69 matches found
EUVD-2026-29946
qihang-wms commit 75c15a was discovered to contain a SQL injection vulnerability via the datascope parameter in the SysDeptMapper.xml file. This vulnerability allows attackers to access sensitive database information, including users' Personally Identifiable Information PII...
EUVD-2026-29948
qihang-wms commit 75c15a was discovered to contain a SQL injection vulnerability via the datascope parameter in the SysUserMapper.xml file. This vulnerability allows attackers to access sensitive database information, including users' Personally Identifiable Information PII via a crafted SQL...
CVE-2026-37429
qihang-wms commit 75c15a was discovered to contain a SQL injection vulnerability via the datascope parameter in the SysUserMapper.xml file. This vulnerability allows attackers to access sensitive database information, including users' Personally Identifiable Information PII via a crafted SQL...
CVE-2026-37428
qihang-wms commit 75c15a was discovered to contain a SQL injection vulnerability via the datascope parameter in the SysDeptMapper.xml file. This vulnerability allows attackers to access sensitive database information, including users' Personally Identifiable Information PII...
CVE-2026-37429
qihang-wms commit 75c15a was discovered to contain a SQL injection vulnerability via the datascope parameter in the SysUserMapper.xml file. This vulnerability allows attackers to access sensitive database information, including users' Personally Identifiable Information PII via a crafted SQL...
CVE-2026-37429
qihang-wms commit 75c15a was discovered to contain a SQL injection vulnerability via the datascope parameter in the SysUserMapper.xml file. This vulnerability allows attackers to access sensitive database information, including users' Personally Identifiable Information PII via a crafted SQL...
PT-2026-40605
qihang-wms commit 75c15a was discovered to contain a SQL injection vulnerability via the datascope parameter in the SysUserMapper.xml file. This vulnerability allows attackers to access sensitive database information, including users' Personally Identifiable Information PII via a crafted SQL...
CVE-2026-37429
The CVE-2026-37429 entry concerns qihang-wms: commit 75c15a contains a SQL injection vulnerability in the SysUserMapper.xml via the datascope parameter. The vulnerability could allow an attacker to retrieve sensitive data including PII through crafted SQL statements. CVSSv3.1 base score is 6.5 (M...
CVE-2026-37428
qihang-wms commit 75c15a was discovered to contain a SQL injection vulnerability via the datascope parameter in the SysDeptMapper.xml file. This vulnerability allows attackers to access sensitive database information, including users' Personally Identifiable Information PII...
CVE-2026-37428
qihang-wms commit 75c15a was discovered to contain a SQL injection vulnerability via the datascope parameter in the SysDeptMapper.xml file. This vulnerability allows attackers to access sensitive database information, including users' Personally Identifiable Information PII...
CVE-2026-37428
The CVE-2026-37428 entry concerns qihang-wms with a SQL injection via the datascope parameter in SysDeptMapper.xml. The root cause is a vulnerable query construction in that mapper; impact per sources is potential exposure of sensitive data, including users’ PII. The connected documents confirm t...
qihang-wms SQL注入漏洞
Qihang-WMS is an intelligent warehousing management system developed by Qiliping’s individual developers. The Qihang-WMS version 75c15a has a SQL injection vulnerability. This vulnerability stems from the SQL injection vulnerability present in the datascope parameter in the SysUserMapper.xml file...
CVE-2026-37428
qihang-wms commit 75c15a was discovered to contain a SQL injection vulnerability via the datascope parameter in the SysDeptMapper.xml file. This vulnerability allows attackers to access sensitive database information, including users' Personally Identifiable Information PII...
CVE-2026-37429
qihang-wms commit 75c15a was discovered to contain a SQL injection vulnerability via the datascope parameter in the SysUserMapper.xml file. This vulnerability allows attackers to access sensitive database information, including users' Personally Identifiable Information PII via a crafted SQL...
PT-2026-40604
qihang-wms commit 75c15a was discovered to contain a SQL injection vulnerability via the datascope parameter in the SysDeptMapper.xml file. This vulnerability allows attackers to access sensitive database information, including users' Personally Identifiable Information PII...
qihang-wms SQL注入漏洞
Qihang-WMS is an intelligent warehousing management system developed by Qiliping’s individual developers. Qihang-WMS has a SQL injection vulnerability. This vulnerability stems from the SQL injection vulnerability present in the datascope parameter in the SysDeptMapper.xml file. It may allow...
EUVD-2023-28279
Malicious code in bioql PyPI...
EUVD-2023-28280
Malicious code in bioql PyPI...
EUVD-2023-28278
Malicious code in bioql PyPI...
CVE-2025-8162
A vulnerability, which was classified as critical, has been found in deerwms deer-wms-2 up to 3.3. Affected by this issue is some unknown functionality of the file /system/dept/list. The manipulation of the argument paramsdataScope leads to sql injection. The attack may be launched remotely. The...