin for WordPress is vulnerable to SQL Injection via the 'arg1' arg of the 'gvnschart2' shortcode in all versions up to, and including, 2.3.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This mak...
CVE-2024-51615 WordPress WordPress Auction Plugin plugin <= 3.7 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in WP Marka WordPress Auction Plugin wp-auctions allows SQL Injection.This issue affects WordPress Auction Plugin: from n/a through = 3.7...
Oqiwei Information Technology (Beijing) Co., Ltd. bakuro nebula - digital food service system has SQL injection vulnerability
Oqiwei Information Technology Beijing Co., Ltd. is committed to be a continuous leader of digital solutions in the cloud era. Aoqiwei Information Technology Beijing Co., Ltd. BAKU Nebula - Digital Food Service System has a SQL injection vulnerability, which can be exploited by attackers to obtain...
PT-2024-34402 · Kaso · Kaso
Name of the Vulnerable Software and Affected Versions: KASO version 9.0 Description: A SQL injection issue was discovered via the person id parameter at the "/cardcase/editcard.jsp" API endpoint. This allows for potential exploitation of the database. Recommendations: For KASO version 9.0, consid...
SQL Injection Vulnerability in Changjitong T+ of Changjitong Information Technology Co.
T+ is a new Internet-based business management software. Ltd. A SQL injection vulnerability exists in Changjitong T+, which can be exploited by attackers to obtain sensitive information from the database...
SQL Injection Vulnerability in Changjitong T+ of Changjitong Information Technology Co. Ltd (CNVD-2024-41609)
T+ is a new Internet-based business management software. Ltd. A SQL injection vulnerability exists in Changjitong T+, which can be exploited by attackers to obtain sensitive information from the database...
AutoCMS SQL Injection Vulnerability
AutoCMS is a content management system CMS from AutoCMS Open Source. It can help dealerships manage their website content, online advertising, social media and analytics. AutoCMS version 5.4 suffers from a SQL injection vulnerability that originates from the lack of validation of externally enter...
SQL Injection Vulnerability in Intelligent Cloud Gateway Registration Management Platform of Zhejiang Dahua Technology Co.(CNVD-2024-38747)
Zhejiang Dahua Technology Co., Ltd. is the world's leading video-centered intelligent IOT solution provider and operation service provider. A SQL injection vulnerability exists in the Smart Cloud Gateway registration management platform of Zhejiang Dahua Technology Co. Ltd, which can be exploited...
SQL Injection Vulnerability in Enterprise Standardization Management System of R&S Standardization Technical Services (Shanghai) Co.
R&S Standardization Technical Services Shanghai Co. A SQL injection vulnerability exists in the Enterprise Standardization Management System of R&S Standardization Technical Services Shanghai Co. Ltd, which can be exploited by attackers to obtain sensitive information from the database...
SQL Injection Vulnerability in Lanling OA of Shenzhen Lanling Software Company Limited (CNVD-2024-35420)
BlueLine OA is an intelligent office product developed by Shenzhen BlueLine Software Co., Ltd, aiming to meet the online needs of enterprises for daily office work, corporate culture, customer management, personnel services, administrative services and so on. SQL injection vulnerability exists in...
Online Student Enrollment System SQL Injection Vulnerability (CNVD-2024-26369)
Online Student Enrollment System is an online student enrollment system by Lyndon Bermoy, an individual developer. A SQL injection vulnerability exists in Online Student Enrollment System version 1.0, which can be exploited by an attacker to view, add, modify, or delete information in the back-en...
SQL Injection Vulnerability in NC Cloud of UFIDA Network Technology Co.
NC Cloud is a large enterprise digitalization platform that supports flexible deployment models of public, hybrid and proprietary clouds. A SQL injection vulnerability exists in NC Cloud of UFIDA Network Technology Corporation, which can be exploited by attackers to obtain sensitive information...
SQL Injection
cacti is vulnerable to SQL injection. The vulnerability is due to insufficient validation of data in the formsave function within graphtemplateinputs.php, which is used to concatenate SQL statements in the drawnontemplatedfieldsgraphitem function fromhtmlformtemplates.php. Attackers can exploit...
RuvarOA tbTable Parameter SQL Injection Vulnerability
RuvarOA is an office automation system of Ruvar China. A SQL injection vulnerability exists in RuvarOA v6.01 and v12.01, which is caused by the lack of validation of the tbTable parameter in the /WebUtility/MF.aspx file against externally entered SQL statements. An attacker can exploit this...
SQL Injection Vulnerability in the Command and Dispatch Management Platform of Fujian Qualicom Communications Co.
Fujian Qualicom Communication Co., Ltd. is a solution provider and service operator focusing on professional communication. A SQL injection vulnerability exists in the Command and Dispatch Management Platform of Fujian Qualicom Communications Co. Ltd, which can be exploited by attackers to obtain...
IBM Aspera SQL Injection Vulnerability
IBM Aspera is a set of fast file transfer and streaming solutions built on the IBM FASP protocol from International Business Machines IBM. An SQL injection vulnerability exists in IBM Aspera Console versions 3.4.0 through 3.4.2, which stems from the application's lack of validation of externally...
Apache Superset SQL Injection Vulnerability (CNVD-2024-26537)
Apache Superset is a data visualization and data exploration platform from the Apache USA Foundation. Apache Superset suffers from a SQL injection vulnerability that can be exploited by an attacker to view, add, modify, or delete information in the back-end database by sending carefully crafted S...
Unspecified Vulnerability in Oracle MySQL Server (CNVD-2024-25617)
Oracle MySQL Server is a relational database from Oracle Corporation. A security vulnerability exists in Oracle MySQL Server, which can be exploited by attackers to cause unauthorized MySQL Server hangs or frequent repeated crashes...
CVE-2024-23810
A vulnerability has been identified in SINEC NMS All versions V2.0 SP1. The affected application is vulnerable to SQL injection. This could allow an unauthenticated remote attacker to execute arbitrary SQL queries on the server database...
CVE-2023-48395 Kaifa Technology WebITR - SQL Injection
Kaifa Technology WebITR is an online attendance system, it has insufficient validation for user input within a special function. A remote attacker with regular user privilege can exploit this vulnerability to inject arbitrary SQL commands to read database...