652 matches found
CVE-2024-12941
A vulnerability was found in CodeAstro Blood Donor Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /pages/deletedannounce.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has...
CVE-2024-54926
A SQL Injection vulnerability was found in /searchclass.php of kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the schoolyear parameter...
PT-2024-36442 · Unknown · Kashipara E-Learning Management System
Name of the Vulnerable Software and Affected Versions: kashipara E-learning Management System version 1.0 Description: A SQL injection issue was found in the /admin/edit content.php endpoint, allowing remote attackers to execute arbitrary SQL commands and gain unauthorized access to the database...
PT-2024-36440 · Unknown · Kashipara E-Learning Management System
Name of the Vulnerable Software and Affected Versions: kashipara E-learning Management System version 1.0 Description: A SQL Injection issue was found in the /admin/edit user.php file, allowing remote attackers to execute arbitrary SQL commands and gain unauthorized access to the database via the...
CVE-2024-54921
A SQL Injection was found in /studentsignup.php in kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the username, firstname, lastname, and classid parameters...
PT-2024-34342 · Unknown · Elefant Firebird
Name of the Vulnerable Software and Affected Versions: Elefant Firebird database versions prior to 24.03.03 Description: An unauthenticated attacker with access to the local network of a medical office can use known default credentials to gain remote DBA access to the Elefant Firebird database...
CVE-2024-48280
A SQL Injection vulnerability was found in /search-result.php of PHPGurukul User Registration & Login and User Management System 3.2, which allows remote attackers to execute arbitrary SQL command via the fromdate parameter in a POST HTTP request...
PT-2024-33068 · Unknown · Phpgurukul User Registration & Login/User Management System
Name of the Vulnerable Software and Affected Versions: PHPGurukul User Registration & Login and User Management System version 3.2 Description: A SQL Injection issue was found in the /password-recovery.php file, allowing remote attackers to execute arbitrary SQL commands and gain unauthorized...
PT-2024-39974 · Code Projects · Code-Projects Pharmacy Management System
Name of the Vulnerable Software and Affected Versions: code-projects Pharmacy Management System version 1.0 Description: A critical issue has been discovered, affecting the file /php/manage customer.php. The manipulation of the text argument leads to SQL injection. This issue can be exploited...
PT-2024-39840 · Unknown · Lylme Spage
Name of the Vulnerable Software and Affected Versions: LyLme spage version 1.9.5 Description: A critical issue affects the processing of the file /admin/apply.php. The manipulation of the id argument leads to SQL injection. The attack can be initiated remotely. Recommendations: For LyLme spage...
PT-2024-39577 · Sourcecodester · Sourcecodester Advocate Office Management System
Name of the Vulnerable Software and Affected Versions: SourceCodester Advocate Office Management System version 1.0 Description: A critical issue affects the processing of the file /control/edit client.php, where the manipulation of the id argument leads to SQL injection. The attack can be...
CVE-2024-7499
A vulnerability was found in itsourcecode Airline Reservation System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file flights.php. The manipulation of the argument departureairportid leads to sql injection. The attack can be launched...
CVE-2024-7278
A vulnerability was found in itsourcecode Alton Management System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/teamsave.php. The manipulation of the argument team leads to sql injection. It is possible to initiate the attack remotely. The exploit has be...
The vulnerability of the templateadd.php file in the Tailoring Management System allows a malicious individual to execute arbitrary SQL code, gain unauthorized access to read, modify, or delete data, or cause service interruptions.
The vulnerability of the templateadd.php file in the Tailoring Management System relates to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows an attacker who operates remotely to execute arbitrary SQL code, gain unauthorized access to read, modify, ...
CVE-2024-5134
A vulnerability was found in SourceCodester Electricity Consumption Monitoring Tool 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /endpoint/delete-bill.php. The manipulation of the argument bill leads to sql injection. The attack can be initiated...
CVE-2024-5107
A vulnerability, which was classified as critical, has been found in Campcodes Complete Web-Based School Management System 1.0. This issue affects some unknown processing of the file /view/studentpaymentdetails2.php. The manipulation of the argument index leads to sql injection. The attack may be...
CVE-2024-4609
A vulnerability exists in the Rockwell Automation FactoryTalk® View SE Datalog function that could allow a threat actor to inject a malicious SQL statement if the SQL database has no authentication in place or if legitimate credentials were stolen. If exploited, the attack could result in...
CVE-2024-4609
A vulnerability exists in the Rockwell Automation FactoryTalk® View SE Datalog function that could allow a threat actor to inject a malicious SQL statement if the SQL database has no authentication in place or if legitimate credentials were stolen. If exploited, the attack could result in...
CVE-2024-4609 Rockwell Automation Datalog Function within in FactoryTalk® View SE contains SQL Injection Vulnerability
A vulnerability exists in the Rockwell Automation FactoryTalk® View SE Datalog function that could allow a threat actor to inject a malicious SQL statement if the SQL database has no authentication in place or if legitimate credentials were stolen. If exploited, the attack could result in...
CVE-2024-4609 Rockwell Automation Datalog Function within in FactoryTalk® View SE contains SQL Injection Vulnerability
A vulnerability exists in the Rockwell Automation FactoryTalk® View SE Datalog function that could allow a threat actor to inject a malicious SQL statement if the SQL database has no authentication in place or if legitimate credentials were stolen. If exploited, the attack could result in...