SUSE CVE-2023-46490

SQL Injection vulnerability in Cacti v1.2.25 allows a remote attacker to obtain sensitive information via the formactions function in the managers.php function...

PT-2023-32105 · WordPress · Vertical Marquee Plugin

Name of the Vulnerable Software and Affected Versions: Vertical marquee plugin for WordPress versions up to, and including, 7.1 Description: The issue arises from insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query in the plugin's...

CVE-2023-44480

Leave Management System Project v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'setcasualleave' parameter of the admin/setleaves.php resource does not validate the characters received and they are sent unfiltered to the database...

CVE-2023-43794 SQL Injection in nocodb

Nocodb is an open source Airtable alternative. Affected versions of nocodb contain a SQL injection vulnerability, that allows an authenticated attacker with creator access to query the underlying database. By supplying a specially crafted payload to the given an attacker can inject arbitrary SQL...

The vulnerability of the software platforms for developing and managing Magento Open Source and Adobe Commerce online stores lies in the lack of protective measures for the SQL query structure, allowing attackers to execute arbitrary code.

The vulnerability of the software platforms for developing and managing Magento Open Source and Adobe Commerce online stores is related to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

The vulnerability of the RequestHandlers.js LoginAuth function in the software for router configuration by MilesightVPN allows a hacker to bypass the authentication process.

The vulnerability of the RequestHandlers.js LoginAuth function in the MilesightVPN software’s router configuration relates to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor to bypass the authentication process remotely...

PT-2023-27750 · Qsige · Qsige

Name of the Vulnerable Software and Affected Versions: QSige affected versions not specified Description: The QSige statistics are affected by a remote SQL injection vulnerability. The web application does not correctly filter input parameters, allowing SQL injections, Denial of Service DoS, or...

DedeBIZ SQL Injection Vulnerability

DedeBIZ is a content management system from China Muyun Intelligent Technology DedeBIZ company. A SQL injection vulnerability exists in DedeBIZ version 6.2, which stems from the fact that incorrect manipulation of the parameter ids can lead to sql injection...

CVE-2023-44047

Sourcecodester Toll Tax Management System v1 is vulnerable to SQL Injection...

PT-2023-30110 · Unknown · Saphira Connect

Name of the Vulnerable Software and Affected Versions: Saphira Connect versions prior to 9 Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL Injection attacks. Recommendations: For...

PT-2023-31400 · Infinitietech · Infinitietech Taskhub

Name of the Vulnerable Software and Affected Versions: infinitietech taskhub version 2.8.7 Description: A critical issue has been found in the GET Parameter Handler component, specifically affecting the /home/get tasks list file. The manipulation of the project/status/user id/sort/search argument...

PT-2023-27712 · Unknown · Schoolmate

Name of the Vulnerable Software and Affected Versions: Schoolmate version 1.3 Description: The issue concerns SQL Injection in the schoolname variable from the Database, located at header.php. This allows for potential exploitation. Recommendations: For Schoolmate version 1.3, consider restrictin...

SUSE CVE-2023-39361

Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a SQL injection discovered in graphview.php. Since guest users can access graphview.php without authentication by default, if guest users are being utilized in an enabled state, there...

PT-2023-4916 · Unknown · Super Store Finder

Name of the Vulnerable Software and Affected Versions: Super Store Finder version 3.6 Description: The issue is related to a lack of protection against SQL query structure exploitation, which can allow a remote attacker to gain access to the administration panel. The store locator component is...

ARDEREG Sistemas SCADA SQL Injection Vulnerability

ARDEREG Sistemas SCADA is a Supervisory Control and Data Acquisition SCADA system from ARDEREG, Inc. ARDEREG Sistemas SCADA suffers from a SQL injection vulnerability that originates from the login page being susceptible to SQL injection attacks...

CVE-2023-4556

A vulnerability was found in SourceCodester Online Graduate Tracer System 1.0 and classified as critical. Affected by this issue is the function mysqliquery of the file sexit.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been...

PT-2023-29575 · Sourcecodester · Sourcecodester Online Graduate Tracer System

Name of the Vulnerable Software and Affected Versions: SourceCodester Online Graduate Tracer System version 1.0 Description: A critical issue was found, affecting the mysqli query function of the file sexit.php. The manipulation of the id argument leads to SQL injection. The attack can be launche...

Aruba Networks EdgeConnect SD-WAN Orchestrator SQL注入漏洞

Aruba Networks EdgeConnect is an edge connectivity management platform from Aruba Networks, USA. A security vulnerability exists in the Aruba Networks EdgeConnect SD-WAN Orchestrator that stems from an SQL injection vulnerability in the web-based management interface...

CVE-2023-39939

SQL injection vulnerability in LuxCal Web Calendar prior to 5.2.3M MySQL version and LuxCal Web Calendar prior to 5.2.3L SQLite version allows a remote unauthenticated attacker to execute arbitrary queries against the database and obtain or alter the information in it...

CVE-2022-48601

A SQL injection vulnerability exists in the “network print report” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database...