多款ZOHO产品SQL注入漏洞

ZOHO ManageEngine Password Manager Pro and ZOHO ManageEngine Access Manager Plus are both products of ZOHO India.ZOHO ManageEngine Password Manager Pro is a password manager. ZOHO ManageEngine Access Manager Plus is a privileged session management solution for organizations to centralize, secure...

CVE-2022-35946 SQL injection through plugin controller in GLPI

GLPI stands for Gestionnaire Libre de Parc Informatique and is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. In affected versions request input is not properly validated in the plugin controller and can be used ...

Authentication flaw

Under certain conditions an attacker authenticated as a CMS administrator access the BOE Commentary database and retrieve non-personal system data, modify system data but can't make the system unavailable. This needs the attacker to have high privilege access to the same physical/logical network ...

PT-2022-23277 · Unknown · Sazanrjb Inventorymanagementsystem

Name of the Vulnerable Software and Affected Versions: sazanrjb InventoryManagementSystem version 1.0 Description: A SQL injection issue in CustomerDAO.java allows attackers to execute arbitrary SQL commands via parameters such as searchTxt. This enables unauthorized access and manipulation of...

CVE-2022-39050

An attacker who is logged into OTRS as an admin user may manipulate customer URL field to store JavaScript code to be run later by any other agent when clicking the customer URL link. Then the stored JavaScript is executed in the context of OTRS. The same issue applies for the usage of external...

PT-2022-8647 · Unknown +1 · Modsecurity +2

Name of the Vulnerable Software and Affected Versions: Modsecurity owasp-modsecurity-crs version 3.2.0 Description: The issue allows attackers to bypass Modsecurity WAF protection using comment characters and variable assignments in SQL syntax, enabling them to implement SQL injection attacks on...

CVE-2022-38118

OAKlouds Portal website’s Meeting Room has insufficient validation for user input. A remote attacker with general user privilege can perform SQL-injection to access, modify, delete database, perform system operations and disrupt service...

Sql injection

OAKlouds Portal website’s Meeting Room has insufficient validation for user input. A remote attacker with general user privilege can perform SQL-injection to access, modify, delete database, perform system operations and disrupt service...

Oaklouds SQL注入漏洞

Hgiga Oaklouds is an enterprise collaborative work portal network of China Henderson Technology Hgiga Company. It is used for just-in-time communication and resource reservation. Oaklouds suffers from a SQL injection vulnerability that stems from insufficient validation of user input. A remote...

PT-2022-24212 · Unknown · Oaklouds Portal

Name of the Vulnerable Software and Affected Versions: OAKlouds Portal affected versions not specified Description: The issue is related to insufficient validation for user input in the Meeting Room of the OAKlouds Portal website. This allows a remote attacker with general user privileges to...

SQL INJECTION

Summary The user can submit an SQL query directly to the database, gaining access without providing appropriate credentials. Attackers can then view, export, modify, and delete confidential information; change passwords and other authentication information; and possibly gain access to other syste...

Fiserv Prologue 安全漏洞

Fiserv Prologue is a tool for streamlining financial accounting processes and accelerating the delivery of reliable, accessible information that improves performance. A security vulnerability exists in versions of Fiserv Prologue prior to 2020-12-16 that stems from not properly protecting databas...

Default credentials

Contract Management System v2.0 contains a weak default password which gives attackers to access database connection information...

PT-2022-22919 · Unknown · Sazanrjb Inventorymanagementsystem

Name of the Vulnerable Software and Affected Versions: sazanrjb InventoryManagementSystem version 1.0 Description: A SQL injection issue in CustomerDAO.java allows attackers to execute arbitrary SQL commands via the searchTxt parameter. This enables unauthorized access and manipulation of databas...

PT-2022-22922 · Unknown · Sazanrjb Inventorymanagementsystem

Name of the Vulnerable Software and Affected Versions: sazanrjb InventoryManagementSystem version 1.0 Description: A SQL injection issue allows attackers to execute arbitrary SQL commands via the parameter customerCode in CustomerDAO.java. This enables unauthorized access and manipulation of...

PT-2022-22628 · Unknown · Contract Management System

Name of the Vulnerable Software and Affected Versions: Contract Management System version 2.0 Description: The issue is related to a weak default password in the Contract Management System, which allows attackers to access database connection information. Recommendations: For Contract Management...

Inout RealEstate 2.1.2 SQL Injection Vulnerability

┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ┌┘ Exploits ┌┘ └───────────────────────────────────────────────────────────────────────────────────────┘┘ : Author : CraCkEr │ │ : │ Website : inoutscripts.com │ │ │ │ Vendor : Inout Scripts │ │ │ │ Softwar...

PT-2022-23495 · Mingsoft · Mingsoft Mcms

Name of the Vulnerable Software and Affected Versions: Mingsoft MCMS version 5.2.8 Description: A SQL injection issue was found in the /mdiy/model/delete URI via models Lists. This could potentially allow for unauthorized access to database information. Recommendations: For Mingsoft MCMS version...

Inout RealEstate 2.1.2 SQL Injection

┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...

Readymade Job Portal Script SQL Injection Vulnerability

Readymade Job Portal Script suffers from a remote SQL injection vulnerability. The researcher requested version information from the vendor while reporting the vulnerability but the company has been unresponsive. ┌──── From The Ashes and Dust Rises An Unimaginable crack.... ────┐...