CVE-2022-36276

TCMAN GIM v8.0.1 is vulnerable to a SQL injection via the 'SqlWhere' parameter inside the function 'BuscarESM'. The exploitation of this vulnerability might allow a remote attacker to directly interact with the database...

Sage 200c Security Vulnerability

Sage 200c is a full-featured mid-market ERP software for all businesses from Sage UK. A security vulnerability exists in Sage 200c version 2023.38.001, which stems from the presence of plaintext credentials in the application, and can be exploited by a remote attacker to potentially extract SQL...

PT-2023-29008 · Jizhicms · Jizhicms

Name of the Vulnerable Software and Affected Versions: Jizhicms version 2.4.9 Description: The issue is related to a SQL injection vulnerability in the backend, allowing users to obtain database information. Recommendations: For Jizhicms version 2.4.9, at the moment, there is no information about...

Online Book Store Project SQL Injection Vulnerability

Projectworlds Online Book Store Project In Php is a Php-based online bookstore system from the Austrian company Projectworlds. A SQL injection vulnerability exists in Online Book Store Project v1.0, which originates from characters that are not validated as received and are sent to the database...

PT-2023-29138 · Undefined · Undefined

Name of the Vulnerable Software and Affected Versions: process registration.php affected versions not specified Description: The issue concerns the 'phone' parameter of the process registration.php resource, which does not validate the characters received. As a result, these characters are sent...

WS_FTP Server SQL Injection Vulnerability

Progress Software WSFTP Server is an effective and highly manageable FTP server from Progress Software, USA. A SQL injection vulnerability exists in WSFTP Server versions prior to 8.7.4, 8.8.2. An attacker exploiting this vulnerability is able to infer information about the structure and content ...

The vulnerability in the software web interface for processing and transmitting confidential data of Progress MOVEit Transfer lies in the lack of validation for XML objects’ sequences, allowing an intruder to gain unauthorized access to the MOVEit Transfer database.

The vulnerability of the software web interface for processing and transmitting confidential data in Progress MOVEit Transfer is related to the lack of verification of the validity of XML objects. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access...

PT-2023-28894 · Unknown · Taxonworks

Name of the Vulnerable Software and Affected Versions: TaxonWorks versions prior to 0.34.0 Description: A SQL injection issue was found in TaxonWorks, allowing authenticated attackers to extract arbitrary data from the database, including the users table, which may lead to information disclosure...

CVE-2023-42660

In Progress MOVEit Transfer versions released before 2021.1.8 13.1.8, 2022.0.8 14.0.8, 2022.1.9 14.1.9, 2023.0.6 15.0.6, a SQL injection vulnerability has been identified in the MOVEit Transfer machine interface that could allow an authenticated attacker to gain unauthorized access to the MOVEit...

CVE-2023-42660 MOVEit Transfer Machine Interface SQL Injection

In Progress MOVEit Transfer versions released before 2021.1.8 13.1.8, 2022.0.8 14.0.8, 2022.1.9 14.1.9, 2023.0.6 15.0.6, a SQL injection vulnerability has been identified in the MOVEit Transfer machine interface that could allow an authenticated attacker to gain unauthorized access to the MOVEit...

PT-2023-20231 · Nozomi Networks · Nozomi Networks Cmc +1

Name of the Vulnerable Software and Affected Versions: Nozomi Networks Guardian and CMC affected versions not specified Description: A SQL Injection issue has been found due to improper input validation in certain parameters used in the Query functionality. Authenticated users may be able to...

PT-2023-22220 · Nozomi Networks · Nozomi Networks Cmc +1

Name of the Vulnerable Software and Affected Versions: Nozomi Networks Guardian and CMC affected versions not specified Description: A SQL Injection issue, due to improper input validation in certain fields used in the Asset Intelligence functionality of the IDS, may allow an unauthenticated...

Taskhub 2.8.7 SQL Injection Vulnerability

Exploit Title: taskhub 2.8.7 - SQL Injection Exploit Author: CraCkEr Vendor: Infinitie Technologies Vendor Homepage: https://www.infinitietech.com/ Software Link: https://codecanyon.net/item/taskhub-project-management-finance-crm-tool/25685874 Demo: https://taskhub.company/auth Tested on: Windows...

The vulnerability of the quality management software for automobile manufacturers, QMS Automotive, relates to the ability to disclose information through a server error message, allowing an intruder to gain unauthorized access to the database.

The vulnerability of the quality management software for automobile manufacturers, QMS Automotive, involves the disclosure of information through server error messages. Exploiting this vulnerability can allow an unauthorized attacker to gain unauthorized access to the database...

Academy LMS 6.2 SQL Injection Vulnerability

Exploit Title: Academy LMS 6.2 - SQL Injection Exploit Author: CraCkEr Vendor: Creativeitem Vendor Homepage: https://creativeitem.com/ Software Link: https://demo.creativeitem.com/academy/ Tested on: Windows 10 Pro Impact: Database Access CVE: CVE-2023-4974 CWE: CWE-89 / CWE-74 / CWE-707 Greeting...

Academy LMS 6.2 SQL Injection

Exploit Title: Academy LMS 6.2 - SQL Injection Exploit Author: CraCkEr Date: 29/08/2023 Vendor: Creativeitem Vendor Homepage: https://creativeitem.com/ Software Link: https://demo.creativeitem.com/academy/ Tested on: Windows 10 Pro Impact: Database Access CVE: CVE-2023-4974 CWE: CWE-89 / CWE-74 /...

PT-2023-30164

Name of the Vulnerable Software and Affected Versions Innosa Probbys versions prior to 2 Description The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL Injection attacks. Recommendations For version...

CVE-2023-4832

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Aceka Company Management allows SQL Injection.This issue affects Company Management: before 3072...

Siemens QMS Automotive Information Disclosure Vulnerability (CNVD-2023-71222)

Siemens QMS Automotive is a quality management system for the automotive industry from Siemens, Germany. Siemens QMS Automotive has an information disclosure hole that can be exploited by an attacker to gain direct access to the database...

CVE-2023-40717

A use of hard-coded credentials vulnerability CWE-798 in FortiTester 2.3.0 through 7.2.3 may allow an attacker who managed to get a shell on the device to access the database via shell commands...