PT-2024-39032 · Unknown · Job Portal

Name of the Vulnerable Software and Affected Versions: JobPortal affected versions not specified Description: The issue is related to a SQL injection vulnerability. An attacker could send a specially designed query through the user id parameter in the "/jobportal/admin/user/controller.php" endpoi...

Lansweeper Credential Collector

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Lansweeper Credential Collector', 'Description' = %q Lansweeper stores the credentials it uses to scan the computers in its Microsoft SQL databas...

WordPress plugin Propovoice Pro SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection...

SourceCodester E-Commerce Website SQL注入漏洞

SourceCodester E-Commerce Website is a SourceCodester open source application. A PHP e-commerce website project for bookstores. A SQL injection vulnerability exists in SourceCodester E-Commerce Website version 1.0, which stems from the manipulation of the parameter fname in the file...

CVE-2024-7651

The App Builder – Create Native Android & iOS Apps On The Flight plugin for WordPress is vulnerable to limited SQL Injection via the ‘app-builder-search’ parameter in all versions up to, and including, 4.2.6 due to insufficient escaping on the user supplied parameter and lack of sufficient...

CVE-2024-7780

The Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder plugin for WordPress is vulnerable to generic SQL Injection via the id parameter in versions 2.0 to 2.13.9 due to insufficient escaping on the user-supplied parameter and la...

Hertzbeat 安全漏洞

Hertzbeat is an open source real-time monitoring system. A SQL injection vulnerability exists in Hertzbeat versions prior to 1.6.0 that stems from the application's lack of validation of externally entered SQL statements. An attacker can exploit this vulnerability to execute illegal SQL commands ...

PT-2024-38414 · WordPress · Learnpress

Name of the Vulnerable Software and Affected Versions: LearnPress – WordPress LMS Plugin versions up to, and including, 4.2.6.9.3 Description: The issue is related to time-based SQL Injection via the order parameter due to insufficient escaping on the user-supplied parameter and lack of sufficien...

PT-2024-38292 · Sourcecodester · Sourcecodester Tracking Monitoring Management System

Name of the Vulnerable Software and Affected Versions: SourceCodester Tracking Monitoring Management System version 1.0 Description: A critical issue was found in the system, affecting the /ajax.php?action=save establishment file. The manipulation of the id argument leads to SQL injection. The...

CVE-2024-39304 ChurchCRM SQL Injection Vulnerability

ChurchCRM is an open-source church management system. Versions of the application prior to 5.9.2 are vulnerable to an authenticated SQL injection due to an improper sanitization of user input. Authentication is required, but no elevated privileges are necessary. This allows attackers to inject SQ...

The vulnerability of the templateadd.php file in the Tailoring Management System allows a malicious individual to execute arbitrary SQL code, gain unauthorized access to read, modify, or delete data, or cause service interruptions.

The vulnerability of the templateadd.php file in the Tailoring Management System relates to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows an attacker who operates remotely to execute arbitrary SQL code, gain unauthorized access to read, modify, ...

PT-2024-37839 · Aguardnet · Aguardnet'S Space Management System

Name of the Vulnerable Software and Affected Versions: AguardNet's Space Management System affected versions not specified Description: The issue allows unauthenticated remote attackers to inject arbitrary SQL commands, enabling them to read, modify, and delete database contents due to improper...

CVE-2024-39027

SeaCMS v12.9 has an unauthorized SQL injection vulnerability. The vulnerability is caused by the SQL injection through the cid parameter at /js/player/dmplayer/dmku/index.php?ac=edit, which can cause sensitive database information to be leaked...

The vulnerability of the query_utask_verbose function in the MCUDBHelper component of the corporate version of the PowerPanel Enterprise monitoring and power source management system allows a perpetrator to disclose protected information.

The vulnerability of the queryutaskverbose function in the MCUDBHelper component of the PowerPanel Enterprise monitoring and power management system is related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability can allow an attacker to disclose sensitive...

WordPress plugin UsersWP security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

The vulnerability of the ThinServer component of the Rockwell Automation ThinManager application management platform allows a attacker to execute arbitrary code.

The vulnerability of the ThinServer component of Rockwell Automation’s centralized application management platform, ThinManager, relates to errors in processing input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by sending a specially crafted SQL query...

CVE-2024-6218

A vulnerability, which was classified as critical, has been found in itsourcecode Vehicle Management System 1.0. Affected by this issue is some unknown functionality of the file busprofile.php. The manipulation of the argument busid leads to sql injection. The attack may be launched remotely. The...

CVE-2024-5605

The Media Library Assistant plugin for WordPress is vulnerable to time-based SQL Injection via the ‘order’ parameter within the mlatagcloud Shortcode in all versions up to, and including, 3.16 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...

WordPress plugin Youzify security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

The vulnerability of the IT service management web component Ivanti Neurons for ITSM allows a malicious actor to read, modify, delete arbitrary files, and cause service failures.

The vulnerability of the IT service management web component Ivanti Neurons for ITSM is related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows an attacker to remotely read, modify, or delete arbitrary files, as well as cause a service failure...