PMB SQL Injection Vulnerability

PMB is a 100% free document management reference tool from the PMB Services team. A SQL injection vulnerability exists in PMB version v.7.4.7, which originates from a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code via thesaurus parameter in...

DEBIAN-CVE-2024-23833

OpenRefine is a free, open source power tool for working with messy data and improving it. A jdbc attack vulnerability exists in OpenRefineversion=3.7.7 where an attacker may construct a JDBC query which may read files on the host filesystem. Due to the newer MySQL driver library in the latest...

The vulnerability of the WP Sessions Time Monitoring plugin in the fully automatic WordPress content management system allows attackers to expose protected information.

The vulnerability of the WP Sessions Time Monitoring full-automatic content management system’s plugin is related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor to disclose the protected information...

CVE-2024-1207

The WP Booking Calendar plugin for WordPress is vulnerable to SQL Injection via the 'calendarrequestparamsdatesddmmyycsv' parameter in all versions up to, and including, 9.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query...

Novel-Plus SQL Injection Vulnerability

Novel-Plus is an online social reading and writing platform from Novel-Plus, Inc. A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and earlier versions, which stems from a SQL injection vulnerability in the path /system/dataPerm/list...

jshERP SQL Injection Vulnerability

jshERP Huaxia ERP is a homegrown ERP system developed by a Chinese individual developer, Ji Sheng Hua. A SQL injection vulnerability exists in jshERP v3.3, which is caused by insufficient filtering of the "column" and "order" parameters...

Novel-Plus SQL Injection Vulnerability

Novel-Plus is an online social reading and writing platform from Novel-Plus, Inc. An SQL injection vulnerability exists in Novel-Plus version 4.3.0-RC1, which stems from the fact that incorrect manipulation of the parameter sort can lead to sql injection...

CVE-2024-0883

A vulnerability was found in SourceCodester Online Tours & Travels Management System 1.0. It has been declared as critical. This vulnerability affects the function prepare of the file admin/pay.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely...

CVE-2024-0705

The Stripe Payment Plugin for WooCommerce plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter in all versions up to, and including, 3.7.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...

CVE-2023-5041

The Track The Click WordPress plugin before 0.3.12 does not properly sanitize query parameters to the stats REST endpoint before using them in a database query, allowing a logged in user with an author role or higher to perform time based blind SQLi attacks on the database...

Design/Logic Flaw

The Track The Click WordPress plugin before 0.3.12 does not properly sanitize query parameters to the stats REST endpoint before using them in a database query, allowing a logged in user with an author role or higher to perform time based blind SQLi attacks on the database...

PT-2024-13531 · WordPress · Newsletters

Name of the Vulnerable Software and Affected Versions: The Newsletters WordPress plugin versions prior to 4.9.3 Description: The issue arises from the plugin's failure to properly escape user-controlled parameters when they are appended to SQL queries and shell commands. This could enable an...

PT-2024-15604 · Code Projects · Code-Projects Fighting Cock Information System

Name of the Vulnerable Software and Affected Versions: code-projects Fighting Cock Information System version 1.0 Description: A critical issue was found in the system, affecting some unknown functionality of the file /admin/action/delete-vaccine.php. The manipulation of the ref argument leads to...

CVE-2024-0460

A vulnerability was found in code-projects Faculty Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/pages/student-print.php. The manipulation leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed...

The vulnerability of the Documents module in the ABO.CMS system allows a perpetrator to execute arbitrary code.

The vulnerability of the Documents module in the ABO.CMS system is related to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

PT-2024-1493 · Nexo-Os · Nexo-Os

Name of the Vulnerable Software and Affected Versions: NEXO-OS affected versions not specified Description: The issue allows a remote unauthenticated attacker to read arbitrary content of the results database via a crafted HTTP request. This is related to a lack of protection for the SQL query...

PT-2024-14467 · Unknown · Ptypeconverter

Name of the Vulnerable Software and Affected Versions: pTypeConverter versions 0.2.8.1 and earlier Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for potential exploitation by injecting...

PT-2024-15409 · Unknown · Codeastro Online Food Ordering System

Name of the Vulnerable Software and Affected Versions: CodeAstro Online Food Ordering System version 1.0 Description: A critical vulnerability was found in the Admin Panel component of the CodeAstro Online Food Ordering System. The manipulation of the Username argument leads to SQL injection. The...

CVE-2023-50862

Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'hotelIDHidden' parameter of the booking.php resource does not validate the characters received and they are sent unfiltered to the database...

CVE-2023-49624

Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'cancelid' parameter of the materialbill.php resource does not validate the characters received and they are sent unfiltered to the database...