Lucene search
K

908 matches found

NVD
NVD
added 2024/12/26 11:15 p.m.18 views

CVE-2024-12969

A vulnerability, which was classified as critical, has been found in code-projects Hospital Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/index.php of the component Login. The manipulation of the argument username/password leads to sql injection. T...

9.8CVSS0.00607EPSS
Exploits1References5
Cvelist
Cvelist
added 2024/12/26 7:31 p.m.35 views

CVE-2024-12963 code-projects Job Recruitment _all_edits.php add_xp sql injection

A vulnerability was found in code-projects Job Recruitment 1.0 and classified as critical. Affected by this issue is the function addxp of the file /parse/alledits.php. The manipulation of the argument jobcompany leads to sql injection. The attack may be launched remotely. The exploit has been...

7.5CVSS0.00636EPSS
Exploits1References5
NVD
NVD
added 2024/12/26 11:15 a.m.25 views

CVE-2024-12947

A vulnerability was found in Codezips Hospital Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /invo.php. The manipulation of the argument dname leads to sql injection. The attack may be launched remotely. The exploit has been...

9.8CVSS0.00532EPSS
Exploits1References4
CVE
CVE
added 2024/11/26 11:31 p.m.58 views

CVE-2024-11819

CVE-2024-11819 affects the 1000 Projects Portfolio Management System MCA 1.0. The vulnerability is an SQL injection in /forgot_password_process.php caused by manipulating the username parameter. Impacted component is unknown code path in that file; attack can be initiated remotely, and the exploi...

9.8CVSS7.5AI score0.00628EPSS
Exploits1References5Affected Software1
Cvelist
Cvelist
added 2024/11/20 4:0 p.m.48 views

CVE-2024-11487 Code4Berry Decoration Management System Between Dates Reports btndates_report.php sql injection

A vulnerability has been found in Code4Berry Decoration Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /decoration/admin/btndatesreport.php of the component Between Dates Reports. The manipulation of the argument fromdate/todate leads to sql...

6.5CVSS0.004EPSS
Exploits0References3
Zero Day Initiative
Zero Day Initiative
added 2024/11/06 12:0 a.m.13 views

Centreon updateAccessGroupLinks_MC SQL Injection Privilege Escalation Vulnerability

This vulnerability allows remote attackers to escalate privileges on affected installations of Centreon. Authentication is required to exploit this vulnerability. The specific flaw exists within the updateAccessGroupLinksMC function. The issue results from the lack of proper validation of a...

4.7CVSS6.8AI score0.02154EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/11/01 1:31 a.m.24 views

CVE-2024-10610 ESAFENET CDG ProtocolService.java delProtocol sql injection

A vulnerability has been found in ESAFENET CDG 5 and classified as critical. This vulnerability affects the function delProtocol of the file /com/esafenet/servlet/system/ProtocolService.java. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The...

6.5CVSS0.00508EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2024/10/31 9:0 p.m.12 views

CVE-2024-10596 ESAFENET CDG EncryptPolicyTypeService.java delEntryptPolicySort sql injection

A vulnerability was found in ESAFENET CDG 5. It has been rated as critical. Affected by this issue is the function delEntryptPolicySort of the file /com/esafenet/servlet/system/EncryptPolicyTypeService.java. The manipulation of the argument id leads to sql injection. The attack may be launched...

6.5CVSS6.7AI score0.00543EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2024/10/29 12:0 a.m.4 views

PT-2024-7609 · Qurouter · Qurouter

Name of the Vulnerable Software and Affected Versions: QuRouter versions prior to 2.4.5.032 Description: A SQL injection vulnerability has been reported to affect QuRouter, allowing remote attackers to inject malicious code if exploited. The vulnerability is related to errors in processing input...

10CVSS9.7AI score0.00833EPSS
Exploits0References25
Positive Technologies
Positive Technologies
added 2024/10/25 12:0 a.m.7 views

PT-2024-33155 · Unknown · Best Courier Management System

Name of the Vulnerable Software and Affected Versions: Best courier management system in php version 1.0 Description: The issue allows a remote attacker to execute arbitrary code via the email parameter of the "login request" API endpoint. This enables the attacker to inject malicious SQL code,...

