CVE-2024-3700 Hardcoded password in Estomed Sp. z o.o. Simple Care software

Use of hard-coded password to the patients' database allows an attacker to retrieve sensitive data stored in the database. The password is the same among all Simple Care software installations. This issue affects Estomed Sp. z o.o. Simple Care software in all versions. The software is no longer...

CVE-2024-3699 Hardcoded password in drEryk Gabinet

Use of hard-coded password to the patients' database allows an attacker to retrieve sensitive data stored in the database. The password is the same among all drEryk Gabinet installations.This issue affects drEryk Gabinet software versions from 7.0.0.0 through 9.17.0.0...

CVE-2024-3699

CVE-2024-3699 describes a hard-coded database password used across all drEryk Gabinet installations, allowing retrieval of sensitive patient data. Affected software: drEryk Gabinet versions 7.0.0.0 through 9.17.0.0. According to the available metrics, the vulnerability has a CRITICAL impact (C/H/...

CVE-2024-1228 Hardcoded password in Eurosoft Przychodnia

Use of hard-coded password to the patients' database allows an attacker to retrieve sensitive data stored in the database. The password is the same among all Eurosoft Przychodnia installations. This issue affects Eurosoft Przychodnia software before version 20240417.001 from that version...

CVE-2024-36082

SQL injection vulnerability in Music Store - WordPress eCommerce versions prior to 1.1.14 allows a remote authenticated attacker with an administrative privilege to execute arbitrary SQL commands. Information stored in the database may be obtained or altered by the attacker...

CVE-2024-36082

CVE-2024-36082 applies to Music Store – WordPress eCommerce. Affected versions are prior to 1.1.14. The vulnerability is an SQL Injection in the plugin’s admin-accessible context, allowing an authenticated attacker with Administrative privileges to execute arbitrary SQL commands, potentially read...

JVN#79213252: WordPress Plugin "Music Store - WordPress eCommerce" vulnerable to SQL injection

WordPress Plugin "Music Store - WordPress eCommerce" provided by CodePeople contains an SQL injection vulnerability CWE-89. Impact A user of the product with the administrator privilege may execute an arbitrary SQL command. Information stored in the database may be obtained or altered by the user...

WP TripAdvisor Review Slider < 12.7 - Authenticated (Administrator+) SQL Injection

Description The WP TripAdvisor Review Slider plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 12.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticate...

Dino Physics School Assistant SQL注入漏洞

Dino Physics School Assistant is an application. A SQL injection vulnerability exists in Dino Physics School Assistant version 2.3, which originates from unrecognized code in /admin/category/viewcategory.php, which leads to SQL injection via the parameter id...

PT-2024-13028 · Ibm · Db2

Name of the Vulnerable Software and Affected Versions: IBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data versions 3.5 through 4.8 Description: The issue allows a user with access to the Kubernetes pod to make system calls, compromising the security of containers...

J2EEFAST SysOperLogMapper.xml File SQL Injection Vulnerability

J2eeFAST is a Java EE enterprise-class rapid development platform , is committed to building the best small and medium-sized open source free back-end framework platform . J2EEFAST v2.7.0 version of the SQL injection vulnerability , the vulnerability stems from the SysOperLogMapper.xml findPage...

CVE-2024-36049

Aptos Wisal payroll accounting before 7.1.6 uses hardcoded credentials in the Windows client to fetch the complete list of usernames and passwords from the database server, using an unencrypted connection. This allows attackers in a machine-in-the-middle position read and write access to personal...

CVE-2024-4779

CVE-2024-4779 affects Unlimited Elements For Elementor (Free Widgets, Addons, Templates) for WordPress. It is an SQL Injection via data[post_ids][0] caused by insufficient escaping in the query, exploitable by authenticated attackers with contributor-level access and above. Impact per the entry: ...

PT-2024-31151 · WordPress · The Business Directory Plugin

Name of the Vulnerable Software and Affected Versions: The Business Directory Plugin – Easy Listing Directories for WordPress plugin for WordPress versions up to, and including, 6.4.2 Description: The issue is related to time-based SQL Injection via the listingfields parameter due to insufficient...

CVE-2024-33901

Issue in KeePassXC 2.7.7 allows an attacker who has the privileges of the victim to recover some passwords stored in the .kdbx database via a memory dump. NOTE: the vendor disputes this because memory-management constraints make this unavoidable in the current design and other realistic designs...

CVE-2024-33901

KeePassXC 2.7.7 is affected by CVE-2024-33901: an attacker with the victim’s privileges can recover some passwords stored in the .kdbx database via a memory dump. The vendor disputes the claim, citing unavoidable memory-management constraints in the current design. A Proof-of-Concept repo demonst...

GHSA-RJ3W-99GC-8J58 Laravel Risk of mass-assignment vulnerabilities

Laravel 4.1.29 improves the column quoting for all database drivers. This protects your application from some mass assignment vulnerabilities when not using the fillable property on models. If you are using the fillable property on your models to protect against mass assignment, your application ...

CVE-2024-32042

The key used to encrypt passwords stored in the database can be found in the CyberPower PowerPanel application code, allowing the passwords to be recovered...

CVE-2022-28132

CVE-2022-28132 concerns the T-Soft E-Commerce 4 web application, where an authenticated admin/privileged user can trigger a SQL injection via crafted requests. The vulnerability allows attackers to access and manipulate the database, bypass authentication, view sensitive data, and potentially exf...

CVE-2024-4434 LearnPress – WordPress LMS Plugin <= 4.2.6.5 - Unauthenticated Time-Based SQL Injection

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to time-based SQL Injection via the ‘termid’ parameter in versions up to, and including, 4.2.6.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This...