4 matches found
EUVD-2026-18338
A weakness has been identified in itsourcecode Online Enrollment System 1.0. Impacted is an unknown function of the file /enrollment/index.php?view=edit&id=3 of the component Parameter Handler. This manipulation of the argument deptid causes sql injection. The attack is possible to be carried out...
CVE-2025-10692
The endpoint POST /api/staff/get-new-tickets concatenates the user-controlled parameter departmentId directly into the SQL WHERE clause without parameter binding. As a result, an authenticated staff user level ≥ 1 can inject SQL to alter the filter logic, effectively bypassing department scoping...
JeecgBoot 授权问题漏洞
JeecgBoot is a Java low-code platform for enterprise web applications from China National Torch Jeecg. An authorization issue vulnerability exists in JeecgBoot 3.8.2 and earlier versions, which stems from incorrect manipulation of the parameter departId in file/api/getDepartUserList, which could...
SQL Injection Vulnerability in DeptId Parameter of Wave Software Administrative Services System
The Administrative Service System ASS is a comprehensive administrative service system that integrates information and consultation, approval and charging, management and coordination, and complaints and supervision. A SQL injection vulnerability exists in the DeptId parameter of the administrati...