CVE-2024-29201

JumpServer is an open source bastion host and an operation and maintenance security audit system. Attackers can bypass the input validation mechanism in JumpServer's Ansible to execute arbitrary code within the Celery container. Since the Celery container runs with root privileges and has databas...

The vulnerability of the VMmanager 6 virtualization tool, related to the lack of protective measures for the SQL query structure, allows attackers to execute arbitrary SQL queries against the database.

The vulnerability of VMmanager 6’s virtualization mechanism is related to the lack of security measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL queries against the database remotely...

The vulnerability of the VMmanager 6 virtualization tool, related to the lack of protective measures for the SQL query structure, allows attackers to execute arbitrary SQL queries against the database.

The vulnerability of VMmanager 6’s virtualization mechanism is related to the lack of security measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL queries against the database remotely...

SQL Injection Vulnerability in DSS of Zhejiang Dahua Technology Co.

Zhejiang Dahua Technology Co., Ltd. is the world's leading video-centered intelligent IOT solution provider and operation service provider. A SQL injection vulnerability exists in the DSS of Zhejiang Dahua Technology Co. Ltd, which can be exploited by attackers to obtain sensitive information fro...

JUX Real Estate 3.4.0 - SQL Injection

Exploit Title: JUX Real Estate 3.4.0 - SQL Injection Exploit Author: CraCkEr Date: 26/02/2025 Vendor: JoomlaUX Vendor Homepage: https://joomlaux.com/ Software Link: https://extensions.joomla.org/extension/jux-real-estate/ Demo Link: http://demo.joomlaux.com/jux-real-estate Tested on: Windows 11 P...

CVE-2025-2199

SQL injection vulnerability in the Innovación y Cualificación local administration plugin ajax.php. This vulnerability allows an attacker to obtain, update and delete data from the database by injecting an SQL query in ‘searchActionsToUpdate’, ‘searchSpecialitiesPending’,...

PT-2025-16821 · Unknown · Telecontrol Server Basic

Name of the Vulnerable Software and Affected Versions: TeleControl Server Basic versions prior to 3.1.2.2 Description: A SQL injection vulnerability has been identified in the affected application through the internally used UpdateOpcSettings method. This could allow an authenticated remote...

PT-2025-16817 · Unknown · Telecontrol Server Basic

Name of the Vulnerable Software and Affected Versions: TeleControl Server Basic versions prior to 3.1.2.2 Description: A SQL injection vulnerability has been identified in the affected application through the internally used UpdateSmtpSettings method. This could allow an authenticated remote...

PT-2025-16818 · Unknown · Telecontrol Server Basic

Name of the Vulnerable Software and Affected Versions: TeleControl Server Basic versions prior to 3.1.2.2 Description: A SQL injection vulnerability has been identified in the affected application through the internally used UpdateBufferingSettings method. This could allow an authenticated remote...

PT-2025-16814 · Unknown · Telecontrol Server Basic

Name of the Vulnerable Software and Affected Versions: TeleControl Server Basic versions prior to 3.1.2.2 Description: A SQL injection vulnerability has been identified in the affected application through the internally used UpdateUsers method. This could allow an authenticated remote attacker to...

CVE-2024-12245 Blind SQL Injection in Logout

Logout functionality contains a blind SQL injection that can be exploited by unauthenticated attackers. Using a time-based blind SQLi technique the attacker can disclose all database contents. Account takeover is a potential outcome depending on the presence or lack thereof entries in certain...

CVE-2024-54445 Blind SQLi in Login

Login functionality contains a blind SQL injection that can be exploited by unauthenticated attackers. Using a time-based blind SQLi technique the attacker can disclose all database contents. Account takeover is a potential outcome depending on the presence or lack thereof entries in certain...

PT-2025-16811 · Unknown · Telecontrol Server Basic

Name of the Vulnerable Software and Affected Versions: TeleControl Server Basic versions prior to 3.1.2.2 Description: The issue allows an authenticated remote attacker to bypass authorization controls, read from and write to the application's database, and execute code with "NT...

JUX Real Estate 3.4.0 SQL Injection

JUX Real Estate version 3.4.0 suffers from a remote SQL injection vulnerability. Exploit Title: JUX Real Estate 3.4.0 - SQL Injection Exploit Author: CraCkEr Date: 26/02/2025 Vendor: JoomlaUX Vendor Homepage: https://joomlaux.com/ Software Link:...

CVE-2024-13781

CVE-2024-13781 concerns the WordPress plugin Hero Maps Premium (Customizable Google Maps Plugin) up to version 2.3.9. The vulnerability is a SQL Injection caused by insufficient escaping of user-supplied parameters and insufficient preparation in existing queries, exploitable by authenticated att...

Esri ArcGIS Server SQL Injection Vulnerability (CNVD-2025-05054)

Esri ArcGIS Server is Esri's Web-oriented enterprise software platform for providing geolocation services. Esri ArcGIS Server suffers from a SQL injection vulnerability that stems from the application's lack of validation of externally entered SQL statements. An attacker could use this...

WordPress plugin School Management System SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL. WordPress plugin is an application plugin. A SQL injection vulnerability exis...

CVE-2024-12144 SQLi in Finder Fire Safety's Finder ERP/CRM (Old System)

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Finder Fire Safety Finder ERP/CRM Old System allows SQL Injection. This issue affects Finder ERP/CRM Old System: before 18.12.2024...

CVE-2025-25763

crmeb CRMEB-KY v5.4.0 and before has a SQL Injection vulnerability at getRead in /system/SystemDatabackupServices.php...

Linux Distros Unpatched Vulnerability : CVE-2022-1949

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An access control bypass vulnerability found in 389-ds-base. That mishandling of the filter that would yield incorrect results, but as that has progressed, can ...