Kashipara Music Management System SQL Injection Vulnerability (CNVD-2024-37442)

Kashipara Music Management System is a music management system from Kashipara. A SQL injection vulnerability exists in Kashipara Music Management System v1.0, which originates from the lack of validation of the "id" parameter of /music/index.php?page=viewplaylist against external input SQL...

PT-2024-30158 · Unknown · Kashipara Music Management System

Name of the Vulnerable Software and Affected Versions: Kashipara Music Management System version 1.0 Description: A SQL injection issue in the "/music/view user.php" endpoint allows an attacker to execute arbitrary SQL commands via the id parameter of the View User Profile Page. This could...

The vulnerability of the netcat/message_fields.php file in the Netcat CMS system allows a intruder to gain unauthorized access to protected information.

The vulnerability of the netcat/messagefields.php file in the Netcat CMS system is related to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain unauthorized access to protected information from the...

The vulnerability of the Netcat module in CMS systems allows attackers to gain unauthorized access to protected information.

The vulnerability of the messaging module in the CMS system Netcat is related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor, operating remotely, to gain unauthorized access to the protected information from the database...

PT-2024-91: Time-based SQL Injection in Netcat CMS

The vulnerability was identified in Netcat, version 6.4 Extra. The discovered vulnerability allows an attacker to read information from the database. Vulnerability status: Confirmed by vendor Date of vulnerability remediation: 20.08.2024 Recommendations: Update to version or higher Additional...

PT-2024-77: Time-based SQL Injection in Netcat CMS (module comments)

The vulnerability was identified in Netcat CMS module comments, version 6.4 Extra. The discovered vulnerability allows an attacker to read information from the database. Vulnerability status: Confirmed by vendor Date of vulnerability remediation: 20.08.2024 Recommendations: Update to version or...

PT-2024-7252 · Скуд Gate · Скуд Gate

Name of the Vulnerable Software and Affected Versions: СКУД Gate affected versions not specified Description: The issue is related to insufficient access control in the СКУД Gate software. Exploitation of this issue may allow a remote attacker to gain access to the software's database...

Meshery SQL Injection vulnerability

Meshery is an open source, cloud native manager that enables the design and management of Kubernetes-based infrastructure and applications. A SQL injection vulnerability in Meshery prior to version 0.7.22 may lead to arbitrary file write by using a SQL injection stacked queries payload, and the...

Dell CloudLink 安全漏洞

Dell CloudLink is a data encryption and key management system from Dell USA. A security vulnerability exists in Dell CloudLink versions prior to 8.1, which arises from improper checking or handling of abnormal conditions in cluster components, and can be exploited by an attacker with remote acces...

PT-2024-28258 · Horizon Business Services Inc. · Caterease

Name of the Vulnerable Software and Affected Versions: Horizon Business Services Inc. Caterease versions 16.0.1.1663 through 24.0.1.2405 Description: The issue allows a remote attacker to expand control over the operating system from the database due to the execution of commands with unnecessary...

MTN Group: SQL injection in URL path leads to Database Access

The application https://corporate.admyntec.co.za/ was found to have an SQL injection vulnerability in its URL paths. User IDs, organization numbers, and other sensitive information were stored in the backend database without proper sanitization, allowing an attacker to exploit the vulnerability a...

Security Bulletin: A vulnerability in Npgsql affects IBM Robotic Process Automation and may result in incorrect back end database access (CVE-2024-32655)

Summary A vulnerability in Npgsql affects IBM Robotic Process Automation and may result in incorrect back end database access. Ngpsql is used by IBM Robotic Process Automation for database access. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability...

Establishment Billing Management System SQL注入漏洞

Establishment Billing Management System is a billing management system by oretnom23 Individual Developer. An SQL injection vulnerability exists in the Establishment Billing Management System version 1.0, which stems from an incorrect manipulation of the parameter id that can lead to sql injection...

Simopro Technology WinMatrix3 SQL Injection Vulnerability (CNVD-2025-20311)

Simopro Technology WinMatrix3 is an IT resource management system for enterprise-class computer asset management, endpoint security control and IT operations management. Simopro Technology WinMatrix3 suffers from a SQL injection vulnerability that stems from a lack of proper validation of user...

CVE-2024-41915

A vulnerability in the web-based management interface of ClearPass Policy Manager could allow an authenticated remote attacker to conduct SQL injection attacks against the ClearPass Policy Manager instance. An attacker could exploit this vulnerability to obtain and modify sensitive information in...

PT-2024-37806

Name of the Vulnerable Software and Affected Versions Mikafon MA7 versions 3.0 through 3.0 Description The issue is related to an SQL Injection vulnerability, which is caused by the improper neutralization of special elements used in an SQL command. This allows for SQL Injection, potentially...

Simopro Technology WinMatrix3 SQL注入漏洞

Simopro Technology WinMatrix3 is an IT resource management system for enterprise-class computer asset management, endpoint security control and IT operations management. Simopro Technology WinMatrix3 suffers from a SQL injection vulnerability that stems from a lack of proper validation of user...

PT-2024-28984 · Ibm · Ibm Infosphere Information Server

Name of the Vulnerable Software and Affected Versions: IBM InfoSphere Information Server version 11.7 Description: The issue allows a remote attacker to send specially crafted SQL statements, potentially enabling them to view, add, modify, or delete information in the back-end database. This is a...

CVE-2024-0006

Information exposure in the logging system in Yugabyte Platform allows local attackers with access to application logs to obtain database user credentials in log files, potentially leading to unauthorized database access...

CVE-2024-0006

Information exposure in the logging system in Yugabyte Platform allows local attackers with access to application logs to obtain database user credentials in log files, potentially leading to unauthorized database access...