96 matches found
CVE-2024-5314
Vulnerabilities in Dolibarr ERP - CRM that affect version 9.0.1 and allow SQL injection. These vulnerabilities could allow a remote attacker to send a specially crafted SQL query to the system and retrieve all the information stored in the database through the parameters sortorder y sortfield in...
CVE-2024-5315 Multiple vulnerabilities in DOLIBARR's ERP CMS
Vulnerabilities in Dolibarr ERP - CRM that affect version 9.0.1 and allow SQL injection. These vulnerabilities could allow a remote attacker to send a specially crafted SQL query to the system and retrieve all the information stored in the database through the parameters viewstatut in...
CVE-2024-5315 Multiple vulnerabilities in DOLIBARR's ERP CMS
Vulnerabilities in Dolibarr ERP - CRM that affect version 9.0.1 and allow SQL injection. These vulnerabilities could allow a remote attacker to send a specially crafted SQL query to the system and retrieve all the information stored in the database through the parameters viewstatut in...
CVE-2024-5315
Dolibarr ERP/CRM (Dolibarr) - SQL Injection (CVE-2024-5315) affects version 9.0.1 and is triggered via viewstatut in /dolibarr/commande/list.php. Root cause: improper handling of input in the SQL query framework allows remote attackers to craft input that alters the query, leading to data disclos...
CVE-2024-5314 Multiple vulnerabilities in DOLIBARR's ERP CMS
Vulnerabilities in Dolibarr ERP - CRM that affect version 9.0.1 and allow SQL injection. These vulnerabilities could allow a remote attacker to send a specially crafted SQL query to the system and retrieve all the information stored in the database through the parameters sortorder y sortfield in...
CVE-2024-5314 Multiple vulnerabilities in DOLIBARR's ERP CMS
Vulnerabilities in Dolibarr ERP - CRM that affect version 9.0.1 and allow SQL injection. These vulnerabilities could allow a remote attacker to send a specially crafted SQL query to the system and retrieve all the information stored in the database through the parameters sortorder y sortfield in...
CVE-2024-5314 Multiple vulnerabilities in DOLIBARR's ERP CMS
Vulnerabilities in Dolibarr ERP - CRM that affect version 9.0.1 and allow SQL injection. These vulnerabilities could allow a remote attacker to send a specially crafted SQL query to the system and retrieve all the information stored in the database through the parameters sortorder y sortfield in...
CVE-2024-4826
CVE-2024-4826 : SQL injection in the open-source PHP Shopping Cart (version 0.9) due to improper sanitisation of the category_id parameter in category.php. The issue enables an attacker to exfiltrate data from the database. CVSS metrics in the sources show a CRITICAL impact (CVSS v3.1/AV:N/AC:L/P...
CVE-2024-4824
Vulnerability in School ERP Pro+Responsive 1.0 that allows SQL injection through the '/SchoolERP/officeadmin/' index in the parameters groupsid, examname, classesid, esvoucherid, esclass, etc. This vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and...
CVE-2024-4824 SQL Injection in School ERP Pro+Responsive by AROX SOLUTION
Vulnerability in School ERP Pro+Responsive 1.0 that allows SQL injection through the '/SchoolERP/officeadmin/' index in the parameters groupsid, examname, classesid, esvoucherid, esclass, etc. This vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and...
CVE-2024-4824
CVE-2024-4824 affects School ERP Pro+Responsive 1.0. The vulnerability is an SQL injection in the /SchoolERP/office_admin/ page via parameters such as groups_id, examname, classes_id, es_voucherid, es_class, etc., allowing a remote attacker to execute crafted queries and potentially retrieve all ...
CVE-2024-4466
SQL injection vulnerability in Gescen on the centrosdigitales.net platform. This vulnerability allows an attacker to send a specially crafted SQL query to the pass parameter and retrieve all the data stored in the database...
CVE-2024-4466
CVE-2024-4466 describes a SQL injection in Gescen on the centrosdigitales.net platform. The vulnerability allows an attacker to send a specially crafted SQL query to the pass parameter and retrieve all data from the database, indicating a data confidentiality and integrity impact. The PT-2024-312...
CVE-2024-4466 SQL injection vulnerability in Gescen
SQL injection vulnerability in Gescen on the centrosdigitales.net platform. This vulnerability allows an attacker to send a specially crafted SQL query to the pass parameter and retrieve all the data stored in the database...
CVE-2024-3704
OpenGnsys
CVE-2024-2723
SQL injection vulnerability in the CIGESv2 system, through /ajaxSubServicios.php, in the 'idServicio' parameter. The exploitation of this vulnerability could allow a remote user to retrieve all data stored in the database by sending a specially crafted SQL query...
CVE-2024-2723
SQL injection vulnerability in the CIGESv2 system, through /ajaxSubServicios.php, in the 'idServicio' parameter. The exploitation of this vulnerability could allow a remote user to retrieve all data stored in the database by sending a specially crafted SQL query...
CVE-2024-2723
CVE-2024-2723 is a SQL injection in the CIGESv2 system, exploited via the /ajaxSubServicios.php endpoint’s idServicio parameter. This allows a remote attacker to retrieve all data stored in the database. No exploitation details are provided in the documents. Some sources note no public fix inform...
CVE-2024-2586 SQL injection vulnerability in AMSS++
Vulnerability in AMSS++ version 4.31 that allows SQL injection through /amssplus/index.php, in the 'username' parameter. This vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all the information stored in the DB...
CVE-2024-1301
SQL injection vulnerability in Badger Meter Monitool affecting versions 4.6.3 and earlier. A remote attacker could send a specially crafted SQL query to the server via the jusername parameter and retrieve the information stored in the database...