Dolibarr Unauthenticated Contacts Database Theft

An issue in Dolibarr 16 before 16.0.5 allows unauthenticated attackers to perform a database dump and access a company's entire customer file, prospects, suppliers, and employee information if a contact file exists. id: CVE-2023-33568 info: name: Dolibarr Unauthenticated Contacts Database Theft...

PHPGurukul Online Discussion Forum 安全漏洞

Online Discussion Forum is an online forum. Online Discussion Forum suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter ID of the file /admin/editmember.php. An attacker can exploit this vulnerability to...

Apartment Management System addvisitor.php File SQL Injection Vulnerability

Apartment Management System is an apartment management system. Apartment Management System suffers from a SQL injection vulnerability that stems from a lack of validation of externally entered SQL statements in the parameter ID of the file /visitor/addvisitor.php. An attacker can exploit this...

Code-Projects Job Diary 注入漏洞

Job Diary is a job diary software. Job Diary suffers from a SQL injection vulnerability that stems from an error in the parameter jobid in the file /view-details.php that lacks validation of externally entered SQL statements. An attacker can exploit this vulnerability to execute illegal SQL...

PHPGurukul Vehicle Parking Management System 注入漏洞

Vehicle Parking Management System is a parking management system. Vehicle Parking Management System suffers from a SQL injection vulnerability that stems from an error in the parameter email in the file /users/signup.php that lacks validation of externally entered SQL statements. An attacker can...

PHPGurukul Vehicle Parking Management System 注入漏洞

Vehicle Parking Management System is a parking management system. Vehicle Parking Management System suffers from a SQL injection vulnerability that stems from an error in the parameter email in the file /users/forgot-password.php that lacks validation of externally entered SQL statements. An...

PHPGurukul Vehicle Parking Management System 注入漏洞

Vehicle Parking Management System is a parking management system. Vehicle Parking Management System suffers from a SQL injection vulnerability that stems from an error in the parameter del in the file /admin/reg-users.php that lacks validation of externally entered SQL statements. An attacker can...

PHPGurukul Vehicle Parking Management System 注入漏洞

Vehicle Parking Management System is a parking management system. Vehicle Parking Management System suffers from a SQL injection vulnerability that stems from an error in the parameter viewid in the file /users/view--detail.php that lacks validation of externally entered SQL statements. An attack...

CVE-2022-1768

The RSVPMaker plugin for WordPress is vulnerable to unauthenticated SQL Injection due to insufficient escaping and parameterization on user supplied data passed to multiple SQL queries in the /rsvpmaker-email.php file. This makes it possible for unauthenticated attackers to steal sensitive...

Online Class and Exam Scheduling System term.php File SQL Injection Vulnerability

Online Class and Exam Scheduling System is an online class and exam scheduling system. The Online Class and Exam Scheduling System suffers from a SQL injection vulnerability that stems from a lack of validation of externally entered SQL statements in the parameter id of the file /pages/term.php. ...

ZZCMS SQL Injection Vulnerability (CNVD-2024-43213)

ZZCMS is a content management system CMS by the ZZCMS team in China. A SQL injection vulnerability exists in ZZCMS version 2023, which originates from the lack of validation of the parameter phome in file 3/Ebak5.1/upload/phome.php for external SQL statements, which can be exploited by an attacke...

Simple Real Estate Portal System SQL Injection Vulnerability (CNVD-2023-98207)

Simple Real Estate Portal System is a real estate portal system. A SQL injection vulnerability exists in Simple Real Estate Portal System v1.0, which originates from the parameter id of the file viewestate.php that lacks validation of externally entered SQL statements. An attacker can exploit thi...

Equipment Rental Script 1.0 SQL Injection

Title: Equipment Rental Script-1.0 - SQLi Author: nu11secur1ty Date: 09/12/2023 Vendor: https://www.phpjabbers.com/ Software: https://www.phpjabbers.com/equipment-rental-script/sectionDemo Reference: https://portswigger.net/web-security/sql-injection Description: The packageid parameter appears t...

Shuttle Booking Software 1.0 SQL Injection

Title: Shuttle-Booking-Software-1.0 Multiple-SQLi Author: nu11secur1ty Date: 09/10/2023 Vendor: https://www.phpjabbers.com/ Software: https://www.phpjabbers.com/shuttle-booking-software/sectionPricing Reference: https://portswigger.net/web-security/sql-injection Description: The locationid...

ChurchCRM friendmonths parameter SQL Injection Vulnerability

ChurchCRM is an open source CRM system for churches. ChurchCRM version v5.0.0 suffers from a SQL injection vulnerability that stems from a lack of validation of externally entered SQL statements in the friendmonths parameter in QueryView.php. An attacker can exploit this vulnerability to execute...

School Faculty Scheduling System SQL注入漏洞

School Faculty Scheduling System is a school faculty scheduling system. A SQL injection vulnerability exists in School Faculty Scheduling System v1.0, which stems from a lack of validation of externally entered SQL statements in the parameter id of manageuser.php. An attacker can exploit this...

elearning-SES 1.0 Sql Injection

Title: elearning-SES by: oretnom23 v1.0 Multiple-SQLi Author: nu11secur1ty Date: 06.14.2023 Vendor: https://github.com/oretnom23 Software: https://github.com/oretnom23/php-elearning-system Reference: https://portswigger.net/web-security/sql-injection Description: The username parameter appears to...

PrestaShop SQL Injection Vulnerability (CNVD-2023-32194)

PrestaShop is an open source e-commerce solution from PrestaShop, Inc. in the United States. The solution provides a variety of payment methods, short message alerts and product image scaling and other features. A SQL injection vulnerability exists in PrestaShop versions 1.4.0 to 1.8.2, which ste...

Online Computer and Laptop Store SQL Injection Vulnerability (CNVD-2023-29389)

Online Computer and Laptop Store is an online computer and laptop store from Carlo Montero's personal developer. Online Computer and Laptop Store v1.0 is vulnerable to a SQL injection vulnerability that originates in the file /classes/Master.php?f=savesubcategory with the parameter subcategory...

Online Computer and Laptop Store SQL Injection Vulnerability (CNVD-2023-29390)

Online Computer and Laptop Store is an online computer and laptop store by Carlo Montero's personal developer. Online Computer and Laptop Store v1.0 is vulnerable to SQL injection, which can be exploited by attackers to execute illegal SQL commands to steal sensitive database data...