CVE-2022-45889

Planet eStream before 6.72.10.07 allows a remote attacker who is a publisher or admin to obtain access to all records stored in the database, and achieve the ability to execute arbitrary SQL commands, via Search the StatisticsResults.aspx flt parameter...

CVE-2022-45889

Planet eStream before 6.72.10.07 allows a remote attacker who is a publisher or admin to obtain access to all records stored in the database, and achieve the ability to execute arbitrary SQL commands, via Search the StatisticsResults.aspx flt parameter...

Automotive Shop Management System SQL Injection Vulnerability (CNVD-2022-87034)

Automotive Shop Management System is an automotive shop management system by the individual developer Carlo Montero. Automotive Shop Management System v1.0 suffers from a SQL injection vulnerability that stems from a lack of validation of the /asms/admin/mechanics/viewmechanic.php?id= component...

EyesOfNetwork SQL Injection Vulnerability

EyesOfNetwork EON is an open source, free IT monitoring solution from the EyesOfNetwork community. The solution provides features such as a business process configuration tool, generating pop-up windows when events occur in the active queue, and more. EyesOfNetwork EON 5.3.11 and prior versions...

Centreon SQL Injection Vulnerability (CNVD-2022-66770)

Centreon Merethis Centreon is a set of open source system monitoring tools from the French company Centreon . A SQL injection vulnerability exists in Centreon v20.10.18, which stems from the escname Escalation Name parameter of its Configuration/Notifications/Escalations component Lack of...

Online Pet Shop We App Master.php?f=delete_order SQL Injection Vulnerability

Online Pet Shop We App is an online pet store web application by Carlo Montero Personal Developer. A SQL injection vulnerability exists in Online Pet Shop We App version 1.0, which originates from a lack of validation of externally entered SQL statements in the...

Security bulletin: Multiple vulnerabilities in IBM's Netezza WebAdmin 6.0.5, 6.0.8 and 7.0 (CVE-2012-5760, CVE-2012-5761, CVE-2012-5762, CVE-2012-5763, CVE-2012-5940, CVE-2012-5941)

Abstract Multiple vulnerabilities have been identified in the IBM Netezza WebAdmin application. Content VULNERABILITY DETAILS: CVE ID: CVE-2012-5760 DESCRIPTION: Elements that could modify a SQL command are not neutralized correctly. The attack will not produce any visible outcome/output in the...

GHSA-P74Q-2PF8-J5JX exceedone/exment and exceedone/laravel-admin SQL Injection vulnerability

SQL injection vulnerability in the Exment PHP8 exceedone/exment v5.0.2 and earlier and exceedone/laravel-admin v3.0.0 and earlier, PHP7 exceedone/exment v4.4.2 and earlier and exceedone/laravel-admin v2.2.2 and earlier allows remote authenticated attackers to execute arbitrary SQL commands...

Simple E-Learning System SQL Injection Vulnerability (CNVD-2023-11438)

Simple E-Learning System is a simple e-learning system from Carlo Montero's personal developer. Simple E-Learning System is vulnerable to SQL injection, which stems from a missing validation of external input SQL statements in the parameter postid of the file commentframe.php. statement. An...

CVE-2022-32964

OMICARD EDM’s API function has insufficient validation for user input. An unauthenticated remote attacker can inject arbitrary SQL commands to access, modify, delete database or disrupt service...

Pharmacy Management System login.php SQL Injection Vulnerability

Pharmacy Management System MPMS is a multilingual pharmacy management system from the personal developer Mayuri K. A SQL injection vulnerability exists in Pharmacy Management System v1.0, which stems from the electronic email and password in login.php Lack of validation of externally entered SQL...

Pharmacy Management System getOrderReport.php SQL Injection Vulnerability

Pharmacy Management System MPMS is a multilingual pharmacy management system from the personal developer Mayuri K. A SQL injection vulnerability exists in Pharmacy Management System v1.0, which stems from the getOrderReport.php startDate parameter in getOrderReport.php lacks validation for extern...

Sql injection

PostgreSQL JDBC Driver PgJDBC for short allows Java programs to connect to a PostgreSQL database using standard, database independent Java code. The PGJDBC implementation of the java.sql.ResultRow.refreshRow method is not performing escaping of column names so a malicious column name that contain...

Product Show Room Site SQL Injection Vulnerability (CNVD-2022-77046)

Product Show Room Site is a product showroom website from Carlo Montero's personal developer. Product Show Room Site v1.0 is vulnerable to SQL injection, which originates from a SQL injection in the /psrs/classes/Master.php?f=deleteproduct The vulnerability is caused by SQL injection of the id...

The vulnerability of the ManagedIT.asmx component of the ConnectWise ManagedITSync plugin in the Kaseya VSA IT-infrastructure management platform allows a attacker to execute arbitrary SQL commands.

The vulnerability of the ManagedIT.asmx component of the ConnectWise ManagedITSync business management platform is related to the lack of validation for the validity of XML objects’ sequences. Exploiting this vulnerability could allow a malicious actor to execute arbitrary SQL commands through th...

Prestashop SQL Injection Vulnerability (CNVD-2022-58389)

Prestashop is a set of open source e-commerce solutions from the United States Prestashop. The solution provides a variety of payment methods , short message alerts and product image scaling and other features . Prestashop suffers from a SQL injection vulnerability that originates from the...

74cmsSE SQL Injection Vulnerability (CNVD-2022-61443)

74cmsSE is a free open source professional recruitment system based on PHP MYSQL. 74cmsSE suffers from a SQL injection vulnerability, which originates from a keyword parameter in /home /jobfairol/resumelist that lacks validation for external input SQL statements. An attacker could use this...

Online Discussion Forum Site SQL注入漏洞（ CNVD-2022-58959 ）

Online Discussion Forum Site is an application of Sourcecodester. An online discussion forum, Online Discussion Forum Site is vulnerable to a SQL injection vulnerability in /odfs/posts/viewpost.php that lacks validation of externally entered SQL statements. An attacker could use this vulnerabilit...

Online Ordering System SQL Injection Vulnerability (CNVD-2022-55713)

Online Ordering System is a multi-store ordering system that can be used by any small business. an SQL injection vulnerability exists in Online Ordering System version v2.3.2, which originates from /ordering/admin/store/index.php?view=edit&id= Lack of validation of external input SQL statements c...

Fast Food Ordering System SQL Injection Vulnerability (CNVD-2022-48947)

Fast Food Ordering System, a fast food ordering system from Carlo Montero's personal developer, is vulnerable to a SQL injection vulnerability in version 1.0 of Fast Food Ordering System, which originates in /ffos/classes/Master.php?f=delete category page lacks validation of externally entered SQ...