3898 matches found
ROS-20250505-04
The vulnerability of the Zabbix universal monitoring system is related to insufficient cleansing of user data passed via the "groupBy" parameter in include/classes/api/CApiService.php. Exploitation of the vulnerability could allow a remote attacker to execute arbitrary SQL queries in the database...
CVE-2025-3707 Sunnet eHRD CTMS - SQL Injection
The eHDR CTMS from Sunnet has a SQL Injection vulnerability, allowing remote attackers with regular privileges to inject arbitrary SQL command to read database contents...
CVE-2025-3707
The CVE-2025-3707 entry concerns Sunnet’s eHDR CTMS which is affected by a SQL Injection vulnerability in the CTMS component. The issue allows remote attackers with regular privileges to inject arbitrary SQL commands and read database contents, with the confidentiality impact rated High (CVSS 3.1...
PT-2025-18747 · Le Yan · Le-Show Medical Practice Management System
Name of the Vulnerable Software and Affected Versions: Le-show medical practice management system affected versions not specified Description: The Le-show medical practice management system from Le-yan has a SQL Injection vulnerability. This allows unauthenticated remote attackers to inject...
CVE-2025-45018
A SQL Injection vulnerability was discovered in the foreigner-bwdates-reports-details.php file of PHPGurukul Park Ticketing Management System v2.0. This vulnerability allows remote attackers to execute arbitrary SQL code via the todate parameter...
CVE-2025-2890
CVE-2025-2890 affects the WordPress plugin “tagDiv Opt-In Builder” (TagDiv Opt-In Builder) and is exploitable via a time-based SQL Injection in the subscriptionCouponId parameter. All versions up to and including 1.7 are affected due to insufficient escaping and improper preparation of the SQL qu...
PHPGurukul Pre-School Enrollment System 注入漏洞
Pre-School Enrollment System is a web-based preschool enrollment system. The Pre-School Enrollment System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter Status in file /admin/visitor-details.php. An...
CVE-2025-40618 SQL injection vulnerability in Bookgy
SQL injection vulnerability in Bookgy. This vulnerability could allow an attacker to retrieve, create, update and delete databases by sending an HTTP request through the "IDRESERVA" parameter in /bkgimprimircomprobante.php...
CVE-2024-12706 SQL Injection vulnerability discovered in OpenText™ Digital Asset Management.
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in OpenText™ Digital Asset Management. T he vulnerability could allow an authenticated user to run arbitrary SQL commands on the underlying database. This issue affects Digital Asset Management.:...
CVE-2025-46580 ZTE GoldenDB Database product has a code-related vulnerability
There is a code-related vulnerability in the GoldenDB database product. Attackers can access system tables to disrupt the normal operation of business SQL...
CVE-2025-30032
A vulnerability has been identified in TeleControl Server Basic All versions V3.1.2.2. The affected application is vulnerable to SQL injection through the internally used 'UpdateDatabaseSettings' method. This could allow an authenticated remote attacker to bypass authorization controls, to read...
CVE-2025-30002
A vulnerability has been identified in TeleControl Server Basic All versions V3.1.2.2. The affected application is vulnerable to SQL injection through the internally used 'UpdateConnectionVariables' method. This could allow an authenticated remote attacker to bypass authorization controls, to rea...
CVE-2025-32827
A vulnerability has been identified in TeleControl Server Basic All versions V3.1.2.2. The affected application is vulnerable to SQL injection through the internally used 'ActivateProject' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and...
CVE-2025-32863
A vulnerability has been identified in TeleControl Server Basic All versions V3.1.2.2. The affected application is vulnerable to SQL injection through the internally used 'UnlockTraceLevelSettings' method. This could allow an authenticated remote attacker to bypass authorization controls, to read...
CVE-2025-32854
A vulnerability has been identified in TeleControl Server Basic All versions V3.1.2.2. The affected application is vulnerable to SQL injection through the internally used 'LockOpcSettings' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and...
CVE-2025-32872
A vulnerability has been identified in TeleControl Server Basic All versions V3.1.2.2. The affected application is vulnerable to SQL injection through the internally used 'GetOverview' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and wri...
CVE-2025-32836
A vulnerability has been identified in TeleControl Server Basic All versions V3.1.2.2. The affected application is vulnerable to SQL injection through the internally used 'GetConnectionVariables' method. This could allow an authenticated remote attacker to bypass authorization controls, to read...
CVE-2025-32832
A vulnerability has been identified in TeleControl Server Basic All versions V3.1.2.2. The affected application is vulnerable to SQL injection through the internally used 'LockProjectUserRights' method. This could allow an authenticated remote attacker to bypass authorization controls, to read fr...
CVE-2025-32849
A vulnerability has been identified in TeleControl Server Basic All versions V3.1.2.2. The affected application is vulnerable to SQL injection through the internally used 'UnlockSmtpSettings' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from...
CVE-2025-32834
A vulnerability has been identified in TeleControl Server Basic All versions V3.1.2.2. The affected application is vulnerable to SQL injection through the internally used 'UpdateConnectionVariablesWithImport' method. This could allow an authenticated remote attacker to bypass authorization...