Daily Expense Tracker System SQL Injection Vulnerability (CNVD-2025-31001)

Daily Expense Tracker System is a PHP and MySQL based daily expense tracking system. The Daily Expense Tracker System suffers from a SQL injection vulnerability that stems from a lack of validation of externally-entered SQL statements in the email parameter of the file /forgot-password.php. An...

ABB多款产品 代码注入漏洞

ABB ASPECT-Enterprise is a scalable building energy management and control solution.ABB NEXUS Series is a monitoring and control management system.ABB MATRIX Series is an embedded IoT ASPECT control engine designed to provide flexible field control for medium to large field control applications. ...

PT-2025-22516 · Unknown · Nexus Series +2

Name of the Vulnerable Software and Affected Versions: ASPECT-Enterprise versions through 3.08.03 NEXUS Series versions through 3.08.03 MATRIX Series versions through 3.08.03 Description: SQL injection vulnerabilities in ASPECT allow unintended access and manipulation of database repositories if...

CVE-2000-1235

The default configurations of 1 the port listener and 2 modplsql in Oracle Internet Application Server IAS 3.0.7 and earlier allow remote attackers to view privileged database information via HTTP requests for Database Access Descriptor DAD files...

CVE-2025-3751 TIBCO ActiveMatrix BusinessWorks SQL Injection Vulnerability

The component listed above contains a vulnerability that can be exploited by an attacker to perform a SQL Injection attack. This could lead to unauthorised access to the database and exposure of sensitive information...

CVE-2024-56429

itech iLabClient 3.7.1 relies on the hard-coded YngAYdgAE/kKZYu2F2wm6w== key found in iLabClient.jar for local users to read or write to the database...

CVE-2024-56429

itech iLabClient 3.7.1 relies on the hard-coded YngAYdgAE/kKZYu2F2wm6w== key found in iLabClient.jar for local users to read or write to the database...

PT-2025-22354

Name of the Vulnerable Software and Affected Versions itech iLabClient version 3.7.1 Description The issue concerns the use of a hard-coded key YngAYdgAE/kKZYu2F2wm6w== found in iLabClient.jar that allows local users to read or write to the database. This key is used by itech iLabClient for...

CVE-2024-56429

itech iLabClient 3.7.1 relies on the hard-coded YngAYdgAE/kKZYu2F2wm6w== key found in iLabClient.jar for local users to read or write to the database...

PT-2025-22416 · Tibco Software · Tibco Activematrix Businessworks

Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: The issue allows an attacker to perform a SQL Injection attack, potentially leading to unauthorized access to the database and exposure of sensitive information. Recommendations: At the...

CVE-2024-56429

The CVE-2024-56429 entry impacts itech iLabClient 3.7.1, where a hard-coded encryption/DB-access key YngAYdgAE/kKZYu2F2wm6w== in iLabClient.jar enables local users to read or write to the database. Root cause is the hard-coded key used for database access; no public exploit details are provided i...

CVE-2025-40635 SQL injection at Comerzzia

SQL injection vulnerability in Comerzzia Backoffice: Sales Orchestrator 3.0.15. This vulnerability allows an attacker to retrieve, create, update and delete databases via the ‘uidActivity’, ‘codCompany’ and ‘uidInstance’ parameters of the ‘/comerzzia/login’ endpoint...

SQL Injection Vulnerability in UFIDA NC65 of UFIDA Network Technology Co.

UFIDA NC65 is a group-level ERP system for medium and large enterprises. A SQL injection vulnerability exists in UFIDA NC65, which can be exploited by attackers to obtain sensitive information from the database...

CVE-2025-26086

An unauthenticated blind SQL injection vulnerability exists in RSI Queue Management System v3.0 within the TaskID parameter of the get request handler. Attackers can remotely inject time-delayed SQL payloads to induce server response delays, enabling time-based inference and iterative extraction ...

CVE-2025-46801

Pgpool-II provided by PgPool Global Development Group contains an authentication bypass by primary weakness vulnerability. if the vulnerability is exploited, an attacker may be able to log in to the system as an arbitrary user, allowing them to read or tamper with data in the database, and/or...

CVE-2025-46801

Pgpool-II provided by PgPool Global Development Group contains an authentication bypass by primary weakness vulnerability. if the vulnerability is exploited, an attacker may be able to log in to the system as an arbitrary user, allowing them to read or tamper with data in the database, and/or...

PT-2025-22103 · Mojoomla · Mojoomla Hospital Management System

Name of the Vulnerable Software and Affected Versions: mojoomla Hospital Management System versions n/a through 47.0 Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL Injection attacks...

PT-2025-21985 · Unknown · Automatorwp

Name of the Vulnerable Software and Affected Versions: AutomatorWP versions through 5.2.1.3 Description: The issue is related to an SQL Injection vulnerability, specifically an Improper Neutralization of Special Elements used in an SQL Command. This allows for Blind SQL Injection, which can be...

PT-2025-21692 · WordPress · Lambertgroup Radio Player Shoutcast & Icecast Wordpress Plugin

Name of the Vulnerable Software and Affected Versions: LambertGroup Radio Player Shoutcast & Icecast WordPress Plugin versions through 4.4.6 Description: The issue is related to an SQL Injection vulnerability, specifically Improper Neutralization of Special Elements used in an SQL Command. This...

PT-2025-21687 · Lambertgroup · Lambertgroup Sticky Html5 Music Player

Name of the Vulnerable Software and Affected Versions: LambertGroup Sticky HTML5 Music Player versions 3.1.6 and earlier Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL Injection...