Delta Electronics DIAEnergie SQL注入漏洞

A SQL blind injection vulnerability exists in the /DataHandler/HandlerEnergyType.ashx endpoint in DIAEnergie 1.7.5 and earlier versions. The vulnerability stems from the application not properly validating the value provided by the user via the parameter egyid before using the value as part of a...

thinkphp-zcms SQL注入漏洞

thinkphp-zcms is open source based on thinkphp3.2 development of a cms system , more comprehensive features . thinkphp-zcms There is a SQL injection vulnerability , an attacker can use the vulnerability through index.php?m=home&c=message&a=add to execute arbitrary SQL commands...

CVE-2021-24550

The Broken Link Manager WordPress plugin through 0.6.5 does not sanitise, validate or escape the url GET parameter before using it in a SQL statement when retrieving an URL to edit, leading to an authenticated SQL injection issue...

Vulnerabilities fixed in IBM Db2

IBM has fixed vulnerabilities in Db2. A malicious party could vulnerabilities potentially exploit them to cause a denial-of-service cause. To do this, a rogue database query on the database server to be executed. IBM has released updates to fix the vulnerabilities. For more information, see:...

CASAP Automated Enrollment SQL注入漏洞

CASAP Automated Enrollment is an automated enrollment system for the CASAP organization. The goal of this project is to provide CASAP with an automated enrollment system to streamline the school's processes and make them more effective, efficient and easily retrievable. SourceCodester Alumni...

Metinfo MetInfo SQL注入漏洞

Metinfo MetInfo is a content management system CMS developed by China Metinfo using PHP and Mysql. A SQL injection vulnerability exists in MetInfo, which originates from the product's admin/?n=language&c=languageweb&a=doAddLanguage does not securely validate user input data, and can be exploited ...

CVE-2020-4902

IBM Datacap Taskmaster Capture IBM Datacap Navigator 9.1.7 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 191045...

PT-2021-10735 · Unknown · Phpgurukul Hospital Management System

Name of the Vulnerable Software and Affected Versions: PHPGurukul Hospital Management System version 4.0 Description: The issue concerns a SQL injection vulnerability located in the hmsget doctor.php file. This vulnerability can be exploited by remote unauthenticated users to obtain sensitive...

The vulnerability of the site/index.php/admin/pages/update component of the BigTree CMS system allows a hacker to execute arbitrary SQL queries.

The vulnerability of the site/index.php/admin/pages/update component of the BigTree CMS system is related to the lack of measures for cleaning input data. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks XSS remotely...

WordPress 插件SQL注入漏洞

WordPress Plugin is an open source application plugin for WordPress. WP Statistics suffers from a SQL injection vulnerability that can be exploited by attackers to obtain sensitive information about a database...

PT-2021-3413

Name of the Vulnerable Software and Affected Versions Spam protection, AntiSpam, FireWall by CleanTalk WordPress Plugin versions prior to 5.153.4 Description The issue is related to the update log function in the lib/Cleantalk/ApbctWP/Firewall/SFW.php module, which does not properly protect the S...

Django SQL注入漏洞

Django is the Django Foundation's set of open source Web application framework based on the Python language . The framework includes an object-oriented mapper, view system, template system, and more. An SQL injection vulnerability exists in Django Debug Toolbar, which can be exploited by an...

The vulnerability of the SearchController class implementation in the web application for managing phpMyAdmin database management systems allows a hacker to cause a service failure.

The vulnerability of the SearchController class implementation in the web application for managing phpMyAdmin database management systems is related to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to cause service...

The vulnerability of the fw.login.php component of the Artica Web Proxy management system allows a hacker to execute arbitrary code with root privileges.

The vulnerability of the fw.login.php component of the Artica Web Proxy server management system is related to the lack of security measures for the SQL query structure. Exploiting this vulnerability allows a remote attacker to execute arbitrary code with root privileges...

CVE-2020-7929

Removed by vendor...

Soar Cloud System SQL注入漏洞

Soar Cloud System is a HR system solution system developed by Soar. The Soar Cloud System HR portal suffers from a SQL injection vulnerability that stems from not filtering SQL injection statements, which allows a remote attacker to inject SQL syntax and obtain all data in the database without...

LibreNMS SQL注入漏洞

Librenms is an open source network monitoring system based on PHP and MySQL from the Librenms community. The system features customizable alerts, auto-discovery of the network environment and automatic updates. A SQL injection vulnerability exists in LibreNMS versions prior to 21.1.0, which...

PT-2021-9739 · Comodo +1 · Itop +1

Name of the Vulnerable Software and Affected Versions: Combodo iTop versions prior to 2.7.2 Combodo iTop versions prior to 3.0.0 Description: The issue concerns a web-based IT Service Management tool. When a download error occurs in the user portal, an SQL query is displayed to the user...

Sql injection

REDCap 10.3.4 contains a SQL injection vulnerability in the ToDoList function via sort parameter. The application uses the addition of a string of information from the submitted user that is not validated well in the database query, resulting in an SQL injection vulnerability where an attacker ca...

CVE-2020-26712

REDCap 10.3.4 contains a SQL injection vulnerability in the ToDoList function via sort parameter. The application uses the addition of a string of information from the submitted user that is not validated well in the database query, resulting in an SQL injection vulnerability where an attacker ca...