38 matches found
EUVD-2018-21932
SIM-PKH 2.4.1 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Attackers can send GET requests to /admin/media.php with module=pengurus and act=editpengurus parameters containing SQ...
EUVD-2018-21917
Kados R10 GreenBee contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the featureid parameter of boardsbuttons/updatefeature.php. The featureid value is concatenated directly into SQL statements withou...
CVE-2019-25690
Kados R10 GreenBee contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting SQL code through the mngprofileid parameter. Attackers can send crafted requests with malicious SQL payloads in the mngprofileid parameter to extract sensitive database...
CVE-2019-25493 Homey BNB V4 SQL Injection via getrecord.php
Homey BNB V4 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'val' parameter. Attackers can send GET requests to the admin/getrecord.php endpoint with malicious 'val' values to extract sensitive databas...
EUVD-2025-203388
A Server-Side Template Injection SSTI vulnerability exists in the Frappe ERPNext through 15.89.0 Print Format rendering mechanism. Specifically, the API frappe.www.printview.gethtmlandstyle triggers the rendering of the html field inside a Print Format document using frappe.rendertemplatetemplate...
EUVD-2023-33632
Malicious code in bioql PyPI...
EUVD-2024-44372
Malicious code in bioql PyPI...
MyBatis-Plus 安全漏洞
MyBatis-Plus is an open source toolkit from Baomidou. A security vulnerability exists in MyBatis-Plus versions prior to 3.5.6, which stems from the presence of a SQL injection vulnerability. An attacker can exploit the vulnerability to obtain database information via Boolean blind injection...
CVE-2022-4166
The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the addCountS POST parameter before concatenating it to an SQL query in 4activate.php. This may allow malicious users with at least author privilege to leak sensitive informati...
CVE-2022-22494
IBM Spectrum Protect Operations Center 8.1.0.000 through 8.1.14 could allow a remote attacker to gain details of the database, such as type and version, by sending a specially-crafted HTTP request. This information could then be used in future attacks. IBM X-Force ID: 226940...
SQL Injection Vulnerability in SEACMS v10.9
Ocean Movie Management System SEACMS, Ocean CMS using php + mysql architecture, is a set of video point of view system designed for different needs of the webmasters and A SQL injection vulnerability exists in SEACMS v10.9, which can be exploited by attackers to obtain sensitive database...
YouDianCMS suffers from SQL injection vulnerability (CNVD-2020-56375)
YouDianCMS set computer website, mobile website, micro letter, APP, small program in one, share space, data automatic synchronization, is the domestic open source five station one excellent solution. YouDianCMS has SQL injection vulnerability, attackers can use the vulnerability to obtain databas...
JeeSite of Jinan Zhuoyuan Software Co., Ltd. suffers from SQL injection vulnerability (CNVD-2020-57094)
JeeSite is an enterprise information technology development infrastructure platform , Java enterprise applications open source framework. JeeSite by Jinan Zhuoyuan Software Co., Ltd. suffers from a SQL injection vulnerability. Attackers can use this vulnerability to obtain sensitive information i...
MKCMS suffers from SQL injection vulnerability (CNVD-2020-33189)
MKCMS is a film and television management system, support for independent modification, users can directly upload the server to generate a website platform, you can add the background to modify the project and so on. MKCMS SQL injection vulnerability, attackers can use the vulnerability to obtain...
SQL Injection Vulnerability in Ocean CMS Backend (CNVD-2020-33129)
Ocean CMS is a web content management system based on PHP+MYSQL architecture that can run across platforms. Ocean CMS has a SQL injection vulnerability that can be exploited by attackers to obtain sensitive database information...
SQL Injection Vulnerability in Jinwei Smart Restaurant (CNVD-2020-31418)
Jinwei Smart Restaurant is a free restaurant management software. It is suitable for all kinds of large and small restaurants, as well as fast food, Chinese food, western food, hot pot restaurant and other kinds of catering business. Jinwei Intelligent Restaurant has a SQL injection vulnerability...
SQL injection vulnerability in Kaiping Lianke Network Technology website building system
Kaiping Lianke Network was founded in 2005, is a main website construction, website promotion, speedy software, bathroom ERP management software, micro letter marketing company. SQL injection exists in Kaiping Lianke Network Technology website building system. Attackers can use this vulnerability...
SQL Injection Vulnerability in uqcms Cloud Business System
UQCMS cloud business system is a B2B2C e-commerce software with the program using PHP+MYSQL and the template using smarty template. UQCMS cloud business system ca.class.php page SQL injection vulnerability, an attacker can use the vulnerability to obtain database sensitive information...
ZZZphp sa***.php page sl*** parameter has SQL injection vulnerability
zzphp is a PHP and MYSQL based on free open source building system . ZZZphp sa.php page sl parameters exist SQL injection vulnerability, an attacker can use the vulnerability to obtain database sensitive information...
SQL injection vulnerability in emlog backend na***.php page
Short for every memory log, emlog is a PHP and MySQL based blog and CMS builder. SQL injection vulnerability exists in the background na.php page of emlog, which can be exploited by attackers to obtain sensitive database information...