CVE-2023-7099

CVE-2023-7099 affects PHPGurukul Nipah Virus Testing Management System 1.0. The issue is a SQL injection in the bwdates-report-result.php file caused by manipulating the fromdate parameter, with remote attack potential. Multiple connected sources corroborate the vulnerable component and root caus...

PT-2023-30851 · Unknown · Projectworld Online Voting System

Name of the Vulnerable Software and Affected Versions: Online Voting System Project version 1.0 Description: The issue concerns multiple Unauthenticated SQL Injection vulnerabilities. The username parameter of the "login action.php" resource does not validate the characters received and they are...

PT-2023-22144 · Bestwebsoft · Contact Form To Db

Name of the Vulnerable Software and Affected Versions: Contact Form to DB by BestWebSoft – Messages Database Plugin For WordPress versions 1.7.0 and earlier Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL comman...

CVE-2021-42797

Path traversal vulnerability in AVEVA Edge formerly InduSoft Web Studio versions R2020 and prior allows an unauthenticated user to steal the Windows access token of the user account configured for accessing external DB resources...

CVE-2023-48395

Kaifa Technology WebITR is an online attendance system, it has insufficient validation for user input within a special function. A remote attacker with regular user privilege can exploit this vulnerability to inject arbitrary SQL commands to read database...

Sql injection

ArmorX Global Technology Corporation ArmorX Spam has insufficient validation for user input within a special function. An unauthenticated remote attacker can exploit this vulnerability to inject arbitrary SQL commands to access, modify and delete database...

CVE-2023-48384

CVE-2023-48384 affects ArmorX Spam from ArmorX Global Technology Corporation. Affected component: input validation in a special function, enabling unauthenticated remote attackers to perform SQL injection to access, modify, and delete databases. CVSS v3.1 base score 9.8 (CRITICAL) with network at...

CVE-2023-48384 ArmorX Global Technology Corporation ArmorX Spam - SQL Injectoin

ArmorX Global Technology Corporation ArmorX Spam has insufficient validation for user input within a special function. An unauthenticated remote attacker can exploit this vulnerability to inject arbitrary SQL commands to access, modify and delete database...

CVE-2023-48372

ITPison OMICARD EDM 's SMS-related function has insufficient validation for user input. An unauthenticated remote attacker can exploit this vulnerability to inject arbitrary SQL commands to access, modify and delete database...

Sql injection

ITPison OMICARD EDM 's SMS-related function has insufficient validation for user input. An unauthenticated remote attacker can exploit this vulnerability to inject arbitrary SQL commands to access, modify and delete database...

ITPison OMICARD EDM SQL Injection Vulnerability

ITPison OMICARD EDM is a high-speed newsletter EDM marketing and distribution system from ITPison, China. A SQL injection vulnerability exists in ITPison OMICARD EDM v6.0.1.5, which stems from insufficient validation of user input in SMS related functions, and can be exploited by a remote attacke...

CVE-2023-47261

Dokmee ECM 7.4.6 allows remote code execution because the response to a GettingStarted/SaveSQLConnectionAsync //gettingstarted request contains a connection string for privileged SQL Server database access, and xpcmdshell can be enabled...

Design/Logic Flaw

Dokmee ECM 7.4.6 allows remote code execution because the response to a GettingStarted/SaveSQLConnectionAsync //gettingstarted request contains a connection string for privileged SQL Server database access, and xpcmdshell can be enabled...

CVE-2023-47261

Dokmee ECM 7.4.6 allows remote code execution because the response to a GettingStarted/SaveSQLConnectionAsync //gettingstarted request contains a connection string for privileged SQL Server database access, and xpcmdshell can be enabled...

osCommerce 4 SQL Injection Vulnerability

Exploit Title: osCommerce 4 - SQL Injection Exploit Author: CraCkEr Date: 22/11/2023 Vendor: osCommerce ltd. Vendor Homepage: https://www.oscommerce.com/ Software Link: https://demo.oscommerce.com/ Demo Link: https://demo.oscommerce.com/b2b-supermarket/ Tested on: Windows 11 Home Impact: Database...

osCommerce 4 SQL Injection

Exploit Title: osCommerce 4 - SQL Injection Exploit Author: CraCkEr Date: 22/11/2023 Vendor: osCommerce ltd. Vendor Homepage: https://www.oscommerce.com/ Software Link: https://demo.oscommerce.com/ Demo Link: https://demo.oscommerce.com/b2b-supermarket/ Tested on: Windows 11 Home Impact: Database...

postgresql: extension script @substitutions@ within quoting allow SQL injection

IN THE EXTENSION SCRIPT, a SQL Injection vulnerability was found in PostgreSQL if it uses @extowner@, @extschema@, or @extschema:...@ inside a quoting construct dollar quoting, '', or "". If an administrator has installed files of a vulnerable, trusted, non-bundled extension, an attacker with...

Information disclosure

The FACSChorus software database can be accessed directly with the privileges of the currently logged-in user. A threat actor with physical access could potentially gain credentials, which could be used to alter or destroy data stored in the database...

PT-2023-22122 · Unknown · Facschorus

Name of the Vulnerable Software and Affected Versions: FACSChorus affected versions not specified Description: The FACSChorus software database can be accessed directly with the privileges of the currently logged-in user. A threat actor with physical access could potentially gain credentials, whi...

CVE-2023-40610 Apache Superset: Privilege escalation with default examples database

Improper authorization check and possible privilege escalation on Apache Superset up to but excluding 2.1.2. Using the default examples database connection that allows access to both the examples schema and Apache Superset's metadata database, an attacker using a specially crafted CTE SQL stateme...