CVE-2022-28533

Sourcecodester Medical Hub Directory Site 1.0 is vulnerable to SQL Injection via /mhds/clinic/viewdetails.php...

Delta Electronics DIAEnergie SQL注入漏洞

Delta Electronics DIAEnergie is an industrial energy management system for monitoring and analyzing energy consumption in real time, calculating energy consumption and load characteristics, optimizing equipment performance, improving production processes and maximizing energy efficiency. A SQL...

CVE-2022-28429

Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via /admin/inbox.php&action=delete&msgid=...

FormaLms SQL注入漏洞

formalms a learning management system. Used to build around the specific needs of corporate training. formalms versions prior to v.1.4.3 contain a SQL injection vulnerability that stems from the application's lack of validation of externally entered SQL statements. An attacker could exploit this...

CVE-2022-25650

A vulnerability has been identified in Mendix Applications using Mendix 7 All versions V7.23.27, Mendix Applications using Mendix 8 All versions V8.18.14, Mendix Applications using Mendix 9 All versions V9.12.0, Mendix Applications using Mendix 9 V9.6 All versions V9.6.3. When querying the...

CVE-2022-27127

zbzcms v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /php/ajax.php...

isic.lk-RCE

Usage python exp.py http://localhost/isic !image-20...

Pagekit SQL注入漏洞

Pagekit is a modular, lightweight CMS content management system. pagekit has a SQL injection vulnerability, which can be exploited by attackers to execute illegal SQL commands to steal sensitive data from the database...

Microfinance Management System 1.0 SQL Injection Vulnerability

Microfinance Management System version suffers from multiple remote SQL injection vulnerabilities including one that allows for authentication bypass. Original discovery of SQL injection in this version is attributed to Hejap Zairy in March of 2022. Exploit Title: Microfinance Management System 1...

One Church Management System 1.0 SQL Injection Vulnerability

Exploit Title: One Church Management System 1.0 - attendancy.php search2 SQL Injection Exploit Author: Mr Empy Software Link: https://www.sourcecodester.com/php/15225/church-management-software-free-download-full-version.html Version: 1.0 Tested on: Linux Title: ================ One Church...

TuziCMS SQL注入漏洞

TuziCMS Rabbit CMS is a PHP and MySQL-based enterprise content management system CMS. SQL injection vulnerability exists in TuziCMS version 2.0.6, which stems from the fact that AppManageControllerBannerController.class.php lacks validation for external input SQL statements. An attacker could use...

Microfinance Management System 1.0 SQL Injection

Exploit Title: Microfinance Management System 1.0 - Authentication Bypass SQL Injection Date: 23/03/2022 Exploit Author: Mr Empy Software Link: https://www.sourcecodester.com/php/14822/microfinance-management-system.html Version: 1.0 Tested on: Linux Title: ================ Microfinance Managemen...

CVE-2022-25223

Money Transfer Management System Version 1.0 allows an authenticated user to inject SQL queries in 'mtms/admin/?page=transaction/viewdetails' via the 'id' parameter...

Delta Electronics DIAEnergie SQL注入漏洞

Delta Electronics DIAEnergie is an industrial energy management system used to monitor and analyze energy consumption in real time, calculate energy consumption and load characteristics, optimize equipment performance, improve production processes, and maximize energy efficiency.Delta Electronics...

In Cyrus SASL 2.1.17 through 2.1.27 before 2.1.28 plugins/sql.c does not escape the password for a SQL INSERT or UPDATE statement.

...

WordPress和WordPress plugin SQL注入漏洞

WordPress is a blogging platform developed by the Wordpress Foundation using the PHP language. A SQL injection vulnerability exists in versions of the WordPress Futurio Extra plugin prior to 1.6.3, which stems from a lack of filtering and escaping of SQL data submitted by users. A highly privileg...

Design/Logic Flaw

SAP NetWeaver AS ABAP Workplace Server - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 787, allows an attacker to execute crafted database queries, that could expose the backend database. Successful attacks could result in disclosure of a table of contents from the system,...

CVE-2022-22540

CVE-2022-22540 affects SAP NetWeaver AS ABAP (Workplace Server) across multiple versions (700, 701, 702, 731, 740, 750–756, 787). The connected sources describe a SQL injection vulnerability that enables an attacker to execute crafted database queries and potentially disclose a table of contents ...

WordPress plugin SQL注入漏洞

WordPress is a set of blogging platform developed by the WordPress Foundation using the PHP language. WordPress Wicked Folders plugin in version 2.8.10 has a SQL injection vulnerability, which stems from the failure to filter and escape the oderid parameter, and can be used by attackers to execut...

Remote Code Execution (RCE)

shenyu is vulnerable to remote code execution. The vulnerability exists due to lack of sanitization of database query language input to the system, allowing an attacker to inject maliciously crafted script via the query...