CVE-2023-54333

Social-Share-Buttons 2.2.3 contains a critical SQL injection vulnerability in the projectid parameter that allows attackers to manipulate database queries. Attackers can exploit this vulnerability by sending crafted POST requests with malicious SQL payloads to retrieve and potentially steal entir...

CVE-2023-54333

The vulnerability CVE-2023-54333 affects Social-Share-Buttons 2.2.3 (WordPress plugin). The issue is a SQL injection in the project_id parameter that can be exploited via crafted POST requests to manipulate database queries and potentially exfiltrate data. Public sources describe impact as unauth...

CVE-2024-25526

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the projectid parameter at /ProjectManage/pmgattinc.aspx...

Baiyi Cloud Asset Management System 注入漏洞

Baiyi Cloud Asset Management System is a cloud asset management system from Baiyi Corporation. An injection vulnerability exists in Baiyi Cloud Asset Management System 20250204 and earlier versions, which stems from the parameter projectid in the file /wuser/admin.house.collect.php that can lead ...

CVE-2024-12195

The WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts plugin for WordPress is vulnerable to SQL Injection via the 'projectid' parameter of the /wp-json/pm/v2/projects/2/task-lists REST API endpoint in all versions up to, and including, 2.6.16 d...

CVE-2024-10423

A vulnerability, which was classified as critical, was found in Project Worlds Student Project Allocation System 1.0. Affected is an unknown function of the file /student/projectselection/projectselection.php of the component Project Selection Page. The manipulation of the argument projectid lead...

RuvarOA SQL Injection Vulnerability (CNVD-2024-33156)

RuvarOA is an office automation system of Ruvar China. A SQL injection vulnerability exists in RuvarOA v6.01 and v12.01, which is caused by the lack of validation of the projectid parameter in the /ProjectManage/pmgattinc.aspx file against externally entered SQL statements. An attacker can exploi...

CVE-2024-25526

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the projectid parameter at /ProjectManage/pmgattinc.aspx...

CVE-2024-25526

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the projectid parameter at /ProjectManage/pmgattinc.aspx...

CVE-2014-8554

SQL injection vulnerability in the mcprojectgetattachments function in api/soap/mcprojectapi.php in MantisBT before 1.2.18 allows remote attackers to execute arbitrary SQL commands via the projectid parameter. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-1609...