20 matches found
CVE-2026-13532
A weakness has been identified in itsourcecode Hospital Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /departmentDoctor.php. This manipulation of the argument deptid causes sql injection. It is possible to initiate the attack remotely. The exploit h...
PT-2026-36640
Name of the Vulnerable Software and Affected Versions Jinher OA version 1.0 Description A remote SQL injection flaw exists in the file '/C6/JHSoft.Web.PlanSummarize/UserSel.aspx'. The issue is triggered by the manipulation of the DeptIDList argument within an unknown function of that file. SQL...
EUVD-2026-18338
A weakness has been identified in itsourcecode Online Enrollment System 1.0. Impacted is an unknown function of the file /enrollment/index.php?view=edit&id=3 of the component Parameter Handler. This manipulation of the argument deptid causes sql injection. The attack is possible to be carried out...
CVE-2026-4842 itsourcecode Online Enrollment System Parameter index.php sql injection
A security vulnerability has been detected in itsourcecode Online Enrollment System 1.0. This vulnerability affects unknown code of the file /sms/grades/index.php?view=edit&id=1 of the component Parameter Handler. The manipulation of the argument deptid leads to sql injection. The attack is...
CVE-2025-15119 JeecgBoot list queryPageList improper authorization
A vulnerability was detected in JeecgBoot up to 3.9.0. This issue affects the function queryPageList of the file /sys/sysDepartRole/list. The manipulation of the argument deptId results in improper authorization. The attack can be executed remotely. A high complexity level is associated with this...
CVE-2025-15119
Summary: CVE-2025-15119 affects JeecgBoot up to 3.9.0. The vulnerability lies in the function queryPageList of the file /sys/sysDepartRole/list, where manipulating the department identifier (deptId) enables improper authorization. This can be exploited remotely with high exploit complexity; explo...
CVE-2025-10692
The endpoint POST /api/staff/get-new-tickets concatenates the user-controlled parameter departmentId directly into the SQL WHERE clause without parameter binding. As a result, an authenticated staff user level ≥ 1 can inject SQL to alter the filter logic, effectively bypassing department scoping...
CVE-2025-10692
The endpoint POST /api/staff/get-new-tickets concatenates the user-controlled parameter departmentId directly into the SQL WHERE clause without parameter binding. As a result, an authenticated staff user level ≥ 1 can inject SQL to alter the filter logic, effectively bypassing department scoping...
EUVD-2025-32372
The endpoint POST /api/staff/get-new-tickets concatenates the user-controlled parameter departmentId directly into the SQL WHERE clause without parameter binding. As a result, an authenticated staff user level ≥ 1 can inject SQL to alter the filter logic, effectively bypassing department scoping...
CVE-2025-10692 OpenSupports 4.11.0 — SQL Injection
The endpoint POST /api/staff/get-new-tickets concatenates the user-controlled parameter departmentId directly into the SQL WHERE clause without parameter binding. As a result, an authenticated staff user level ≥ 1 can inject SQL to alter the filter logic, effectively bypassing department scoping...
CVE-2025-10692
CVE-2025-10692 describes an SQL injection in OpenSupports 4.11.0 via POST /api/staff/get-new-tickets, where the user-supplied departmentId is concatenated into the SQL WHERE clause without parameter binding. An authenticated staff user (level ≥ 1) can alter filtering to access tickets outside the...
PT-2025-40597
Name of the Vulnerable Software and Affected Versions OpenSupports versions 4.11.0 Description The application’s API endpoint, /api/staff/get-new-tickets, directly incorporates the user-supplied parameter departmentId into a SQL query without proper sanitization. This allows an authenticated staf...
JeecgBoot 授权问题漏洞
JeecgBoot is a Java low-code platform for enterprise web applications from China National Torch Jeecg. An authorization issue vulnerability exists in JeecgBoot 3.8.2 and earlier versions, which stems from incorrect manipulation of the parameter departId in file/api/getDepartUserList, which could...
Customer Support System 1.0 SQL Injection
Exploit Title: Customer Support System 1.0 - Multiple SQL injection vulnerabilities Date: 15/12/2023 Exploit Author: Geraldo Alcantara Vendor Homepage: https://www.sourcecodester.com/php/14587/customer-support-system-using-phpmysqli-source-code.html Software Link:...
CVE-2023-50070
Sourcecodester Customer Support System 1.0 has multiple SQL injection vulnerabilities in /customersupport/ajax.php?action=saveticket via departmentid, customerid, and subject...
CVE-2023-50070
Sourcecodester Customer Support System 1.0 has multiple SQL injection vulnerabilities in /customersupport/ajax.php?action=saveticket via departmentid, customerid, and subject...
Exploit for SQL Injection in Oretnom23 Customer_Support_System
CVE-2023-50070 Customer Support System 1.0 - Multiple SQL in...
Exploit for CVE-2022-27414
CVE-2022-27414 - SQL-Injection College Website CMS v1.0 - CVE-...
Online Leave Management System SQL注入漏洞
Online Leave Management System is an online leave management system. SQL injection vulnerability exists in Online Leave Management System v1.0, which originates in /leavesystem/classes/Master.php?f=delete department's id parameter lacks validation for external input SQL statements. An attacker...
SQL Injection Vulnerability in DeptId Parameter of Wave Software Administrative Services System
The Administrative Service System ASS is a comprehensive administrative service system that integrates information and consultation, approval and charging, management and coordination, and complaints and supervision. A SQL injection vulnerability exists in the DeptId parameter of the administrati...