CVE-2024-8855

CVE-2024-8855 affects the WordPress Auction Plugin (

CVE-2024-41767 IBM Engineering Lifecycle Optimization - Publishing SQL injection

IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify, or delete information in the back-end database...

ABB Cylon Aspect 3.08.03 CookieDB SQL Injection Vulnerability

ABB Cylon Aspect version 3.08.03 suffers from an SQL injection through the key and user parameters. These inputs are not properly sanitized and do not utilize stored procedures, allowing attackers to manipulate SQL queries and potentially gain unauthorized access to the database or execute...

ABB Cylon Aspect 3.08.02 CookieDB SQL Injection Vulnerability

ABB Cylon Aspect version 3.08.02 suffers from an SQL injection through the key and user parameters. These inputs are not properly sanitized and do not utilize stored procedures, allowing attackers to manipulate SQL queries and potentially gain unauthorized access to the database or execute...

PT-2024-17915 · Unknown · Codeastro Online Food Ordering System

Name of the Vulnerable Software and Affected Versions: CodeAstro Online Food Ordering System version 1.0 Description: A critical issue has been identified in the CodeAstro Online Food Ordering System, affecting an unknown functionality of the file /admin/update users.php, specifically the Update...

CVE-2024-12558 WP BASE Booking of Appointments, Services and Events <= 4.9.2 - Missing Authorization to Authenticated (Subscriber+) Sensitive Information Exposure via app_export_db

The WP BASE Booking of Appointments, Services and Events plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the exportdb function in all versions up to, and including, 4.9.2. This makes it possible for authenticated attackers, with...

PT-2024-33801

Name of the Vulnerable Software and Affected Versions: Wapro ERP Desktop versions prior to 8.90.0 Description: The issue involves the use of a hard-coded password for a database administrator account created during Wapro ERP installation. This allows an attacker to retrieve embedded sensitive dat...

CVE-2024-55099

A SQL Injection vulnerability was found in /admin/index.php in phpgurukul Online Nurse Hiring System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the username parameter...

CVE-2024-28146

The application uses several hard-coded credentials to encrypt config files during backup, to decrypt the new firmware during an update and some passwords allow a direct connection to the database server of the affected device...

CVE-2024-28146

CVE-2024-28146 affects Image Access Scan2Net software. The issue arises from hard-coded credentials used to (1) encrypt configuration files during backups, (2) decrypt firmware during updates, and (3) passwords that allow a direct connection to the device’s database server. Public records from mu...

CVE-2024-28146 Hardcoded credentials

The application uses several hard-coded credentials to encrypt config files during backup, to decrypt the new firmware during an update and some passwords allow a direct connection to the database server of the affected device...

CVE-2024-28146 Hardcoded credentials

The application uses several hard-coded credentials to encrypt config files during backup, to decrypt the new firmware during an update and some passwords allow a direct connection to the database server of the affected device...

CVE-2024-55099

A SQL Injection vulnerability was found in /admin/index.php in phpgurukul Online Nurse Hiring System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the username parameter...

Image Access Scan2Net 安全漏洞

Image Access Scan2Net is a scanning software from Image Access, Germany. A security vulnerability exists in Image Access Scan2Net versions 7.40 and earlier, 7.42 and earlier, and 7.42B and earlier, which stems from the application's use of multiple hard-coded credentials to encrypt configuration...

CVE-2024-55099

CVE-2024-55099 affects the phpgurukul Online Nurse Hiring System v1.0, where an SQL injection in the /admin/index.php endpoint via the username parameter allows remote attackers to execute arbitrary SQL and gain unauthorized database access. The vulnerability is caused by insufficient input valid...

PT-2024-22296 · Image Access Gmbh · Scan2Net

Name of the Vulnerable Software and Affected Versions: Application affected versions not specified Description: The issue concerns the application's use of several hard-coded credentials. These credentials are used for encrypting config files during backup and decrypting new firmware during...

CVE-2024-51165

SQL injection vulnerability in JEPAAS7.2.8, via /je/rbac/rbac/loadLoginCount in the dateVal parameter, which could allow a remote user to submit a specially crafted query, allowing an attacker to retrieve all the information stored in the DB...

CVE-2024-54923

A SQL Injection vulnerability was found in /admin/editteacher.php in kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the department parameter...

CVE-2024-54931

A SQL Injection was found in /admin/deleteevent.php in kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the id parameter...

CVE-2024-54925

A SQL Injection was found in /removesentmessage.php in kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the id parameter...