9.8CVSS8.3AI score0.00864EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2024/10/17 4:31 p.m.12 views

CVE-2024-10072 ESAFENET CDG EncryptPolicyService.java actionAddEncryptPolicyGroup sql injection

A vulnerability, which was classified as critical, has been found in ESAFENET CDG 5. This issue affects the function actionAddEncryptPolicyGroup of the file /com/esafenet/servlet/policy/EncryptPolicyService.java. The manipulation of the argument checklist leads to sql injection. The attack may be...

6.5CVSS7.2AI score0.00492EPSS
Exploits1References4
Cvelist
Cvelist
added 2024/10/10 10:31 p.m.33 views

CVE-2024-9817 code-projects Blood Bank System update.php sql injection

A vulnerability was found in code-projects Blood Bank System 1.0. It has been classified as critical. This affects an unknown part of the file /update.php. The manipulation of the argument name leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed ...

6.5CVSS0.00517EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2024/09/27 9:31 p.m.11 views

CVE-2024-9294 dingfanzu CMS saveNewPwd.php sql injection

A vulnerability, which was classified as critical, has been found in dingfanzu CMS up to 29d67d9044f6f93378e6eb6ff92272217ff7225c. Affected by this issue is some unknown functionality of the file saveNewPwd.php. The manipulation of the argument username leads to sql injection. The attack may be...

6.5CVSS7.3AI score0.00324EPSS
Exploits0References4
Cvelist
Cvelist
added 2024/08/30 11:0 a.m.27 views

CVE-2024-8331 OpenRapid RapidCMS user-move-run.php sql injection

A vulnerability was found in OpenRapid RapidCMS up to 1.3.1. It has been classified as critical. This affects an unknown part of the file /admin/user/user-move-run.php. The manipulation of the argument username leads to sql injection. It is possible to initiate the attack remotely. The exploit ha...

6.5CVSS0.0058EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2024/08/04 11:31 p.m.10 views

CVE-2024-7461 ForIP Tecnologia Administração PABX monitcallcenter authMonitCallcenter sql injection

A vulnerability was found in ForIP Tecnologia Administração PABX 1.x. It has been rated as critical. Affected by this issue is some unknown functionality of the file /authMonitCallcenter of the component monitcallcenter. The manipulation of the argument user leads to sql injection. The attack may...

7.3CVSS7.2AI score0.00546EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2024/07/31 10:0 p.m.9 views

CVE-2024-7327 Xinhu RockOA openmodhetongAction.php dataAction sql injection

A vulnerability classified as critical was found in Xinhu RockOA 2.6.2. This vulnerability affects the function dataAction of the file /webmain/task/openapi/openmodhetongAction.php. The manipulation of the argument nickName leads to sql injection. The attack can be initiated remotely. The exploit...

6.5CVSS7.2AI score0.00514EPSS
Exploits1References4
NVD
NVD
added 2024/07/05 8:15 p.m.46 views

CVE-2024-5753

vanna-ai/vanna version v0.3.4 is vulnerable to SQL injection in some file-critical functions such as pgreadfile. This vulnerability allows unauthenticated remote users to read arbitrary local files on the victim server, including sensitive files like /etc/passwd, by exploiting the exposed SQL...

7.5CVSS0.00604EPSS
Exploits0References1
NVD
NVD
added 2024/07/05 5:15 p.m.13 views

CVE-2024-27709

SQL Injection vulnerability in Eskooly Web Product v.3.0 allows a remote attacker to execute arbitrary code via the searchby parameter of the allstudents.php component and the id parameter of the requestmanager.php component...

9.8CVSS0.00638EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/05/26 8:0 a.m.34 views

CVE-2024-5357 PHPGurukul Zoo Management System forgot-password.php sql injection

A vulnerability has been found in PHPGurukul Zoo Management System 2.1 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/forgot-password.php. The manipulation of the argument email leads to sql injection. The attack can be launched remotely...

7.5CVSS7.5AI score0.00482EPSS
Exploits0References4
NVD
NVD
added 2024/05/16 12:15 p.m.17 views

CVE-2024-4992

Vulnerability in SiAdmin 1.1 that allows SQL injection via the /modul/modkuliah/aksikuliah.php parameter in nim. This vulnerability could allow a remote attacker to send a specially crafted SQL query to the system and retrieve all the information stored in it...

9.8CVSS9.6AI score0.00487EPSS
Exploits0References1
Rows per page
Query Builder