908 matches found
CVE-2024-12969
A vulnerability, which was classified as critical, has been found in code-projects Hospital Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/index.php of the component Login. The manipulation of the argument username/password leads to sql injection. T...
CVE-2024-12963 code-projects Job Recruitment _all_edits.php add_xp sql injection
A vulnerability was found in code-projects Job Recruitment 1.0 and classified as critical. Affected by this issue is the function addxp of the file /parse/alledits.php. The manipulation of the argument jobcompany leads to sql injection. The attack may be launched remotely. The exploit has been...
CVE-2024-12947
A vulnerability was found in Codezips Hospital Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /invo.php. The manipulation of the argument dname leads to sql injection. The attack may be launched remotely. The exploit has been...
CVE-2024-11819
CVE-2024-11819 affects the 1000 Projects Portfolio Management System MCA 1.0. The vulnerability is an SQL injection in /forgot_password_process.php caused by manipulating the username parameter. Impacted component is unknown code path in that file; attack can be initiated remotely, and the exploi...
CVE-2024-11487 Code4Berry Decoration Management System Between Dates Reports btndates_report.php sql injection
A vulnerability has been found in Code4Berry Decoration Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /decoration/admin/btndatesreport.php of the component Between Dates Reports. The manipulation of the argument fromdate/todate leads to sql...
Centreon updateAccessGroupLinks_MC SQL Injection Privilege Escalation Vulnerability
This vulnerability allows remote attackers to escalate privileges on affected installations of Centreon. Authentication is required to exploit this vulnerability. The specific flaw exists within the updateAccessGroupLinksMC function. The issue results from the lack of proper validation of a...
CVE-2024-10610 ESAFENET CDG ProtocolService.java delProtocol sql injection
A vulnerability has been found in ESAFENET CDG 5 and classified as critical. This vulnerability affects the function delProtocol of the file /com/esafenet/servlet/system/ProtocolService.java. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The...
CVE-2024-10596 ESAFENET CDG EncryptPolicyTypeService.java delEntryptPolicySort sql injection
A vulnerability was found in ESAFENET CDG 5. It has been rated as critical. Affected by this issue is the function delEntryptPolicySort of the file /com/esafenet/servlet/system/EncryptPolicyTypeService.java. The manipulation of the argument id leads to sql injection. The attack may be launched...
PT-2024-7609 · Qurouter · Qurouter
Name of the Vulnerable Software and Affected Versions: QuRouter versions prior to 2.4.5.032 Description: A SQL injection vulnerability has been reported to affect QuRouter, allowing remote attackers to inject malicious code if exploited. The vulnerability is related to errors in processing input...
PT-2024-33155 · Unknown · Best Courier Management System
Name of the Vulnerable Software and Affected Versions: Best courier management system in php version 1.0 Description: The issue allows a remote attacker to execute arbitrary code via the email parameter of the "login request" API endpoint. This enables the attacker to inject malicious SQL code,...
CVE-2024-10072 ESAFENET CDG EncryptPolicyService.java actionAddEncryptPolicyGroup sql injection
A vulnerability, which was classified as critical, has been found in ESAFENET CDG 5. This issue affects the function actionAddEncryptPolicyGroup of the file /com/esafenet/servlet/policy/EncryptPolicyService.java. The manipulation of the argument checklist leads to sql injection. The attack may be...
CVE-2024-9817 code-projects Blood Bank System update.php sql injection
A vulnerability was found in code-projects Blood Bank System 1.0. It has been classified as critical. This affects an unknown part of the file /update.php. The manipulation of the argument name leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed ...
CVE-2024-9294 dingfanzu CMS saveNewPwd.php sql injection
A vulnerability, which was classified as critical, has been found in dingfanzu CMS up to 29d67d9044f6f93378e6eb6ff92272217ff7225c. Affected by this issue is some unknown functionality of the file saveNewPwd.php. The manipulation of the argument username leads to sql injection. The attack may be...
CVE-2024-8331 OpenRapid RapidCMS user-move-run.php sql injection
A vulnerability was found in OpenRapid RapidCMS up to 1.3.1. It has been classified as critical. This affects an unknown part of the file /admin/user/user-move-run.php. The manipulation of the argument username leads to sql injection. It is possible to initiate the attack remotely. The exploit ha...
CVE-2024-7461 ForIP Tecnologia Administração PABX monitcallcenter authMonitCallcenter sql injection
A vulnerability was found in ForIP Tecnologia Administração PABX 1.x. It has been rated as critical. Affected by this issue is some unknown functionality of the file /authMonitCallcenter of the component monitcallcenter. The manipulation of the argument user leads to sql injection. The attack may...
CVE-2024-7327 Xinhu RockOA openmodhetongAction.php dataAction sql injection
A vulnerability classified as critical was found in Xinhu RockOA 2.6.2. This vulnerability affects the function dataAction of the file /webmain/task/openapi/openmodhetongAction.php. The manipulation of the argument nickName leads to sql injection. The attack can be initiated remotely. The exploit...
CVE-2024-5753
vanna-ai/vanna version v0.3.4 is vulnerable to SQL injection in some file-critical functions such as pgreadfile. This vulnerability allows unauthenticated remote users to read arbitrary local files on the victim server, including sensitive files like /etc/passwd, by exploiting the exposed SQL...
CVE-2024-27709
SQL Injection vulnerability in Eskooly Web Product v.3.0 allows a remote attacker to execute arbitrary code via the searchby parameter of the allstudents.php component and the id parameter of the requestmanager.php component...
CVE-2024-5357 PHPGurukul Zoo Management System forgot-password.php sql injection
A vulnerability has been found in PHPGurukul Zoo Management System 2.1 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/forgot-password.php. The manipulation of the argument email leads to sql injection. The attack can be launched remotely...
CVE-2024-4992
Vulnerability in SiAdmin 1.1 that allows SQL injection via the /modul/modkuliah/aksikuliah.php parameter in nim. This vulnerability could allow a remote attacker to send a specially crafted SQL query to the system and retrieve all the information stored in it...