PT-2023-11557 · Unknown · Joyplus-Cms

Name of the Vulnerable Software and Affected Versions: Joyplus-cms version 1.6.0 Description: A SQL injection issue allows a remote attacker to access sensitive information via the id parameter of the goodbad function. This enables unauthorized access to sensitive data. Recommendations: For...

CVE-2023-2221

The WP Custom Cursors WordPress plugin before 3.2 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as Admin...

JeecgBoot SQL注入漏洞

JeecgBoot is a Chinese Java low-code platform for enterprise web applications. A security vulnerability exists in JeecgBoot 3.5.1 and earlier versions, which stems from a SQL injection vulnerability in the component queryFilterTableDictInfo...

Agro-School Management System SQL注入漏洞

Agro-School Management System is an agricultural school management system. A SQL injection vulnerability exists in Agro-School Management System version 1.0, which stems from a problem with the file loaddata.php, where manipulation of the subject/course parameter can result in sql injection...

PT-2023-24185 · Code Projects · Agro-School Management System

Name of the Vulnerable Software and Affected Versions: code-projects Agro-School Management System version 1.0 Description: A critical issue has been found in the Agro-School Management System, affecting some unknown functionality of the file loaddata.php. The manipulation of the subject/course...

CVE-2023-2111

The Fast & Effective Popups & Lead-Generation for WordPress plugin before 2.1.4 concatenates user input into an SQL query without escaping it first in the plugin's report API endpoint, which could allow administrators in multi-site configuration to leak sensitive information from the site's...

PT-2023-17903 · WordPress · Fast & Effective Popups & Lead-Generation

Name of the Vulnerable Software and Affected Versions: Fast & Effective Popups & Lead-Generation for WordPress plugin versions prior to 2.1.4 Description: The issue concerns the concatenation of user input into an SQL query without proper escaping in the plugin's report API endpoint. This could...

WordPress plugin Portfolio Gallery SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A SQL injection vulnerability exists in...

CVE-2023-0600

The WP Visitor Statistics Real Time Traffic WordPress plugin before 6.9 does not escape user input which is concatenated to an SQL query, allowing unauthenticated visitors to conduct SQL Injection attacks...

PT-2023-23484 · Sourcecodester · Sourcecodester Faculty Evaluation System

Name of the Vulnerable Software and Affected Versions: Sourcecodester Faculty Evaluation System version 1.0 Description: The issue is related to SQL Injection, which can be exploited via the "/eval/admin/view faculty.php?id=" endpoint. This allows for potential manipulation of database queries...

Medical System Medisys Weblab Products SQL注入漏洞

Medical System Medisys Weblab Products is a client module for Medical System's LIS. It is a tool that allows laboratory clients to log in their own samples and subsequently view the results. A security vulnerability exists in Medical System Medisys Weblab Products version v19.4.03 that stems from...

PT-2023-23003

Name of the Vulnerable Software and Affected Versions Pimcore versions prior to 10.5.21 Description The issue is related to a SQL injection vulnerability in the admin search find API. This vulnerability allows an attacker to interfere with the queries that the application makes to its database,...

CVE-2023-30554

Archery is an open source SQL audit platform. The Archery project contains multiple SQL injection vulnerabilities, that may allow an attacker to query the connected databases. Affected versions are subject to SQL injection in the sqlapi/apiworkflow.py endpoint ExecuteCheck which passes unfiltered...

CVE-2023-30558 Multiple SQL injections in sql/data_dictionary.py table_list method in Archery - GHSL-2022-105

Archery is an open source SQL audit platform. The Archery project contains multiple SQL injection vulnerabilities, that may allow an attacker to query the connected databases. User input coming from the dbname in the sql/datadictionary.py tablelist endpoint is passed to the methods that follow in...

CVE-2023-30557 SQL injection in data_dictionary.py table_info method in Archery - GHSL-2022-106

Archery is an open source SQL audit platform. The Archery project contains multiple SQL injection vulnerabilities, that may allow an attacker to query the connected databases. Affected versions are subject to SQL injection in the datadictionary.py tableinfo. User input coming from the dbname in a...

CVE-2023-30552 SQL injection in sql/instance.py endpoint in Archery - GHSL-2022-101

Archery is an open source SQL audit platform. The Archery project contains multiple SQL injection vulnerabilities, that may allow an attacker to query the connected databases. Affected versions are subject to SQL injection in the sql/instance.py endpoint's describe method. In several cases, user...

CVE-2023-30552 SQL injection in sql/instance.py endpoint in Archery - GHSL-2022-101

Archery is an open source SQL audit platform. The Archery project contains multiple SQL injection vulnerabilities, that may allow an attacker to query the connected databases. Affected versions are subject to SQL injection in the sql/instance.py endpoint's describe method. In several cases, user...

Archery SQL注入漏洞

Archery is an open source vulnerability assessment and management tool. Archery suffers from a SQL injection vulnerability that stems from the inclusion of multiple SQL injection vulnerabilities that could allow an attacker to query a connected database...

Archery SQL注入漏洞

Archery is an open source vulnerability assessment and management tool. Archery suffers from a SQL injection vulnerability that stems from the inclusion of multiple SQL injection vulnerabilities that could allow an attacker to query a connected database...

Archery SQL注入漏洞

Archery is an open source vulnerability assessment and management tool. Archery suffers from a SQL injection vulnerability that stems from the inclusion of multiple SQL injection vulnerabilities that could allow an attacker to query a connected database...