CVE-2024-8523 lmxcms SQL Command Execution Module admin.php formatData code injection

A vulnerability was found in lmxcms up to 1.4 and classified as critical. Affected by this issue is the function formatData of the file /admin.php?m=Acquisi&a=testcj&lid=1 of the component SQL Command Execution Module. The manipulation of the argument data leads to code injection. The attack may ...

ROS-20240827-09

A vulnerability in GLPI's computer hardware requisition, incident, and inventory system is related to external file name or path control. Exploitation of the vulnerability could allow an attacker acting remotely, to upload a malicious PHP script and hijack the plugin loader to execute that...

CVE-2024-6456

AVEVA Historian Server has a vulnerability, if exploited, could allow a malicious SQL command to execute under the privileges of an interactive Historian REST Interface user who had been socially engineered by a miscreant into opening a specially crafted URL...

CVE-2024-6456

CVE-2024-6456 describes a SQL Injection vulnerability in AVEVA Historian Server. Public sources in the connected documents indicate that an attacker could exploit the issue by enticing a user to open a specially crafted URL via the interactive Historian REST Interface, allowing the execution of S...

Exploit for CVE-2024-44349

PoC-CVE-2024-44349 Vulnerability found and tested in Anteeo...

PT-2024-27801 · Unknown · Itsourcecode Billing System

Name of the Vulnerable Software and Affected Versions: Itsourcecode Billing System version 1.0 Description: The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the username parameter in the "process.php" file. Recommendations: For Itsourcecode Billing System...

PT-2024-27800 · Unknown · Itsourcode Online Discussion Forum Project In Php With Source Code

Name of the Vulnerable Software and Affected Versions: Itsourcecode Online Discussion Forum Project in PHP with Source Code version 1.0 Description: The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the email parameter in the "login.php" file...

GHSA-HCR7-CQWC-Q5GQ Apache Superset server arbitrary file read

Improper Input Validation vulnerability in Apache Superset, allows for an authenticated attacker to create a MariaDB connection with localinfile enabled. If both the MariaDB server off by default and the local mysql client on the web server are set to allow for local infile, it's possible for the...

Apache Superset server arbitrary file read

Improper Input Validation vulnerability in Apache Superset, allows for an authenticated attacker to create a MariaDB connection with localinfile enabled. If both the MariaDB server off by default and the local mysql client on the web server are set to allow for local infile, it's possible for the...

CVE-2024-34693

Improper Input Validation vulnerability in Apache Superset, allows for an authenticated attacker to create a MariaDB connection with localinfile enabled. If both the MariaDB server off by default and the local mysql client on the web server are set to allow for local infile, it's possible for the...

CVE-2024-34693 Apache Superset: Server arbitrary file read

Improper Input Validation vulnerability in Apache Superset, allows for an authenticated attacker to create a MariaDB connection with localinfile enabled. If both the MariaDB server off by default and the local mysql client on the web server are set to allow for local infile, it's possible for the...

CVE-2024-34693

CVE-2024-34693 is an Apache Superset vulnerability described across multiple sources as an Improper Input Validation issue. An authenticated attacker can create a MariaDB connection with local_infile enabled, and if both the MariaDB server and the local MySQL client on the web server permit local...

PT-2024-27776 · Unknown · Itsourcode Learning Management System

Name of the Vulnerable Software and Affected Versions: Itsourcecode Learning Management System Project In PHP With Source Code version 1.0 Description: The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the LessonID parameter in the processscore.php file...

CVE-2024-35678

CVE-2024-35678 is an authenticated SQL injection in the WordPress plugin Contact Form to DB by BestWebSoft — Messages Database Plugin for WordPress, affecting

CVE-2024-35750

CVE-2024-35750 describes an SQL Injection in the wpdevart Responsive Image Gallery, Gallery Album plugin (vulnerable

CVE-2024-5225

An SQL Injection vulnerability exists in the berriai/litellm repository, specifically within the /global/spend/logs endpoint. The vulnerability arises due to improper neutralization of special elements used in an SQL command. The affected code constructs an SQL query by concatenating an unvalidat...

CVE-2024-5225 SQL Injection in berriai/litellm

An SQL Injection vulnerability exists in the berriai/litellm repository, specifically within the /global/spend/logs endpoint. The vulnerability arises due to improper neutralization of special elements used in an SQL command. The affected code constructs an SQL query by concatenating an unvalidat...

CVE-2024-5225 SQL Injection in berriai/litellm

An SQL Injection vulnerability exists in the berriai/litellm repository, specifically within the /global/spend/logs endpoint. The vulnerability arises due to improper neutralization of special elements used in an SQL command. The affected code constructs an SQL query by concatenating an unvalidat...

CVE-2024-34927

A SQL injection vulnerability in /model/updateclassroom.php in Campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the name parameter...

PT-2024-26265 · Likeshop · Likeshop

Name of the Vulnerable Software and Affected Versions: Likeshop versions prior to 2.5.7 Description: The issue allows attackers to run arbitrary SQL commands via the OrderLogic::getOrderList function, which can be exploited at the "/admin/order/lists.html" endpoint. Recommendations: For versions...