PT-2024-36440 · Unknown · Kashipara E-Learning Management System

Name of the Vulnerable Software and Affected Versions: kashipara E-learning Management System version 1.0 Description: A SQL Injection issue was found in the /admin/edit user.php file, allowing remote attackers to execute arbitrary SQL commands and gain unauthorized access to the database via the...

CVE-2024-54920

A SQL Injection vulnerability was found in /teachersignup.php of kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL command to get unauthorized database access via the firstname, lastname, and classid parameters...

Kashipara E-learning Management System 安全漏洞

Kashipara E-learning Management System is a learning management system from Kashipara. A security vulnerability exists in Kashipara E-learning Management System v1.0. An attacker can exploit this vulnerability to gain unauthorized access to the database by executing arbitrary SQL commands via the...

CVE-2024-54924

CVE-2024-54924 describes a SQL injection in Kashipara E-learning Management System v1.0, exploitable via the /admin/edit_content.php endpoint (title and content parameters) allowing remote attackers to execute arbitrary SQL and obtain unauthorized database access. The issue is documented across m...

CVE-2024-54931

CVE-2024-54931 relates to a SQL injection in Kashipara E-learning Management System v1.0, exposed via the /admin/delete_event.php endpoint. The vulnerability stems from unsanitized input to the id parameter, allowing remote attackers to execute arbitrary SQL commands and gain unauthorized databas...

CVE-2024-54920

A SQL Injection vulnerability was found in /teachersignup.php of kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL command to get unauthorized database access via the firstname, lastname, and classid parameters...

CVE-2024-54925

A SQL Injection was found in /removesentmessage.php in kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the id parameter...

CVE-2024-54922

CVE-2024-54922 affects Kashipara E-learning Management System v1.0. A SQL Injection vulnerability exists in the web endpoint/workflow involving the file /admin/edit_user.php, impacting input parameters firstname , lastname , and username . The flaw allows remote attackers to execute arbitrary SQL...

CVE-2024-11730

The KiviCare – Clinic & Patient Management System EHR plugin for WordPress is vulnerable to SQL Injection via the 'sort' parameter of the staticdatalist AJAX action in all versions up to, and including, 3.6.4 due to insufficient escaping on the user supplied parameter and lack of sufficient...

PT-2024-36070 · Phpmyfaq · Phpmyfaq

Name of the Vulnerable Software and Affected Versions: phpMyFAQ versions prior to 4.0.0 Description: The issue exposes database server credentials when a connection to the database fails. This can occur when the database instance or server is unreachable, resulting in an error that reveals the...

JetBrains YouTrack 2024.3.51866 Multiple Vulnerabilities (2024_3_51866)

The version of JetBrains YouTrack installed on the remote host is prior to 2024.3.51866. It is, therefore, affected by multiple vulnerabilities as referenced in the 2024351866 advisory. - In JetBrains YouTrack before 2024.3.51866, unauthenticated database backup download was possible via a...

The vulnerability of the Windows Active Directory (AD) management and reporting software Zoho ManageEngine ADAudit Plus lies in the lack of protection for SQL query structures, allowing attackers to execute custom queries and gain access to database table records.

The vulnerability of the Windows Active Directory management and reporting software Zoho ManageEngine ADAudit Plus is related to the lack of protection for SQL query structures. Exploiting this vulnerability allows a malicious actor to execute custom queries and gain access to database table...

The vulnerability of the audit settings of the Windows Active Directory management and reporting software Zoho ManageEngine ADAudit Plus allows a perpetrator to execute custom requests and gain access to the database table records.

The vulnerability of the audit settings of the Windows Active Directory management and reporting software Zoho ManageEngine ADAudit Plus relates to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute custom queries and gai...

SQL Injection Vulnerability in NC of UFIDA Network Technology Co.

UFIDA is a leading provider of management software, ERP software, group management software, human resource management software, customer relationship management software, small business management software, financial and administrative institution management software, automotive industry...

PT-2024-38656 · Special Minds Design · E-Commerce

Name of the Vulnerable Software and Affected Versions: Special Minds Design and Software e-Commerce versions prior to 22.11.2024 Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL...

PT-2024-35203 · Ibm · Ibm Concert

Name of the Vulnerable Software and Affected Versions: IBM Concert Software versions 1.0.0 through 1.0.2.1 Description: The issue allows a remote attacker to send specially crafted SQL statements, potentially enabling them to view, add, modify, or delete information in the back-end database. This...

PT-2024-34546 · Jepaas · Jepaas

Name of the Vulnerable Software and Affected Versions: JEPaaS version 7.2.8 Description: The issue is related to SQL injection vulnerability in multiple parameters via the "/je/login/btnLog/insertBtnLog" API endpoint. This could allow a remote user to submit a specially crafted query, enabling an...

SQL Injection Vulnerability in BlueLine EKP of Shenzhen BlueLine Software Co.

BlueLine EKP is a fully online digital OA for large and medium-sized enterprises. Ltd. SQL injection vulnerability exists in BlueLine EKP, which can be exploited by attackers to obtain sensitive information from the database...

Grand Vice info Webopac SQL注入漏洞

Grand Vice info Webopac is an online public access catalog from China Xinxueying Info Grand Vice info. It is used for users to access library services over the Internet. Grand Vice info Webopac suffers from a SQL injection vulnerability that originates from allowing an unauthenticated, remote...

PT-2024-35013 · Unknown · Gboy Custom Google Map

Name of the Vulnerable Software and Affected Versions: Gboy Custom Google Map versions n/a through 1.2 Description: The issue is related to an SQL Injection vulnerability, specifically an Improper Neutralization of Special Elements used in an SQL Command. This allows for Blind SQL Injection, whic...