Lucene search
K

601 matches found

Cvelist
Cvelist
added 2024/12/12 3:23 a.m.39 views

CVE-2024-11430 SQL Chart Builder <= 2.3.6 - Authenticated (Contributor+) SQL Injection

The SQL Chart Builder plugin for WordPress is vulnerable to SQL Injection via the 'arg1' arg of the 'gvnschart2' shortcode in all versions up to, and including, 2.3.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This mak...

6.5CVSS0.00531EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/12/06 1:7 p.m.22 views

CVE-2024-51615 WordPress WordPress Auction Plugin plugin <= 3.7 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in WP Marka WordPress Auction Plugin wp-auctions allows SQL Injection.This issue affects WordPress Auction Plugin: from n/a through = 3.7...

9.3CVSS7.3AI score0.00449EPSS
Exploits0References1
CNVD
CNVD
added 2024/11/27 12:0 a.m.4 views

Oqiwei Information Technology (Beijing) Co., Ltd. bakuro nebula - digital food service system has SQL injection vulnerability

Oqiwei Information Technology Beijing Co., Ltd. is committed to be a continuous leader of digital solutions in the cloud era. Aoqiwei Information Technology Beijing Co., Ltd. BAKU Nebula - Digital Food Service System has a SQL injection vulnerability, which can be exploited by attackers to obtain...

7.4AI score
Exploits0
Positive Technologies
Positive Technologies
added 2024/11/13 12:0 a.m.5 views

PT-2024-34402 · Kaso · Kaso

Name of the Vulnerable Software and Affected Versions: KASO version 9.0 Description: A SQL injection issue was discovered via the person id parameter at the "/cardcase/editcard.jsp" API endpoint. This allows for potential exploitation of the database. Recommendations: For KASO version 9.0, consid...

9.8CVSS7.9AI score0.00421EPSS
Exploits0References5
CNVD
CNVD
added 2024/10/28 12:0 a.m.1 views

SQL Injection Vulnerability in Changjitong T+ of Changjitong Information Technology Co.

T+ is a new Internet-based business management software. Ltd. A SQL injection vulnerability exists in Changjitong T+, which can be exploited by attackers to obtain sensitive information from the database...

7.5AI score
Exploits0
CNVD
CNVD
added 2024/09/13 12:0 a.m.2 views

SQL Injection Vulnerability in Changjitong T+ of Changjitong Information Technology Co. Ltd (CNVD-2024-41609)

T+ is a new Internet-based business management software. Ltd. A SQL injection vulnerability exists in Changjitong T+, which can be exploited by attackers to obtain sensitive information from the database...

7.5AI score
Exploits0
CNVD
CNVD
added 2024/09/11 12:0 a.m.9 views

AutoCMS SQL Injection Vulnerability

AutoCMS is a content management system CMS from AutoCMS Open Source. It can help dealerships manage their website content, online advertising, social media and analytics. AutoCMS version 5.4 suffers from a SQL injection vulnerability that originates from the lack of validation of externally enter...

7.2CVSS7.9AI score0.00471EPSS
Exploits1References1
CNVD
CNVD
added 2024/08/19 12:0 a.m.21 views

SQL Injection Vulnerability in Intelligent Cloud Gateway Registration Management Platform of Zhejiang Dahua Technology Co.(CNVD-2024-38747)

Zhejiang Dahua Technology Co., Ltd. is the world's leading video-centered intelligent IOT solution provider and operation service provider. A SQL injection vulnerability exists in the Smart Cloud Gateway registration management platform of Zhejiang Dahua Technology Co. Ltd, which can be exploited...

7.5AI score
In wildExploits0
CNVD
CNVD
added 2024/08/14 12:0 a.m.2 views

SQL Injection Vulnerability in Enterprise Standardization Management System of R&S Standardization Technical Services (Shanghai) Co.

R&S Standardization Technical Services Shanghai Co. A SQL injection vulnerability exists in the Enterprise Standardization Management System of R&S Standardization Technical Services Shanghai Co. Ltd, which can be exploited by attackers to obtain sensitive information from the database...

7.5AI score
Exploits0
CNVD
CNVD
added 2024/07/16 12:0 a.m.7 views

SQL Injection Vulnerability in Lanling OA of Shenzhen Lanling Software Company Limited (CNVD-2024-35420)

BlueLine OA is an intelligent office product developed by Shenzhen BlueLine Software Co., Ltd, aiming to meet the online needs of enterprises for daily office work, corporate culture, customer management, personnel services, administrative services and so on. SQL injection vulnerability exists in...

