The vulnerability of the software for network monitoring and control of IT infrastructure on the SolarWinds Platform lies in the lack of protective measures for the SQL query structure, allowing attackers to execute arbitrary SQL code.

The vulnerability of the software for network monitoring and control of IT infrastructure on the SolarWinds Platform is related to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL code remotely...

CVE-2024-5329

The Unlimited Elements For Elementor Free Widgets, Addons, Templates plugin for WordPress is vulnerable to blind SQL Injection via the ‘dataaddonID’ parameter in all versions up to, and including, 1.5.109 due to insufficient escaping on the user supplied parameter and lack of sufficient preparati...

Campcodes Complete Web-Based School Management System 安全漏洞

Campcodes Complete Web-Based School Management System is a Web-based school management system from Campcodes, Inc. A security vulnerability exists in Complete Web-Based School Management System version 1.0. An attacker can exploit this vulnerability to execute arbitrary SQL commands via the id...

The vulnerability of the Ivanti EPM 2022 SU5 endpoint management software lies in its lack of measures to neutralize special elements used in the operating system’s command set. This allows a perpetrator to execute arbitrary code.

The vulnerability of the Ivanti EPM 2022 SU5 endpoint management software exists due to the failure to take measures to neutralize special elements used in the operating system’s command set. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by injecting specially...

The vulnerability of the built-in server of the medical image and data management system Sante PACS Server PG allows a hacker to execute arbitrary codes.

The vulnerability in the embedded DICOM server of the medical image and data management system Sante PACS Server PG is related to the lack of measures taken to protect the SQL query structure when processing the NAME parameter of a patient record. Exploiting this vulnerability allows an attacker ...

CVE-2024-35475

A Cross-Site Request Forgery CSRF vulnerability was discovered in OpenKM Community Edition on or before version 6.3.12. The vulnerability exists in /admin/DatabaseQuery, which allows an attacker to manipulate a victim with administrative privileges to execute arbitrary SQL commands...

Santesoft Sante PACS Server 安全漏洞

Santesoft Sante PACS Server is a DICOM 3.0 compliant PACS server, Modality Worklist server, HTTP Web server for DICOM files, and CD/DVD burning and printing server from Santesoft Cyprus. Used to store, archive, manage, view and burn medical images. A security vulnerability exists in Santesoft San...

CVE-2024-4287

In mintplex-labs/anything-llm, a vulnerability exists due to improper input validation in the workspace update process. Specifically, the application fails to validate or format JSON data sent in an HTTP POST request to /api/workspace/:workspace-slug/update, allowing it to be executed as part of ...

CVE-2024-4287

In mintplex-labs/anything-llm, a vulnerability exists due to improper input validation in the workspace update process. Specifically, the application fails to validate or format JSON data sent in an HTTP POST request to /api/workspace/:workspace-slug/update, allowing it to be executed as part of ...

CVE-2024-4287 Improper Input Validation in mintplex-labs/anything-llm

In mintplex-labs/anything-llm, a vulnerability exists due to improper input validation in the workspace update process. Specifically, the application fails to validate or format JSON data sent in an HTTP POST request to /api/workspace/:workspace-slug/update, allowing it to be executed as part of ...

CVE-2024-4287

In mintplex-labs/anything-llm, a vulnerability exists due to improper input validation in the workspace update flow. The flaw occurs when JSON data sent via HTTP POST to /api/workspace/:workspace-slug/update is not properly validated/formatted, allowing the payload to be executed as part of a dat...

Event Registration System SQL注入漏洞

Event Registration System is a QR code based event registration system by Carlo Montero, an individual developer. An SQL injection vulnerability exists in Event Registration System version 1.0, which originates from an unknown function in Portal.php that causes SQL injection via the...

PT-2024-34538 · Unknown · Campcodes Complete Web-Based School Management System

Name of the Vulnerable Software and Affected Versions: Campcodes Complete Web-Based School Management System version 1.0 Description: A critical issue was found in the system, affecting an unknown functionality of the file /view/teacher profile.php. The manipulation of the index argument leads to...

Multiple vulnerabilities in Field Logic DataCube

Overview DataCube provided by Field Logic Inc. contains multiple vulnerabilities listed below. Direct Request 'Forced Browsing' CWE-425 - CVE-2024-25830 Reflected cross-site scripting CWE-79 - CVE-2024-25831 Unrestricted upload of file with dangerous type CWE-434 - CVE-2024-25832 SQL injection...

PT-2024-5502 · Umi Cms · Umi Cms

Name of the Vulnerable Software and Affected Versions: UMI CMS affected versions not specified Description: The issue is related to the lack of protection against SQL query structure exploitation in UMI CMS, a multi-site content management system. This could allow a remote attacker to execute...

RuvarOA 安全漏洞

RuvarOA is an office automation system of Ruvar China. A SQL injection vulnerability exists in RuvarOA v6.01 and v12.01, which is caused by the lack of validation of the officemissiveid parameter in the /WorkFlow/wfworkformsave.aspx file against external SQL input. An attacker can exploit this...

RuvarOA 安全漏洞

RuvarOA is an office automation system of Ruvar China. A SQL injection vulnerability exists in RuvarOA v6.01 and v12.01, which is caused by a lack of validation of the idlist parameter of the /WorkFlow/wfworkprint.aspx file against externally entered SQL statements. An attacker can exploit this...

CVE-2024-33164

J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sqlfilter parameter in the authUserList function...

PT-2024-25133 · J2Eefast · J2Eefast

Name of the Vulnerable Software and Affected Versions: J2EEFAST version 2.7.0 Description: The issue is related to a SQL injection vulnerability. It occurs via the sql filter parameter in the myProcessList function. Recommendations: For J2EEFAST version 2.7.0, consider restricting access to the...

Campcodes Complete Web-Based School Management System 安全漏洞

Campcodes Complete Web-Based School Management System is a Web-based school management system from Campcodes, Inc. A security vulnerability exists in version 1.0 of the Campcodes Complete Web-Based School Management System, which originates from an SQL injection vulnerability in the myindex...