6 matches found
CVE-2026-1432
SQL injection vulnerability in the Buroweb platform version 2505.0.12, specifically in the 'tablon' component. This vulnerability is present in several parameters that do not correctly sanitize user input in the endpoint '/sta/CarpetaPublic/doEvent?APPCODE=STACODE=TABLON'. Exploiting this...
CVE-2026-1432 SQL injection (SQLi) on the Buroweb platform
SQL injection vulnerability in the Buroweb platform version 2505.0.12, specifically in the 'tablon' component. This vulnerability is present in several parameters that do not correctly sanitize user input in the endpoint '/sta/CarpetaPublic/doEvent?APPCODE=STA&PAGECODE=TABLON'. Exploiting this...
EUVD-2026-5293
SQL injection vulnerability in the Buroweb platform version 2505.0.12, specifically in the 'tablon' component. This vulnerability is present in several parameters that do not correctly sanitize user input in the endpoint '/sta/CarpetaPublic/doEvent?APPCODE=STA&PAGECODE=TABLON'. Exploiting this...
CVE-2026-1432 SQL injection (SQLi) on the Buroweb platform
SQL injection vulnerability in the Buroweb platform version 2505.0.12, specifically in the 'tablon' component. This vulnerability is present in several parameters that do not correctly sanitize user input in the endpoint '/sta/CarpetaPublic/doEvent?APPCODE=STA&PAGECODE=TABLON'. Exploiting this...
PT-2026-6044
Name of the Vulnerable Software and Affected Versions Buroweb version 2505.0.12 Description A SQL injection issue exists in the Buroweb platform, specifically within the 'tablon' component. The problem stems from inadequate sanitization of user-supplied input in multiple parameters. This flaw is...
PT-2024-12821 · Dzzoffice · Dzzoffice
Name of the Vulnerable Software and Affected Versions: Dzzoffice version 2.01 Description: The issue allows remote attackers to obtain sensitive information via the doobj and doevent parameters in the Network Disk backend module. This is a SQL Injection vulnerability. Recommendations: For Dzzoffi...