Lucene search
+L

4 matches found

euvd
euvd
added 2026/04/02 3:31 p.m.6 views

EUVD-2026-18338

A weakness has been identified in itsourcecode Online Enrollment System 1.0. Impacted is an unknown function of the file /enrollment/index.php?view=edit&id=3 of the component Parameter Handler. This manipulation of the argument deptid causes sql injection. The attack is possible to be carried out...

7.5CVSS5.7AI score0.00371EPSS
Exploits1References6
redhatcve
redhatcve
added 2025/10/06 3:17 p.m.12 views

CVE-2025-10692

The endpoint POST /api/staff/get-new-tickets concatenates the user-controlled parameter departmentId directly into the SQL WHERE clause without parameter binding. As a result, an authenticated staff user level ≥ 1 can inject SQL to alter the filter logic, effectively bypassing department scoping...

7.1CVSS7.4AI score0.0034EPSS
Exploits0References1
cnnvd
cnnvd
added 2025/09/25 12:0 a.m.4 views

JeecgBoot 授权问题漏洞

JeecgBoot is a Java low-code platform for enterprise web applications from China National Torch Jeecg. An authorization issue vulnerability exists in JeecgBoot 3.8.2 and earlier versions, which stems from incorrect manipulation of the parameter departId in file/api/getDepartUserList, which could...

5.3CVSS4.1AI score0.00345EPSS
Exploits1References4
cnvd
cnvd
added 2015/09/15 12:0 a.m.3 views

SQL Injection Vulnerability in DeptId Parameter of Wave Software Administrative Services System

The Administrative Service System ASS is a comprehensive administrative service system that integrates information and consultation, approval and charging, management and coordination, and complaints and supervision. A SQL injection vulnerability exists in the DeptId parameter of the administrati...

7.7AI score
Exploits0References1
Rows per page
Query Builder