ECshop 安全漏洞

ShopeX ECShop is an open source mall system of the Chinese business school ShopeX company . Support PC + H5 + APP + small program mall, source code free download experience, suitable for enterprise development and build mall. ECShop SQL injection vulnerability , the vulnerability stems from...

Smart School 6.4.1 - SQL Injection Vulnerability

Exploit Title: Smart School 6.4.1 - SQL Injection Exploit Author: CraCkEr Vendor: QDocs - qdocs.net Vendor Homepage: https://smart-school.in/ Software Link: https://demo.smart-school.in/ Tested on: Windows 10 Pro Impact: Database Access CVE: CVE-2023-5495 CWE: CWE-89 - CWE-74 - CWE-707 Greetings...

Smart School 6.4.1 - SQL Injection

Exploit Title: Smart School 6.4.1 - SQL Injection Exploit Author: CraCkEr Date: 28/09/2023 Vendor: QDocs - qdocs.net Vendor Homepage: https://smart-school.in/ Software Link: https://demo.smart-school.in/ Tested on: Windows 10 Pro Impact: Database Access CVE: CVE-2023-5495 CWE: CWE-89 - CWE-74 -...

CVE-2024-29202 JumpServer vulnerable to Jinja2 template injection in Ansible leads to RCE in Celery

JumpServer is an open source bastion host and an operation and maintenance security audit system. Attackers can exploit a Jinja2 template injection vulnerability in JumpServer's Ansible to execute arbitrary code within the Celery container. Since the Celery container runs with root privileges and...

CVE-2024-29202

CVE-2024-29202 concerns JumpServer, an open source bastion host. Multiple connected sources confirm a Jinja2 template injection in JumpServer’s Ansible component that allows arbitrary code execution inside the Celery container. The Celery container reportedly runs with root privileges and has acc...

CVE-2024-29202 JumpServer vulnerable to Jinja2 template injection in Ansible leads to RCE in Celery

JumpServer is an open source bastion host and an operation and maintenance security audit system. Attackers can exploit a Jinja2 template injection vulnerability in JumpServer's Ansible to execute arbitrary code within the Celery container. Since the Celery container runs with root privileges and...

CVE-2024-29201 JumpServer's insecure Ansible playbook validation leads to RCE in Celery

JumpServer is an open source bastion host and an operation and maintenance security audit system. Attackers can bypass the input validation mechanism in JumpServer's Ansible to execute arbitrary code within the Celery container. Since the Celery container runs with root privileges and has databas...

CVE-2024-29201 JumpServer's insecure Ansible playbook validation leads to RCE in Celery

JumpServer is an open source bastion host and an operation and maintenance security audit system. Attackers can bypass the input validation mechanism in JumpServer's Ansible to execute arbitrary code within the Celery container. Since the Celery container runs with root privileges and has databas...

PT-2024-23421 · Falang · Falang

Name of the Vulnerable Software and Affected Versions: Falang multilanguage versions 1.3.47 and earlier Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for potential exploitation by injectin...

PT-2024-22804

Name of the Vulnerable Software and Affected Versions JumpServer versions prior to 3.10.7 Description JumpServer is an open source bastion host and an operation and maintenance security audit system. Attackers can exploit a Jinja2 template injection vulnerability in JumpServer's Ansible to execut...

PT-2024-23428 · Unknown · Download Monitor

Name of the Vulnerable Software and Affected Versions: Download Monitor versions through 4.9.4 Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for potential exploitation by injecting malicio...

PT-2024-23291

Name of the Vulnerable Software and Affected Versions Andy Moyle Church Admin versions 4.0.27 and earlier Description The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for potential exploitation by injecti...

PT-2024-23284 · Unknown · Contest Gallery

Name of the Vulnerable Software and Affected Versions: Contest Gallery versions prior to 21.3.2 Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for potential unauthorized access or...

SeaCMS SQL Injection Vulnerability (CNVD-2024-26090)

SeaCMS is a free and open source web content management system written in PHP. The system has been designed primarily to manage video-on-demand resources. A SQL injection vulnerability exists in SeaCMS version 12.9, which can be exploited by an attacker to view, add, modify, or delete information...

Delta Electronics DIAEnergie SQL Injection Vulnerability (CNVD-2025-06627)

Delta Electronics DIAEnergie is an industrial energy management system from Delta Electronics, Taiwan, China, for monitoring and analyzing energy consumption in real time, calculating energy consumption and load characteristics, optimizing equipment performance, improving production processes and...

Delta Electronics DIAEnergie SQL Injection Vulnerability (CNVD-2025-06626)

Delta Electronics DIAEnergie is an industrial energy management system from Delta Electronics, Taiwan, China, for monitoring and analyzing energy consumption in real time, calculating energy consumption and load characteristics, optimizing equipment performance, improving production processes and...

Delta Electronics DIAEnergie DIAE_tagHandler. ashx Script SQL Injection Vulnerability

Delta Electronics DIAEnergie is an industrial energy management system from Delta Electronics, Taiwan, China. An SQL injection vulnerability exists in the Delta Electronics DIAEnergie DIAEtagHandler. ashx script, which can be exploited by an attacker to view, add, modify, or delete information in...

PHP Task Management System 安全漏洞

SourceCodester Task Management System is a task management system. A security vulnerability exists in PHP Task Management System version 1.0 that stems from vulnerability to SQL injection attacks via update-employee.php...

Abast SCAN_VISIO eDocument Suite Web Viewer 安全漏洞

Abast SCANVISIO eDocument Suite Web Viewer is a document viewer from Abast. A security vulnerability exists in Abast SCANVISIO eDocument Suite Web Viewer, which originates from an SQL injection vulnerability in the user parameter of the landing page. An unauthenticated attacker could use this...

CVE-2024-25654

Insecure permissions for log files of AVSystem Unified Management Platform UMP 23.07.0.16567LTS allow members with local access to the UMP application server to access credentials to authenticate to all services, and to decrypt sensitive data stored in the database...