EUVD-2022-53494

Malicious code in bioql PyPI...

CVE-2024-25519

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the idlist parameter at /WorkFlow/wfworkprint.aspx...

CVE-2022-32301

YoudianCMS v9.5.0 was discovered to contain a SQL injection vulnerability via the IdList parameter at /App/Lib/Action/Home/ApiAction.class.php...

CVE-2024-25519

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the idlist parameter at /WorkFlow/wfworkprint.aspx...

RuvarOA 安全漏洞

RuvarOA is an office automation system of Ruvar China. A SQL injection vulnerability exists in RuvarOA v6.01 and v12.01, which is caused by a lack of validation of the idlist parameter of the /WorkFlow/wfworkprint.aspx file against externally entered SQL statements. An attacker can exploit this...

CVE-2024-25519

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the idlist parameter at /WorkFlow/wfworkprint.aspx...

CVE-2024-25519

CVE-2024-25519 affects RuvarOA v6.01 and v12.01, with a SQL injection vulnerability via the idlist parameter in /WorkFlow/wf_work_print.aspx. The root cause is lack of validation of externally entered SQL statements against the idlist parameter, enabling potentially dangerous SQL execution and da...

CVE-2024-25519

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the idlist parameter at /WorkFlow/wfworkprint.aspx...

PT-2024-20980 · Ruvaroa · Ruvaroa

Name of the Vulnerable Software and Affected Versions: RuvarOA versions 6.01 through 12.01 Description: A SQL injection issue was discovered via the idlist parameter at the "/WorkFlow/wf work print.aspx" API endpoint. This allows for potential exploitation. Recommendations: For versions 6.01...

Reflected XSS via "idlist" parameter

Description The value for the idlist parameter is reflected in the web context without proper filtering in place resulting in possibility to execute malicious javascript code. Testing Environment 1. Windows OS 2. Firefox Browser Proof of Concept 1. Visit...

YouDianCMS SQL Injection Vulnerability (CNVD-2022-59019)

YouDianCMS is a website CMS. A SQL injection vulnerability exists in YouDianCMS v9.5.0, which originates from the lack of validation of the IdList parameter at /App/Lib/Action/Home/ApiAction.class.php against external SQL input. This vulnerability can be exploited to execute illegal SQL commands ...

CVE-2022-32301

YoudianCMS v9.5.0 was discovered to contain a SQL injection vulnerability via the IdList parameter at /App/Lib/Action/Home/ApiAction.class.php...

CVE-2022-32301

YoudianCMS v9.5.0 was discovered to contain a SQL injection vulnerability via the IdList parameter at /App/Lib/Action/Home/ApiAction.class.php...

CVE-2022-32301

YoudianCMS v9.5.0 was discovered to contain a SQL injection vulnerability via the IdList parameter at /App/Lib/Action/Home/ApiAction.class.php...

Sql injection

YoudianCMS v9.5.0 was discovered to contain a SQL injection vulnerability via the IdList parameter at /App/Lib/Action/Home/ApiAction.class.php...

CVE-2022-32301

CVE-2022-32301 affects YoudianCMS v9.5.0. A SQL injection exists via the IdList parameter at /App/Lib/Action/Home/ApiAction.class.php due to insufficient input validation. The vulnerability is described across multiple sources (CNVD/CNNVD, NVD, Red Hat/CVE pages) as allowing potentially illegal S...

CVE-2022-32301

YoudianCMS v9.5.0 was discovered to contain a SQL injection vulnerability via the IdList parameter at /App/Lib/Action/Home/ApiAction.class.php...

PT-2022-21218 · Unknown · Youdiancms

Name of the Vulnerable Software and Affected Versions: YoudianCMS version 9.5.0 Description: A SQL injection issue was discovered via the IdList parameter at the "/App/Lib/Action/Home/ApiAction.class.php" endpoint. This allows for potential exploitation. No information is provided about the...