Lucene search
K

20 matches found

attackerkb
attackerkb
added 2026/06/29 3:45 a.m.8 views

CVE-2026-13532

A weakness has been identified in itsourcecode Hospital Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /departmentDoctor.php. This manipulation of the argument deptid causes sql injection. It is possible to initiate the attack remotely. The exploit h...

6.5CVSS6.5AI score0.00204EPSS
Exploits0References6Affected Software1
ptsecurity
ptsecurity
added 2026/05/02 12:0 a.m.17 views

PT-2026-36640

Name of the Vulnerable Software and Affected Versions Jinher OA version 1.0 Description A remote SQL injection flaw exists in the file '/C6/JHSoft.Web.PlanSummarize/UserSel.aspx'. The issue is triggered by the manipulation of the DeptIDList argument within an unknown function of that file. SQL...

7.5CVSS7.1AI score0.00259EPSS
Exploits0References6
euvd
euvd
added 2026/04/02 3:31 p.m.6 views

EUVD-2026-18338

A weakness has been identified in itsourcecode Online Enrollment System 1.0. Impacted is an unknown function of the file /enrollment/index.php?view=edit&id=3 of the component Parameter Handler. This manipulation of the argument deptid causes sql injection. The attack is possible to be carried out...

7.5CVSS5.7AI score0.00371EPSS
Exploits1References6
vulnrichment
vulnrichment
added 2026/03/26 4:50 a.m.2 views

CVE-2026-4842 itsourcecode Online Enrollment System Parameter index.php sql injection

A security vulnerability has been detected in itsourcecode Online Enrollment System 1.0. This vulnerability affects unknown code of the file /sms/grades/index.php?view=edit&id=1 of the component Parameter Handler. The manipulation of the argument deptid leads to sql injection. The attack is...

7.5CVSS6.9AI score0.00318EPSS
Exploits0References5
osv
osv
added 2025/12/28 3:32 a.m.5 views

CVE-2025-15119 JeecgBoot list queryPageList improper authorization

A vulnerability was detected in JeecgBoot up to 3.9.0. This issue affects the function queryPageList of the file /sys/sysDepartRole/list. The manipulation of the argument deptId results in improper authorization. The attack can be executed remotely. A high complexity level is associated with this...

2.3CVSS5.3AI score0.00237EPSS
Exploits1References6
cve
cve
added 2025/12/28 3:32 a.m.18 views

CVE-2025-15119

Summary: CVE-2025-15119 affects JeecgBoot up to 3.9.0. The vulnerability lies in the function queryPageList of the file /sys/sysDepartRole/list, where manipulating the department identifier (deptId) enables improper authorization. This can be exploited remotely with high exploit complexity; explo...

3.1CVSS6.3AI score0.00237EPSS
Exploits1References4Affected Software1
redhatcve
redhatcve
added 2025/10/06 3:17 p.m.12 views

CVE-2025-10692

The endpoint POST /api/staff/get-new-tickets concatenates the user-controlled parameter departmentId directly into the SQL WHERE clause without parameter binding. As a result, an authenticated staff user level ≥ 1 can inject SQL to alter the filter logic, effectively bypassing department scoping...

7.1CVSS7.4AI score0.0034EPSS
Exploits0References1
nvd
nvd
added 2025/10/03 9:15 p.m.4 views

CVE-2025-10692

The endpoint POST /api/staff/get-new-tickets concatenates the user-controlled parameter departmentId directly into the SQL WHERE clause without parameter binding. As a result, an authenticated staff user level ≥ 1 can inject SQL to alter the filter logic, effectively bypassing department scoping...

7.1CVSS0.0034EPSS
Exploits0References2
euvd
euvd
added 2025/10/03 8:30 p.m.4 views

EUVD-2025-32372

The endpoint POST /api/staff/get-new-tickets concatenates the user-controlled parameter departmentId directly into the SQL WHERE clause without parameter binding. As a result, an authenticated staff user level ≥ 1 can inject SQL to alter the filter logic, effectively bypassing department scoping...

