1985 matches found
pTypeConverter <= 0.2.8.1 - Authenticated (Editor+) SQL Injection
Description The pTypeConverter plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 0.2.8.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers...
Sql injection
The LearnPress plugin for WordPress is vulnerable to time-based SQL Injection via the ‘orderby’ parameter in all versions up to, and including, 4.2.5.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible...
Kashipara Food Management System SQL Injection Vulnerability (CNVD-2024-13472)
Kashipara Food Management System is a food management system from Kashipara. A SQL injection vulnerability exists in Kashipara Food Management System version 1.0, which stems from a lack of validation of the printid parameter of itemBillPdf.php against external SQL input, and can be exploited by ...
Kashipara Food Management System SQL Injection Vulnerability (CNVD-2024-13468)
Kashipara Food Management System is a food management system from Kashipara. A SQL injection vulnerability exists in Kashipara Food Management System version 1.0, which is caused by a lack of validation of the id parameter of the itemeditsubmit.php file against externally entered SQL statements,...
CVE-2023-50862
This CVE affects Travel Website v1.0. The vulnerability is an unauthenticated SQL Injection in the booking.php resource, triggered by the hotelIDHidden parameter where input is not properly validated and is sent unfiltered to the database. Impact is described as high for confidentiality, integrit...
Sql injection
Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'id' parameter of the partylisteditsubmit.php resource does not validate the characters received and they are sent unfiltered to the database...
CVE-2023-49658 Billing Software v1.0 - Multiple Unauthenticated SQL Injections (SQLi)
Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'bankdetails' parameter of the partysubmit.php resource does not validate the characters received and they are sent unfiltered to the database...
CVE-2023-49622 Billing Software v1.0 - Multiple Unauthenticated SQL Injections (SQLi)
Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'itemnameid' parameter of the materialbill.php?action=itemRelation resource does not validate the characters received and they are sent unfiltered to the database...
PT-2023-31686 · Squirrly · Squirrly Seo - Advanced Pack
Name of the Vulnerable Software and Affected Versions: Squirrly SEO - Advanced Pack versions through 2.3.8 Description: The issue is related to an Improper Neutralization of Special Elements used in an SQL Command, also known as 'SQL Injection'. This allows for potential exploitation by injecting...
My Calendar < 3.4.22 - Unauthenticated SQL Injection
Description The My Calendar plugin for WordPress is vulnerable to blind|generic|time-based SQL Injection via the 'from' and 'to' parameters of the '/my-calendar/v1/events' rest route in all versions up to, and including, 3.4.21 due to insufficient escaping on the user supplied parameter and lack ...
CVE-2023-48723
CVE-2023-48723 is flagged as withdrawn by the CNA. In the connected PT-2023-30926 entry, the affected software is Student Result Management System v1.0, with an unauthenticated SQL Injection vulnerability in add_results.php where the rno parameter is not validated and is sent unfiltered to the da...
CVE-2023-48717
The Connected document PT-2023-30920 documents an unauthenticated SQL Injection in Student Result Management System (SRMS) v1.0. The flaw is in add_classes.php where the class name parameter is not validated or filtered, and input is sent unfiltered to the database, enabling SQL injection. This c...
CVE-2023-45125
The CVE entry CVE-2023-45125 is connected to PT-2023-29424, which describes an Authenticated SQL Injection in Online Examination System version 1.0. The vulnerability arises because the time parameter in update.php is not validated and is sent unfiltered to the database. Impact is not detailed be...
WordPress Plugin Soledad SQL Injection Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress Plugin Soledad...
CVE-2023-48372
The CVE-2023-48372 entry pertains to ITPison OMICARD EDM. The SMS-related function has insufficient input validation, enabling an unauthenticated remote attacker to inject arbitrary SQL commands to access, modify, and delete database data. This is described across multiple connected records (NVD/...
Sql injection
An issue was discovered in SchedMD Slurm 23.11.x. There is SQL Injection against the SlurmDBD database. The fixed version is 23.11.1...
CVE-2023-49934
CVE-2023-49934 concerns Slurm 23.11.x where an SQL injection against the SlurmDBD database is possible. The issue affects SlurmDBD processing and is mitigated by upgrading to Slurm 23.11.1, which contains the fix. The NVD metrics indicate a critical impact (CVSS v3.1: CVSS:3.1, AV:N/AC:L/PR:N/UI:...
CVE-2023-41120
An issue was discovered in EnterpriseDB Postgres Advanced Server EPAS before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. It permits an authenticated user to use DBMSPROFILER to remove all accumulated profiling data on a system-wide basis,...
WordPress Bravo Translate 1.2 SQL Injection Vulnerability
Exploit Title: WP Plugins Bravo Translate = 1.2 - SQL Injection Exploit Author: Arvandy Software Link: https://wordpress.org/plugins/bravo-translate/ Version: 1.2 Tested on: Windows, Linux CVE: CVE-2023-49161 Product Description This plugin allow you to translate your monolingual website in a sup...
CVE-2023-5869
CVE-2023-5869 (PostgreSQL) : A flaw in PostgreSQL enables authenticated database users to execute arbitrary code via missing overflow checks during SQL array value modification, caused by an integer overflow when modifying arrays. The described impact includes arbitrary write/read of memory and p...