WordPress Plugin GEO my WordPress SQL Injection Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress Plugin GEO my...

PT-2023-32847 · Byzoro +1 · Byzoro S210 +1

Name of the Vulnerable Software and Affected Versions: Byzoro S210 up to 20231210 Beijing Baichuo S210 up to 20231210 Description: A critical issue has been discovered, affecting an unknown function of the file /importexport.php. The manipulation of the sql argument leads to injection. This issue...

CVE-2023-48050

SQL injection vulnerability in Cams Biometrics Zkteco, eSSL, Cams Biometrics Integration Module with HR Attendance aka odoo-biometric-attendance v. 13.0 through 16.0.1 allows a remote attacker to execute arbitrary code and to gain privileges via the db parameter in the controllers/controllers.py...

CVE-2023-49363

Rockoa 2.3.3 is vulnerable to SQL Injection. The problem exists in the indexAction method in reimpAction.php...

CVE-2023-6035

The EazyDocs WordPress plugin before 2.3.4 does not properly sanitize and escape "data" parameter before using it in an SQL statement via an AJAX action, which could allow any authenticated users, such as subscribers, to perform SQL Injection attacks...

Packers and Movers Management System Security Vulnerability

Packers and Movers Management System is a Packers and Movers Management System by Carlo Montero Individual Developer. A security vulnerability exists in Packers and Movers Management System version v.1.0, which stems from the presence of a SQL injection vulnerability. The vulnerability can be...

VulnCheck KEV: CVE-2023-1454

A vulnerability classified as critical has been found in jeecg-boot 3.5.0. This affects an unknown part of the file jmreport/qurestSql. The manipulation of the argument apiSelectId leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public...

CVE-2023-5047

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in DRD Fleet Leasing DRDrive allows SQL Injection. This issue affects DRDrive: before 20231006...

The vulnerability of the DELETE_STR script (General/system/censor_words/module/delete.php) in the Tongda OA automation tool allows a hacker to execute arbitrary SQL queries.

The vulnerability of the delete.php script General/system/censorwords/module/delete.php, a tool for automating business processes in Tongda OA, is related to the failure to protect the SQL query structure during the processing of the DELETESTR parameter. Exploiting this vulnerability allows an...

Cross site request forgery (csrf)

The XWiki Admin Tools Application provides tools to help the administration of XWiki. Prior to version 4.5.1, a cross-site request forgery vulnerability in the query on XWiki tool allows executing arbitrary database queries on the database of the XWiki installation. Among other things, this allow...

CVE-2023-48293

The CVE refers to XWiki Admin Tools Application (pre-4.5.1) where a CSRF flaw in the Query on XWiki tool allows executing arbitrary database queries. This can modify or delete wiki data and potentially create an attacker account with elevated privileges, impacting confidentiality, integrity, and ...

WordPress Plugin WP Hotel Booking Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

CVE-2023-47308

In the module "Newsletter Popup PRO with Voucher/Coupon code" newsletterpop before version 2.6.1 from Active Design for PrestaShop, a guest can perform SQL injection in affected versions. The method NewsletterpopsendVerificationModuleFrontController::checkEmailSubscription has sensitive SQL calls...

CVE-2023-46601

A vulnerability has been identified in COMOS All versions. The affected application lacks proper access controls in making the SQLServer connection. This could allow an attacker to query the database directly to access information that the user should not have access to...

Siemens Comos 安全漏洞

COMOS is a unified data platform for collaborative plant design, operations and management that supports the collection, processing, preservation and distribution of information throughout the plant lifecycle. An access control error vulnerability exists in Siemens COMOS, which could be exploited...

Online Matrimonial Project SQL Injection Vulnerability

Online Matrimonial Project is an online matrimonial program. A SQL injection vulnerability exists in Online Matrimonial Project v1.0 where certain parameters are not validated or escaped before they are used in a stitched SQL statement...

Online Matrimonial Project SQL Injection Vulnerability

Online Matrimonial Project is an online matrimonial program. A SQL injection vulnerability exists in Online Matrimonial Project v1.0 where certain parameters are not validated or escaped before they are used in a stitched SQL statement...

PT-2023-30214 · Unknown · Online Matrimonial Project

Name of the Vulnerable Software and Affected Versions: Online Matrimonial Project version 1.0 Description: The issue concerns Unauthenticated SQL Injection vulnerabilities. Specifically, the id parameter of the "partner preference.php" resource does not validate the characters received and they a...

PT-2023-21245 · WordPress · Wp Reroute Email

Name of the Vulnerable Software and Affected Versions: WP Reroute Email versions 1.4.6 and earlier Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL Injection attacks. Recommendations:...

CVE-2023-5918

A vulnerability, which was classified as critical, was found in SourceCodester Visitor Management System 1.0. Affected is an unknown function of the file manageuser.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The identifier of thi...