7.1CVSS6.8AI score0.0034EPSS
Exploits0References3
vulnrichment
vulnrichment
added 2025/10/03 8:30 p.m.3 views

CVE-2025-10692 OpenSupports 4.11.0 — SQL Injection

The endpoint POST /api/staff/get-new-tickets concatenates the user-controlled parameter departmentId directly into the SQL WHERE clause without parameter binding. As a result, an authenticated staff user level ≥ 1 can inject SQL to alter the filter logic, effectively bypassing department scoping...

7.1CVSS7AI score0.0034EPSS
Exploits0References2
cve
cve
added 2025/10/03 8:30 p.m.18 views

CVE-2025-10692

CVE-2025-10692 describes an SQL injection in OpenSupports 4.11.0 via POST /api/staff/get-new-tickets, where the user-supplied departmentId is concatenated into the SQL WHERE clause without parameter binding. An authenticated staff user (level ≥ 1) can alter filtering to access tickets outside the...

7.1CVSS7AI score0.0034EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2025/10/03 12:0 a.m.5 views

PT-2025-40597

Name of the Vulnerable Software and Affected Versions OpenSupports versions 4.11.0 Description The application’s API endpoint, /api/staff/get-new-tickets, directly incorporates the user-supplied parameter departmentId into a SQL query without proper sanitization. This allows an authenticated staf...

7.1CVSS7.4AI score0.0034EPSS
Exploits0References7
cnnvd
cnnvd
added 2025/09/25 12:0 a.m.4 views

JeecgBoot 授权问题漏洞

JeecgBoot is a Java low-code platform for enterprise web applications from China National Torch Jeecg. An authorization issue vulnerability exists in JeecgBoot 3.8.2 and earlier versions, which stems from incorrect manipulation of the parameter departId in file/api/getDepartUserList, which could...

5.3CVSS4.1AI score0.00345EPSS
Exploits1References4
packetstorm
packetstorm
added 2024/03/06 12:0 a.m.460 views

Customer Support System 1.0 SQL Injection

Exploit Title: Customer Support System 1.0 - Multiple SQL injection vulnerabilities Date: 15/12/2023 Exploit Author: Geraldo Alcantara Vendor Homepage: https://www.sourcecodester.com/php/14587/customer-support-system-using-phpmysqli-source-code.html Software Link:...

8.8CVSS7.4AI score0.13754EPSS
Exploits6
osv
osv
added 2023/12/29 10:15 p.m.4 views

CVE-2023-50070

Sourcecodester Customer Support System 1.0 has multiple SQL injection vulnerabilities in /customersupport/ajax.php?action=saveticket via departmentid, customerid, and subject...

8.8CVSS5.8AI score0.00786EPSS
Exploits2References2
attackerkb
attackerkb
added 2023/12/29 10:15 p.m.4 views

CVE-2023-50070

Sourcecodester Customer Support System 1.0 has multiple SQL injection vulnerabilities in /customersupport/ajax.php?action=saveticket via departmentid, customerid, and subject...

8.8CVSS7.4AI score0.00786EPSS
Exploits2References4
githubexploit
githubexploit
added 2023/12/15 8:37 p.m.61 views

Exploit for SQL Injection in Oretnom23 Customer_Support_System

CVE-2023-50070 Customer Support System 1.0 - Multiple SQL in...

8.8CVSS9.8AI score0.00786EPSS
Exploits2
githubexploit
githubexploit
added 2022/10/19 10:17 p.m.8 views

Exploit for CVE-2022-27414

CVE-2022-27414 - SQL-Injection College Website CMS v1.0 - CVE-...

8.2AI score
Exploits1
cnnvd
cnnvd
added 2022/10/06 12:0 a.m.5 views

Online Leave Management System SQL注入漏洞

Online Leave Management System is an online leave management system. SQL injection vulnerability exists in Online Leave Management System v1.0, which originates in /leavesystem/classes/Master.php?f=delete department's id parameter lacks validation for external input SQL statements. An attacker...

7.2CVSS8.2AI score0.00837EPSS
Exploits1References2
cnvd
cnvd
added 2015/09/15 12:0 a.m.3 views

SQL Injection Vulnerability in DeptId Parameter of Wave Software Administrative Services System

The Administrative Service System ASS is a comprehensive administrative service system that integrates information and consultation, approval and charging, management and coordination, and complaints and supervision. A SQL injection vulnerability exists in the DeptId parameter of the administrati...

7.7AI score
Exploits0References1
Rows per page
Query Builder