450 matches found
CVE-2022-48339
An issue was discovered in GNU Emacs through 28.2. htmlfontify.el has a command injection vulnerability. In the hfy-istext-command function, the parameter file and parameter srcdir come from external input, and parameters are not escaped. If a file name or directory name contains shell...
Command injection
An issue was discovered in GNU Emacs through 28.2. htmlfontify.el has a command injection vulnerability. In the hfy-istext-command function, the parameter file and parameter srcdir come from external input, and parameters are not escaped. If a file name or directory name contains shell...
SUSE CVE-2019-20149
ctorName in index.js in kind-of v6.0.2 allows external user input to overwrite certain internal attributes via a conflicting name, as demonstrated by 'constructor': 'name':'Symbol'. Hence, a crafted payload can overwrite this builtin attribute to manipulate the type detection result...
Online Food Ordering System SQL Injection Vulnerability (CNVD-2023-06521)
Online Food Ordering System is an online food ordering system. Online Food Ordering System suffers from a SQL injection vulnerability, which originates from the lack of validation of an externally entered SQL statement in the Username parameter of the component's login page, action = login, which...
Lead Management System SQL Injection Vulnerability (CNVD-2023-05741)
Lead management system is a lead management system developed by Mayuri K. A SQL injection vulnerability exists in Lead Management System v1.0, which stems from the lack of validation of external input SQL statements in the id parameter of removeBrand.php, and can be exploited by attackers to The...
Lead Management System SQL Injection Vulnerability (CNVD-2023-05745)
Lead management system is a lead management system developed by Mayuri K. The Lead Management System v1.0 version is vulnerable to SQL injection, which stems from the lack of validation of external input SQL statements in the id parameter of removeProduct.php, which could be used by attackers to...
IBM Sterling Partner Engagement Manager SQL注入漏洞
IBM Sterling Partner Engagement Manager is an automated management tool from International Business Machines IBM. IBM Sterling Partner Engagement Manager suffers from a SQL injection vulnerability that stems from the application's lack of validation of externally entered SQL statements, which can...
Lead Management System SQL Injection Vulnerability
Lead management system is a lead management system developed by Mayuri K. The Lead Management System version 1.0 is vulnerable to SQL injection, which stems from the lack of validation of external input SQL statements in the login.php parameter username, and can be exploited by attackers to The...
CVE-2022-43468
External initialization of trusted variables or data stores vulnerability exists in WordPress Popular Posts 6.0.5 and earlier, therefore the vulnerable product accepts untrusted external inputs to update certain internal variables. As a result, the number of views for an article may be manipulate...
CVE-2022-2969
Delta Industrial Automation DIALink versions prior to v1.5.0.0 Beta 4 uses an external input to construct a pathname intended to identify a file or directory located underneath a restricted parent directory. However, the software does not properly neutralize special elements within the pathname,...
CVE-2022-2969
Delta Industrial Automation DIALink versions prior to v1.5.0.0 Beta 4 uses an external input to construct a pathname intended to identify a file or directory located underneath a restricted parent directory. However, the software does not properly neutralize special elements within the pathname,...
Billing System Project printOrder.php SQL Injection Vulnerability
Billing System Project is a billing system project by Mayuri K. Individual developer. Billing System Project v1.0 suffers from a SQL injection vulnerability that stems from a lack of validation of the orderId parameter in printOrder.php against an externally entered SQL statement. An attacker cou...
Billing System Project fetchOrderData.php SQL Injection Vulnerability
Billing System Project is a billing system project by Mayuri K. Individual developer. Billing System Project v1.0 suffers from a SQL injection vulnerability that stems from a lack of validation of the orderId parameter in fetchOrderData.php against an externally entered SQL statement. An attacker...
Automotive Shop Management System SQL Injection Vulnerability (CNVD-2022-87035)
Automotive Shop Management System is an automotive shop management system by the individual developer Carlo Montero. Automotive Shop Management System v1.0 suffers from a SQL injection vulnerability that stems from a lack of validation of the /asms/admin/services/manageservice.php?id= component...
Automotive Shop Management System SQL Injection Vulnerability (CNVD-2022-87034)
Automotive Shop Management System is an automotive shop management system by the individual developer Carlo Montero. Automotive Shop Management System v1.0 suffers from a SQL injection vulnerability that stems from a lack of validation of the /asms/admin/mechanics/viewmechanic.php?id= component...
Automotive Shop Management System SQL Injection Vulnerability (CNVD-2022-87032)
Automotive Shop Management System is an automotive shop management system by the individual developer Carlo Montero. Automotive Shop Management System v1.0 suffers from a SQL injection vulnerability that stems from a lack of validation of externally-entered SQL statements in its...
Automotive Shop Management System SQL Injection Vulnerability (CNVD-2022-87262)
Automotive Shop Management System is an automotive shop management system by the individual developer Carlo Montero. Automotive Shop Management System v1.0 suffers from a SQL injection vulnerability that originates from /asms/admin/?page=user/manageuser&id=Lack of validation of externally entered...
Hospital Management Center SQL Injection Vulnerability
Hospital Management Center is a web system that helps manage healthcare-related information and helps healthcare providers do their jobs efficiently. hospital Management Center is vulnerable to a SQL injection vulnerability that originates in an unknown function in the file patient-info.php Lack ...
Eolinker goku_lite SQL Injection Vulnerability
Eolinker, an API management solution from Eolinker China, is vulnerable to SQL injection, which stems from a lack of validation of external input SQL statements in the file /balance/service/list. An attacker could exploit the vulnerability by gaining access to database information...
Eolinker SQL注入漏洞
Eolinker is an API management solution from Eolinker, a China-based company. Eolinker is vulnerable to SQL injection, which stems from the lack of validation of external input SQL statements in file/plugin/getList, and can be exploited by attackers to obtain database information...