CVE-2024-8523 lmxcms SQL Command Execution Module admin.php formatData code injection

A vulnerability was found in lmxcms up to 1.4 and classified as critical. Affected by this issue is the function formatData of the file /admin.php?m=Acquisi&a=testcj&lid=1 of the component SQL Command Execution Module. The manipulation of the argument data leads to code injection. The attack may ...

CVE-2024-6456

AVEVA Historian Server has a vulnerability, if exploited, could allow a malicious SQL command to execute under the privileges of an interactive Historian REST Interface user who had been socially engineered by a miscreant into opening a specially crafted URL...

PT-2024-27801 · Unknown · Itsourcecode Billing System

Name of the Vulnerable Software and Affected Versions: Itsourcecode Billing System version 1.0 Description: The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the username parameter in the "process.php" file. Recommendations: For Itsourcecode Billing System...

PT-2024-27800 · Unknown · Itsourcode Online Discussion Forum Project In Php With Source Code

Name of the Vulnerable Software and Affected Versions: Itsourcecode Online Discussion Forum Project in PHP with Source Code version 1.0 Description: The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the email parameter in the "login.php" file...

PT-2024-27776 · Unknown · Itsourcode Learning Management System

Name of the Vulnerable Software and Affected Versions: Itsourcecode Learning Management System Project In PHP With Source Code version 1.0 Description: The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the LessonID parameter in the processscore.php file...

ROS-20240322-02

Vulnerability of REFRESH MATERIALIZED VIEW CONCURRENTLY function of PostgreSQL database management system is related to privilege management errors in processing and checking command line parameters. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary SQ...

PT-2024-20275 · Unknown · Crmeb Java

Name of the Vulnerable Software and Affected Versions: crmeb java versions prior to 1.3.4 Description: The issue allows attackers to execute arbitrary SQL commands by sending a crafted GET request to the "api/front/spread/people" endpoint. This enables attackers to manipulate the database,...

PT-2024-20244 · Likeshop · Likeshop

Name of the Vulnerable Software and Affected Versions: Likeshop versions prior to 2.5.7 Description: The issue allows attackers to run arbitrary SQL commands via the function DistributionMemberLogic::getFansLists. This enables attackers to potentially extract or modify sensitive data...

PT-2023-29804 · Unknown · Code-Projects Blood Bank

Name of the Vulnerable Software and Affected Versions: Code-Projects Blood Bank version 1.0 Description: The issue allows attackers to execute arbitrary SQL commands. This is achieved by exploiting the bid parameter in the delete.php file. Recommendations: For Code-Projects Blood Bank version 1.0...

PT-2023-24932 · Unknown · Prestashop +1

Name of the Vulnerable Software and Affected Versions: Prestashop opartplannedpopup versions 1.4.11 and earlier Description: The issue allows remote attackers to run arbitrary SQL commands via the OpartPlannedPopupModuleFrontController::prepareHook method. This enables attackers to potentially...

PT-2023-23449 · Endonesia · Endonesia

Name of the Vulnerable Software and Affected Versions: eNdonesia version 8.7 Description: The issue allows an attacker to execute arbitrary SQL commands via the rid= parameter in the "diskusi.php" file. This enables the attacker to manipulate the database, potentially leading to unauthorized data...

Security Bulletin: Multiple Vulnerabilities affect InfoSphere Data Replication Dashboard (CVE-2013-2999, CVE-2013-3001, CVE-2013-3000)

Abstract The InfoSphere Data Replication Dashboard has been affected by multiple vulnerabilities. See description of CVE-2013-2999, CVE-2013-3001, and CVE-2013-3000 below. Content VULNERABILITY DETAILS: CVE ID: CVE-2013-2999 DESCRIPTION: The Infosphere Data Replication Dashboard for mobile device...

ROS-20220524-04

The vulnerability in the Moodle course management system is due to a problem in the logic used to count of failed login attempts. Exploitation of the vulnerability could allow an attacker acting remotely to bypass the account lockout threshold. remotely to bypass the account lockout threshold A...

Hgiga MailSherlock SQL注入漏洞

HGiga MailSherlock is an email archiving and auditing system that provides a complete email security solution. HGiga MailSherlock suffers from a SQL injection vulnerability. An attacker can use this vulnerability to inject and execute SQL commands in the URL parameters of a specific cgi page...

CVE-2020-12606

An issue was discovered in DB Soft SGLAC before 20.05.001. The ProcedimientoGenerico method in the SVCManejador.svc webservice of the SGLAC web frontend allows an attacker to run arbitrary SQL commands on the SQL Server. Command execution can be easily achieved by using the xpcmdshell stored...

CVE-2020-12606

An issue was discovered in DB Soft SGLAC before 20.05.001. The ProcedimientoGenerico method in the SVCManejador.svc webservice of the SGLAC web frontend allows an attacker to run arbitrary SQL commands on the SQL Server. Command execution can be easily achieved by using the xpcmdshell stored...

CVE-2019-15984

Multiple vulnerabilities in the REST and SOAP API endpoints of Cisco Data Center Network Manager DCNM could allow an authenticated, remote attacker to execute arbitrary SQL commands on an affected device. To exploit these vulnerabilities, an attacker would need administrative privileges on the DC...

MISP 2.4.97 - SQL Command Execution via Command Injection in STIX Module

MISP 2.4.97 - SQL Command Execution via Command Injection in STIX Module --coding:utf-8-- Exploit Title: SQL command execution via command injection in STIX module Date: 2019-17-02 Exploit Author: Tm9jdGlz Vendor Homepage: https://www.misp-project.org/ Software link:...

CIMTechniques CIMScan SQL Code Execution Vulnerability

CIMTechniques CIMScan is a critical infrastructure monitoring system from CIMTechniques, Inc. The system can be used to detect temperature, humidity and other variables in infrastructure environments.SOAP WSDL parser is one of the SOAP WSDL Web Services Description Language parsers. CIMTechniques...

Sql injection

joyplus-cms 1.6.0 allows Remote Code Execution because of an Arbitrary SQL command execution issue in manager/index.php involving use of a "/!select/" substring in place of a select substring...