PT-2023-22780 · Archery · Archery

Name of the Vulnerable Software and Affected Versions: Archery affected versions not specified Description: The Archery project contains multiple SQL injection vulnerabilities that may allow an attacker to query the connected databases. User input coming from the db name parameter value and the...

PT-2023-22784 · Archery · Archery

Name of the Vulnerable Software and Affected Versions: Archery affected versions not specified Description: The Archery project contains multiple SQL injection vulnerabilities that may allow an attacker to query connected databases. User input from the db name and tb name parameter values in the...

Archery SQL注入漏洞

Archery is an open source vulnerability assessment and management tool. Archery suffers from a SQL injection vulnerability that stems from the inclusion of multiple SQL injection vulnerabilities that could allow an attacker to query a connected database...

The vulnerability in the /ecommerce/admin/settings/setDiscount.php script of the SourceCodester E-Commerce System allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability in the ecommerce/admin/settings/setDiscount.php file of the SourceCodester E-Commerce System is related to the lack of protection for SQL query structures. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and accessibility of th...

WordPress Plugin HD FLV PLayer SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection vulnerabili...

CVE-2023-1940

A vulnerability classified as critical was found in SourceCodester Simple and Beautiful Shopping Cart System 1.0. This vulnerability affects unknown code of the file deleteuserquery.php. The manipulation of the argument userid leads to sql injection. The attack can be initiated remotely. The...

Dynamic Transaction Queuing System SQL注入漏洞

Dynamic Transaction Queuing System is a dynamic transaction queuing system using PHP/MySQL by Carlo Montero's personal developer. A security vulnerability exists in version v1.0 of the Dynamic Transaction Queuing System, which stems from an SQL injection issue in /admin/ajax.php?action=login...

WordPress plugin WCFM Marketplace SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blog sites on PHP and MySQL servers.WordPress plugin is an...

PT-2023-3266 · Glpi +2 · Glpi +2

Name of the Vulnerable Software and Affected Versions: GLPI versions 0.50 through 9.5.12 GLPI versions 10.0.0 through 10.0.6 Description: The issue is related to a SQL Injection vulnerability that allows users with access rights to statistics or reports to extract all data from the database and, ...

Ivanti Avalanche SQL注入漏洞

Ivanti Avalanche is an enterprise mobile device management system from Ivanti, USA. The system is primarily used to manage devices such as smartphones, tablets and barcode scanners. Ivanti Avalanche version 6.3.2.3490 suffers from a SQL injection vulnerability that stems from a crafted request in...

Automatic Question Paper Generator System SQL注入漏洞

Automatic Question Paper Generator System is an automatic question paper generator system by Carlo Montero Personal Developer. A SQL injection vulnerability exists in SourceCodester Automatic Question Paper Generator System version 1.0, which stems from a problem with the file...

CVE-2023-28662

The Gift Cards Gift Vouchers and Packages WordPress Plugin, version = 4.3.1, is affected by an unauthenticated SQL injection vulnerability in the template parameter in the wpgvdoajaxvoucherpdfsavefunc action...

CVE-2023-27570

The eotags package before 1.4.19 for PrestaShop allows SQL injection via a crafted ga cookie...

CVE-2023-27871

IBM Aspera Faspex 4.4.2 could allow a remote attacker to obtain sensitive credential information for an external user, using a specially crafted SQL query. IBM X-Force ID: 249613...

PT-2023-2219 · Sourcecodester · Sourcecodester E-Commerce System

Name of the Vulnerable Software and Affected Versions: SourceCodester E-Commerce System version 1.0 Description: A critical issue has been found in the processing of the file /ecommerce/admin/settings/setDiscount.php, which is related to a lack of protection of the SQL query structure. This issue...

CVE-2023-1499

A vulnerability classified as critical was found in code-projects Simple Art Gallery 1.0. Affected by this vulnerability is an unknown functionality of the file adminHome.php. The manipulation of the argument reachcity leads to sql injection. The attack can be launched remotely. The exploit has...

RockOA 代码问题漏洞

RockOA Xinhuo is an open source office OA system . RockOA 2.3.2 version of the code problem vulnerability , the vulnerability stems from the file acloudCosAction.php.SQL function runAction has problems with the operation of the parameter fileid will lead to unrestricted uploads...

Canteen Management System SQL注入漏洞

Canteen Management System is a cafeteria management system by Mayuri K. Individual developer. A SQL injection vulnerability exists in SourceCodester Canteen Management System version 1.0, which stems from the presence of an unknown function in changeUsername.php that leads to SQL injection via th...

Simple Customer Relationship Management SQL注入漏洞

Simple Customer Relationship Management Simple CRM is a simple customer relationship management system by Carlo Montero Personal Developer. A security vulnerability exists in Simple Customer Relationship Management System v1.0, which originates from a SQL injection vulnerability in the address...

PT-2023-20196 · Sap · Sap Aba

Name of the Vulnerable Software and Affected Versions: SAP ABAP versions 751, 753, 754, 756, 757, 791 Description: The issue is caused by insufficient input sanitization, allowing an authenticated high privileged user to alter the current session of the user by injecting malicious database querie...