1985 matches found
feathers-sequelize contains improper input validation leading to SQL injection
Due to improper input validation in the Feathers js library, it is possible to perform a SQL injection attack on the back-end database, in case the feathers-sequelize package is used...
Sql injection
B.C. Institute of Technology CodeIgniter =3.1.13 is vulnerable to SQL Injection via system\database\DBquerybuilder.php...
CVE-2022-40824
CodeIgniter
CVE-2022-40835
CVE-2022-40835 refers to a SQL injection issue in CodeIgniter <= 3.1.13, via the file system/database/DB_query_builder.php. The vulnerability is described as affecting CodeIgniter’s CodeIgniter framework versions up to 3.1.13, with a root cause tied to the DB_query_builder component. The CVE e...
h2: Remote Code Execution in Console
A flaw was found in h2. The org.h2.util.JdbcUtils.getConnection method of the H2 database takes as parameters the class name of the driver and URL of the database. This flaw allows an attacker to use this URL to send another server’s code, causing remote code execution. This issue is exploited...
Online Tours
Online Tours & Travels Management System is an online travel management system developed by Mayuri K. A SQL injection vulnerability exists in Online Tours & Travels Management System v1.0, which originates in /admin/up booking.php parameter lacks validation for external input SQL statements. An...
Online Tours & Travels Management System update_expense_category.php SQL Injection Vulnerability
Online Tours & Travels Management System is an online travel management system by Mayuri K. Personal developer. A SQL injection vulnerability exists in Online Tours & Travels Management System version v1.0 due to a lack of validation of the id parameter in its /admin/updateexpensecategory.php...
Online Leave Management System Master.php?f=delete_designation SQL Injection Vulnerability
Online Leave Management System is an online leave management system. SQL injection vulnerability exists in Online Leave Management System v1.0, which originates in /leavesystem/classes/Master.php?f=delete designation lacks validation of external input SQL statements. An attacker could use this...
Wedding Planner select.php SQL Injection Vulnerability
Wedding Planner is a wedding planner project. Designed to provide users with an easy way to plan their wedding through a web application while using real data, Wedding Planner v1.0 is vulnerable to a SQL injection vulnerability that stems from a missing validation of externally entered SQL...
WordPress plugin BadgeOS SQL注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A SQL injection vulnerability exists in the...
CVE-2022-26959
CVE-2022-26959 describes two full Blind/Time-based SQL injection vulnerabilities in Northstar Club Management v6.3. The flaws affect: (1) processlogin.jsp in /northstar/Portal/ via the userName parameter, and (2) login.jsp in /northstar/iphone/ via the userID parameter. Exploitation could grant f...
Ingredients Stock Management System SQL Injection Vulnerability (CNVD-2023-11173)
Ingredients Stock Management System is an ingredient stock management system from Carlo Montero's personal developer. v1.0 of the Ingredients Stock Management System is vulnerable to SQL injection, which originates from the lack of validation of the month parameter at /admin/?page= The...
CVE-2022-35198
The CVE-2022-35198 entry concerns Contract Management System v2.0 with a weak default password that can expose database connection information. This vulnerability is supported by multiple connected records noting the same issue, including a High severity CVSS 3.1 score (7.5), attack vector networ...
Simple E-Learning System SQL Injection Vulnerability (CNVD-2023-11442)
Simple E-Learning System is a simple e-learning system from Carlo Montero's personal developer. simple E-Learning System is vulnerable to SQL injection, which stems from the lack of validation of external input SQL statements for the postid parameter. An attacker could use this vulnerability to...
Pharmacy Management System editbrand.php SQL Injection Vulnerability
Pharmacy Management System MPMS is a multilingual pharmacy management system from the personal developer Mayuri K. A SQL injection vulnerability exists in Pharmacy Management System v1.0, which stems from a lack of validation of external input SQL in the id parameter of editbrand.php statements. ...
Pharmacy Management System editproduct.php SQL Injection Vulnerability
Pharmacy Management System MPMS is a multilingual pharmacy management system from the personal developer Mayuri K. A SQL injection vulnerability exists in Pharmacy Management System v1.0, which stems from a lack of validation of external input in the id parameter of editproduct.php SQL statement...
For months, JusTalk messages were accessible to everyone on the Internet
JusTalk, a popular mobile video calling and messaging app with 20 million global users, exposed a massive database of supposedly private messages to the public Internet for months. According to security researcher Anurag Sen, who discovered the open database, the messages were stored unencrypted,...
WordPress Social Share Buttons SQL Injection Vulnerability
WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. A SQL injection vulnerability exists in WordPress Social Share Buttons 2.2.3 and prior versions, which stems from the application's lack of...
CVE-2022-32456
Digiwin BPM’s function has insufficient validation for user input. An unauthenticated remote attacker can inject arbitrary SQL command to access, modify, delete database or disrupt service...
CVE-2022-24691
CVE-2022-24691 affects DSK DSKNet 2.16.136.0 and 2.17.136.5. The vulnerability is a blind boolean-based SQL Injection that allows authenticated users to taint database data and extract sensitive information via crafted HTTP requests.