7.6AI score
Exploits0
CNVD
CNVD
added 2024/05/28 12:0 a.m.9 views

Online Student Enrollment System SQL Injection Vulnerability (CNVD-2024-26369)

Online Student Enrollment System is an online student enrollment system by Lyndon Bermoy, an individual developer. A SQL injection vulnerability exists in Online Student Enrollment System version 1.0, which can be exploited by an attacker to view, add, modify, or delete information in the back-en...

8.8CVSS7.5AI score0.00545EPSS
Exploits1References1
CNVD
CNVD
added 2024/05/22 12:0 a.m.4 views

SQL Injection Vulnerability in NC Cloud of UFIDA Network Technology Co.

NC Cloud is a large enterprise digitalization platform that supports flexible deployment models of public, hybrid and proprietary clouds. A SQL injection vulnerability exists in NC Cloud of UFIDA Network Technology Corporation, which can be exploited by attackers to obtain sensitive information...

7.5AI score
Exploits0
Veracode
Veracode
added 2024/05/20 2:41 a.m.9 views

SQL Injection

cacti is vulnerable to SQL injection. The vulnerability is due to insufficient validation of data in the formsave function within graphtemplateinputs.php, which is used to concatenate SQL statements in the drawnontemplatedfieldsgraphitem function fromhtmlformtemplates.php. Attackers can exploit...

8CVSS7.9AI score0.12602EPSS
Exploits1References3Affected Software1
CNVD
CNVD
added 2024/05/10 12:0 a.m.7 views

RuvarOA tbTable Parameter SQL Injection Vulnerability

RuvarOA is an office automation system of Ruvar China. A SQL injection vulnerability exists in RuvarOA v6.01 and v12.01, which is caused by the lack of validation of the tbTable parameter in the /WebUtility/MF.aspx file against externally entered SQL statements. An attacker can exploit this...

9.8CVSS8AI score0.00696EPSS
Exploits1References1
CNVD
CNVD
added 2024/04/22 12:0 a.m.3 views

SQL Injection Vulnerability in the Command and Dispatch Management Platform of Fujian Qualicom Communications Co.

Fujian Qualicom Communication Co., Ltd. is a solution provider and service operator focusing on professional communication. A SQL injection vulnerability exists in the Command and Dispatch Management Platform of Fujian Qualicom Communications Co. Ltd, which can be exploited by attackers to obtain...

7.6AI score
Exploits0
CNVD
CNVD
added 2024/03/14 12:0 a.m.8 views

IBM Aspera SQL Injection Vulnerability

IBM Aspera is a set of fast file transfer and streaming solutions built on the IBM FASP protocol from International Business Machines IBM. An SQL injection vulnerability exists in IBM Aspera Console versions 3.4.0 through 3.4.2, which stems from the application's lack of validation of externally...

9.1CVSS7.2AI score0.00533EPSS
Exploits0References1
CNVD
CNVD
added 2024/03/06 12:0 a.m.25 views

Apache Superset SQL Injection Vulnerability (CNVD-2024-26537)

Apache Superset is a data visualization and data exploration platform from the Apache USA Foundation. Apache Superset suffers from a SQL injection vulnerability that can be exploited by an attacker to view, add, modify, or delete information in the back-end database by sending carefully crafted S...

6.5CVSS7.3AI score0.00773EPSS
Exploits0References1
CNVD
CNVD
added 2024/02/22 12:0 a.m.10 views

Unspecified Vulnerability in Oracle MySQL Server (CNVD-2024-25617)

Oracle MySQL Server is a relational database from Oracle Corporation. A security vulnerability exists in Oracle MySQL Server, which can be exploited by attackers to cause unauthorized MySQL Server hangs or frequent repeated crashes...

4.9CVSS6.8AI score0.00881EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/02/13 9:0 a.m.7 views

CVE-2024-23810

A vulnerability has been identified in SINEC NMS All versions V2.0 SP1. The affected application is vulnerable to SQL injection. This could allow an unauthenticated remote attacker to execute arbitrary SQL queries on the server database...

8.8CVSS9.8AI score0.00654EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/12/15 9:27 a.m.9 views

CVE-2023-48395 Kaifa Technology WebITR - SQL Injection

Kaifa Technology WebITR is an online attendance system, it has insufficient validation for user input within a special function. A remote attacker with regular user privilege can exploit this vulnerability to inject arbitrary SQL commands to read database...

6.5CVSS7.7AI score0.00709EPSS
Exploits0References1
Rows per page
Query Builder