WordPress plugin REST API TO MiniProgram 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

CVE-2024-47062 Multiple SQL Injections and ORM Leak in navidrome

Navidrome is an open source web-based music collection server and streamer. Navidrome automatically adds parameters in the URL to SQL queries. This can be exploited to access information by adding parameters like password=... in the URL ORM Leak. Furthermore, the names of the parameters are not...

CVE-2024-47062

Navidrome (

CVE-2024-8395

FlyCASS CASS and KCM systems did not correctly filter SQL queries, which made them vulnerable to attack by outside attackers with no authentication...

CVE-2024-5723 Centreon updateServiceHost SQL Injection Remote Code Execution Vulnerability

Centreon updateServiceHost SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Centreon. Authentication is required to exploit this vulnerability. The specific flaw exists within the updateServiceHost...

The vulnerability in the implementation of the get_component_fields method of the comments module in the Netcat CMS system allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the getcomponentfields method in the comments module of the Netcat CMS system is related to the lack of security measures for SQL query structures. Exploiting this vulnerability allows an attacker, operating remotely, to gain unauthorized access to protected information from...

WordPress plugin WP ERP Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

CVE-2024-39677 NHibernate SQL injection vulnerability in discriminator mappings, static fields referenced in HQL, and some utilities

NHibernate is an object-relational mapper for the .NET framework. A SQL injection vulnerability exists in some types implementing ILiteralType.ObjectToSQLString. Callers of these methods are exposed to the vulnerability, which includes mappings using inheritance with discriminator values; HQL...

The vulnerability of the SEMCMS_Download.php script of the website management system for foreign trade enterprises SemCms allows a hacker to execute arbitrary SQL queries and gain unauthorized access to protected information.

The vulnerability of the SEMCMSDownload.php script of the website management system for SemCms foreign trade enterprises is related to the lack of measures to protect the SQL query structure. Exploiting this vulnerability allows an attacker to execute arbitrary SQL queries and gain unauthorized...

Advantech iView ConfigurationServlet SQL Injection Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ConfigurationServlet servlet, which listens on TCP port 8080 by default. Whe...

PT-2024-37101 · Centreon · Centreon

Name of the Vulnerable Software and Affected Versions: Centreon affected versions not specified Description: This issue allows remote attackers to execute arbitrary code on affected installations of Centreon. Authentication is required to exploit this issue. The specific flaw exists within the...

CVE-2024-36673

CVE-2024-36673 affects Sourcecodester Pharmacy/Medical Store Point of Sale System 1.0. The vulnerability is an SQL Injection in login.php caused by inadequate validation of the email and password inputs, enabling injection of malicious SQL queries. Documented impact is high for confidentiality, i...

The vulnerability in the projets.php script of the SOPlanning CMS system allows a hacker to execute arbitrary SQL queries.

The vulnerability of the projets.php script within the SOPlanning CMS system is related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL queries remotely...

Ivanti Endpoint Manager RecordBrokenApp SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Endpoint Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the RecordBrokenApp method. The issue results from the lac...

Ivanti Endpoint Manager GetRulesetsSQL SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Endpoint Manager. Authentication is required to exploit this vulnerability. The specific flaw exists within the GetRulesetsSQL method. The issue results from the lack of proper validation of a...

Ivanti Endpoint Manager GetLogFileRulesNameUniqueSQL SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Endpoint Manager. Authentication is required to exploit this vulnerability. The specific flaw exists within the GetLogFileRulesNameUniqueSQL method. The issue results from the lack of proper...

Information Disclosure

neos/flow is vulnerable to Information Disclosure. The vulnerability is due to entity security not properly integrating with the doctrine query cache, allowing users to reuse cached SQL queries built for other users based on their roles rather than their specific properties, potentially revealing...

CVE-2024-3750

The Visualizer: Tables and Charts Manager for WordPress plugin for WordPress is vulnerable to unauthorized modification and retrieval of data due to a missing capability check on the getQueryData function in all versions up to, and including, 3.10.15. This makes it possible for authenticated...

CVE-2024-3750

CVE-2024-3750 affects Visualizer: Tables and Charts Manager for WordPress. Root cause: missing capability check in getQueryData() across all versions up to 3.10.15, enabling authenticated users with subscriber-level access and above to run arbitrary SQL queries, with potential privilege escalatio...

RHEL 7 : mariadb (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - mariadb: CONNECT storage engine heap-based buffer overflow CVE-2022-24052 - getsortbytable in MariaDB...