3898 matches found
WordPress plugin Welcart e-Commerce 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A security vulnerability...
CVE-2024-45537
Apache Druid allows users with certain permissions to read data from other database systems using JDBC. This functionality allows trusted users to set up Druid lookups or run ingestion tasks. Druid also allows administrators to configure a list of allowed properties that users are able to provide...
PT-2024-30869 · Unknown · Wpcargo Track & Trace
Name of the Vulnerable Software and Affected Versions: WPCargo Track & Trace versions 7.0.0 through 7.0.6 Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows attackers to manipulate the database...
PT-2024-30831 · Unknown · Spiffy Calendar
Name of the Vulnerable Software and Affected Versions: Spiffy Calendar versions through 4.9.12 Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL Injection attacks. Recommendations: For...
SQL Injection Vulnerability in UFIDA U8CRM of UFIDA Network Technology Co. Ltd (CNVD-2024-41602)
UFIDA U8CRM is a professional enterprise-level CRM software designed to help companies efficiently manage customer relationships, improve sales performance and provide quality customer service. A SQL injection vulnerability exists in UFIDA U8CRM, which can be exploited by attackers to obtain...
CVE-2024-27113
An unauthenticated Insecure Direct Object Reference IDOR to the database has been found in the SO Planning tool that occurs when the public view setting is enabled. An attacker could use this vulnerability to gain access to the underlying database by exporting it as a CSV file. The vulnerability...
CVE-2024-27113
An unauthenticated Insecure Direct Object Reference IDOR to the database has been found in the SO Planning tool that occurs when the public view setting is enabled. An attacker could use this vulnerability to gain access to the underlying database by exporting it as a CSV file. The vulnerability...
CVE-2024-27112
A unauthenticated SQL Injection has been found in the SO Planning tool that occurs when the public view setting is enabled. An attacker could use this vulnerability to gain access to the underlying database. The vulnerability has been remediated in version 1.52.02...
CVE-2024-27112
A unauthenticated SQL Injection has been found in the SO Planning tool that occurs when the public view setting is enabled. An attacker could use this vulnerability to gain access to the underlying database. The vulnerability has been remediated in version 1.52.02...
SOPlanning 安全漏洞
SOPlanning is a suite of online project management software from SOPlanning. A security vulnerability exists in SOPlanning. An attacker exploiting the vulnerability could access the underlying database...
CVE-2024-6796 Vulnerability in Baxter Connex Health Portal
In Baxter Connex health portal released before 8/30/2024, an improper access control vulnerability has been found that could allow an unauthenticated attacker to gain unauthorized access to Connex portal's database and/or modify content...
PT-2024-37869 · Connex · Connex
Name of the Vulnerable Software and Affected Versions: Connex health portal versions prior to 8/30/2024 Description: The issue concerns SQL injection vulnerabilities that could allow an unauthenticated attacker to gain unauthorized access to the Connex portal's database. An attacker could submit ...
Baxter Connex Health Portal 安全漏洞
The Baxter Connex Health Portal is a web portal for medical instruments from Baxter USA. A security vulnerability exists in the Baxter Connex Health Portal that stems from the inclusion of an improper access control vulnerability that could allow an unauthenticated attacker to gain unauthorized...
CVE-2024-45174
An issue was discovered in za-internet C-MOR Video Surveillance 5.2401 and 6.00PL01. Due to improper validation of user-supplied data, different functionalities of the C-MOR web interface are vulnerable to SQL injection attacks. This kind of attack allows an authenticated user to execute arbitrar...
PT-2024-38064 · Semtek · Sempos
Name of the Vulnerable Software and Affected Versions: Semtek Sempos versions through 31072024 Description: The issue is related to an Improper Neutralization of Special Elements used in an SQL Command, also known as a SQL Injection vulnerability. This allows unauthorized database access...
CVE-2024-29729
SQL injection vulnerabilities in SportsNET affecting version 4.0.1. These vulnerabilities could allow an attacker to retrieve, update and delete all information in the database by sending a specially crafted SQL query: https://XXXXXXX.saludydesafio.com/app/ax/generateShortURL/, parameter url...
CVE-2024-29726
SQL injection vulnerabilities in SportsNET affecting version 4.0.1. These vulnerabilities could allow an attacker to retrieve, update and delete all information in the database by sending a specially crafted SQL query: https://XXXXXXX.saludydesafio.com/app/ax/setAsRead/, parameter id...
CVE-2024-29728
SportsNET (version 4.0.1) contains SQL injection vulnerabilities affecting its API endpoint /app/ax/inscribeUsuario/ with parameter idDesafio. Multiple connected sources describe that an attacker could retrieve, update, or delete all data by sending specially crafted SQL queries. Root cause and e...
PT-2024-22967 · Sportsnet · Sportsnet
Name of the Vulnerable Software and Affected Versions: SportsNET version 4.0.1 Description: The issue concerns SQL injection vulnerabilities that could allow an attacker to retrieve, update, and delete all information in the database by sending a specially crafted SQL query to the API endpoint:...
SportsNET SQL注入漏洞
SportsNET is a sports event network application from SportsNET, Inc. SportsNET suffers from a SQL injection vulnerability that can be exploited by an attacker to retrieve, update, and delete all information in the database via a specially crafted SQL query...