Student-Management-System SQL注入漏洞

Student-Management-System is an open-source student information management system developed by Cyber-III. Versions of Student-Management-System 1a938fa61e9f735078e9b291d2e6215b4942af3f and earlier have a SQL injection vulnerability. This vulnerability arises from incorrect handling of the Passwor...

SQL Injection

Overview griptape-tools is a Tools for the Griptape framework. Affected versions of this package are vulnerable to SQL Injection through the executequery path in the SQL tool and loader components. An attacker can execute malicious SQL against the connected database by prompt-injecting the LLM to...

SQL Injection

Overview griptape is a Modular Python framework for LLM workflows, tools, memory, and data. Affected versions of this package are vulnerable to SQL Injection through the executequery path in the SQL tool and loader components. An attacker can execute malicious SQL against the connected database b...

EUVD-2019-20122

Kados R10 GreenBee contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting SQL code through the idproject parameter. Attackers can send crafted requests with malicious SQL statements in the idproject parameter to extract sensitive database...

EUVD-2019-20121

Kados R10 GreenBee contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting SQL code through the sortdirection parameter. Attackers can submit malicious SQL statements in the sortdirection parameter to extract sensitive database information or modi...

EUVD-2019-20111

Kados R10 GreenBee contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting SQL code through the mngprofileid parameter. Attackers can send crafted requests with malicious SQL payloads in the mngprofileid parameter to extract sensitive database...

EUVD-2019-20117

Kados R10 GreenBee contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting SQL code through the languagetag parameter. Attackers can submit malicious SQL statements in the languagetag parameter to extract sensitive database information or modify...

EUVD-2019-20087

Ask Expert Script 3.0.5 contains cross-site scripting and SQL injection vulnerabilities that allow unauthenticated attackers to inject malicious code by manipulating URL parameters. Attackers can inject script tags through the cateid parameter in categorysearch.php or SQL code through the view...

EUVD-2019-20083

CMSsite 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'post' parameter. Attackers can send GET requests to post.php with malicious 'post' values to extract sensitive database information or perfor...

EUVD-2019-20085

eDirectory contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to bypass administrator authentication and disclose sensitive files by injecting SQL code into parameters. Attackers can exploit the key parameter in the login endpoint with union-based SQL injection t...

EUVD-2019-20079

PilusCart 1.4.1 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'send' parameter. Attackers can submit POST requests to the comment submission endpoint with RLIKE-based boolean SQL injection payloads to...

EUVD-2019-20073

qdPM 9.1 contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting SQL code through the searchbyextrafields parameter. Attackers can send POST requests to the users endpoint with malicious searchbyextrafields values to trigger SQL syntax errors and...

EUVD-2019-20071

News Website Script 2.0.5 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the news ID parameter. Attackers can send GET requests to index.php/show/news/ with malicious SQL statements to extract sensitive...

EUVD-2019-20062

SuiteCRM 7.10.7 contains a SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the parentTab parameter. Attackers can send GET requests to the email module with malicious parentTab values using boolean-based SQL injection...

EUVD-2019-20060

ResourceSpace 8.6 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'ref' parameter. Attackers can send GET requests to the watchedsearches.php endpoint with crafted SQL payloads to extract...

EUVD-2026-19119

A vulnerability was identified in wbbeyourself MAC-SQL up to 31a9df5e0d520be4769be57a4b9022e5e34a14f4. This affects the function executesql of the file core/agents.py of the component Refiner Agent. The manipulation leads to sql injection. Remote exploitation of the attack is possible. The exploi...

CVE-2026-5596

A vulnerability was detected in griptape-ai griptape 0.19.4. Affected by this issue is some unknown functionality of the file griptape/tools/sql/tool.py of the component SqlTool. Performing a manipulation results in sql injection. It is possible to initiate the attack remotely. The exploit is now...

CVE-2019-25702

Kados R10 GreenBee contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting SQL code through the idproject parameter. Attackers can send crafted requests with malicious SQL statements in the idproject parameter to extract sensitive database...

CVE-2019-25680

Advance Gift Shop Pro Script 2.0.3 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the search parameter. Attackers can submit crafted SQL payloads in the 's' parameter of search requests to extract...

CVE-2019-25684

OpenDocMan 1.3.4 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'where' parameter. Attackers can send GET requests to search.php with malicious SQL payloads in the 'where' parameter to extract sensitiv...