9890 matches found
PT-2023-31469 · Empirecms · Empirecms
Name of the Vulnerable Software and Affected Versions: EmpireCMS version 7.5 Description: The issue is a SQL injection vulnerability. It occurs via the ftppassword parameter at the "SetEnews.php" endpoint. Recommendations: For EmpireCMS version 7.5, consider restricting access to the "SetEnews.ph...
PT-2023-32766 · Sourcecodester · Sourcecodester Online Tours & Travels Management System
Name of the Vulnerable Software and Affected Versions: SourceCodester Online Tours & Travels Management System version 1.0 Description: A critical issue affects the function prepare of the file email setup.php. The manipulation of the argument name leads to SQL injection. The exploit has been...
DedeBIZ SQL Injection Vulnerability
DedeBIZ is a content management system from China Muyun Intelligent Technology DedeBIZ company. DedeBIZ 6.2 version exists SQL injection vulnerability, the vulnerability stems from the file /src/admin/contentbatchupaction.php SQL injection vulnerability...
PT-2023-8845 · Glpi +2 · Glpi +2
Name of the Vulnerable Software and Affected Versions: GLPI versions 10.0.0 through 10.0.10 Description: The issue is related to the saved search feature in GLPI, which can be used to perform a SQL injection. This allows a remote attacker to execute arbitrary code. The vulnerability is due to the...
Emlog 安全漏洞
emlog is a PHP and MySQL based CMS builder for emlog personal developers. Emlog pro2.1.14 version of a security vulnerability, the vulnerability stems from the uid parameter in /admin/media.php contains SQL injection vulnerability. Attackers can use this vulnerability to gain unauthorized access ...
PT-2023-32734 · Sourcecodester · Sourcecodester Simple Student Attendance System
Name of the Vulnerable Software and Affected Versions: SourceCodester Simple Student Attendance System version 1.0 Description: A critical vulnerability was found in the SourceCodester Simple Student Attendance System. This issue affects the file ajax-api.php?action=save attendance, where the...
PT-2023-8220 · Unknown · Phpgurukul Nipah Virus Testing Management System
Name of the Vulnerable Software and Affected Versions: PHPGurukul Nipah Virus Testing Management System version 1.0 Description: A critical vulnerability was found in the PHPGurukul Nipah Virus Testing Management System, affecting the file password-recovery.php. The manipulation of the username...
CVE-2023-6617
A vulnerability was found in SourceCodester Simple Student Attendance System 1.0. It has been classified as critical. Affected is an unknown function of the file attendance.php. The manipulation of the argument classid leads to sql injection. The exploit has been disclosed to the public and may b...
SourceCodester Simple Student Attendance System SQL Injection Vulnerability
Simple Student Attendance System is a simple student attendance system. SourceCodester Simple Student Attendance System version 1.0 suffers from a SQL injection vulnerability that originates from a SQL injection vulnerability in the file attendance.php...
TONGDA Office Anywhere SQL Injection Vulnerability
TONGDA Office Anywhere is a collaborative office OA system. Tongda OA 2017 11.9 and earlier versions have a SQL injection vulnerability that originates from a SQL injection vulnerability in the file pda/pad/email/delete.php...
CVE-2023-48823
A Blind SQL injection issue in ajax.php in GaatiTrack Courier Management System 1.0 allows an unauthenticated attacker to inject a payload via the email parameter during login...
CVE-2023-5761
The Burst Statistics – Privacy-Friendly Analytics for WordPress plugin for WordPress is vulnerable to SQL Injection via the 'url' parameter in versions 1.4.0 to 1.4.6.1 free and versions 1.4.0 to 1.5.0 pro due to insufficient escaping on the user supplied parameter and lack of sufficient...
osCommerce SQL注入漏洞
osCommerce is an open source online shopping e-commerce solution based on the GNUGPL license. An SQL injection vulnerability exists in osCommerce, which originates from the lack of validation of the parameter estimatecountryid in the file /b2b-supermarket/shopping-cart against externally entered...
Student Information System SQL Injection Vulnerability
Student Information System is a web-based application platform by Carlo Montero, a personal developer. It can help a university or college to manage student information and academic records. Student Information System v1.0 suffers from a SQL injection vulnerability that stems from the presence of...
Baizhuo S210 SQL Injection Vulnerability
Baizhuo S210 is an Internet Behavior Management IBM appliance from Baizhuo, China. Baizhuo S210 suffers from a SQL injection vulnerability, which originates from the parameter txt in the file /Tool/repair.php that can lead to SQL injection...
CVE-2023-46353
In the module "Product Tag Icons Pro" ticons before 1.8.4 from MyPresta.eu for PrestaShop, a guest can perform SQL injection. The method TiconProduct::getTiconByProductAndTicon has sensitive SQL calls that can be executed with a trivial http call and exploited to forge a SQL injection...
PrestaShop SQL注入漏洞
PrestaShop is an open source e-commerce solution from PrestaShop, Inc. in the United States. The solution provides a variety of payment methods, short message alerts and product image scaling and other features. PrestaShop suffers from a SQL injection vulnerability that stems from the module havi...
WordPress plugin Easy Newsletter Signups security vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blogs on PHP and MySQL servers.WordPress plugin is an...
SEMCMS Security Breach
SEMCMS is a foreign trade web content management system CMS that supports multiple languages. A security vulnerability exists in SEMCMS version 3.9, which stems from a lack of security checking of input to the application. An attacker can exploit the vulnerability to inject malicious SQL commands...
Library Management System Security Vulnerability
Library Management System is a library management system with QR code for attendance and automatic generation of library card by King Albaracin Personal Developer. A security vulnerability exists in Senayan Library Management Systems 9 Bulian v9.6.1, which stems from vulnerability to SQL injectio...