Virtua Software Cobranca <12R - Blind SQL Injection

Virtua Cobranca before 12R allows blind SQL injection on the login page. id: CVE-2021-37589 info: name: Virtua Software Cobranca 12R - Blind SQL Injection author: princechaddha severity: high description: | Virtua Cobranca before 12R allows blind SQL injection on the login page. impact: |...

MetInfo 7.0.0 beta - SQL Injection

MetInfo 7.0.0 beta is susceptible to SQL injection via the admin/?n=language&c=languagegeneral&a=doSearchParameter appno parameter a different issue than CVE-2019-16997. id: CVE-2019-17418 info: name: MetInfo 7.0.0 beta - SQL Injection author: ritikchaddha severity: high description: | MetInfo...

phpMyAdmin <4.8.5 - Local File Inclusion

phpMyAdmin before 4.8.5 is susceptible to local file inclusion. When the AllowArbitraryServer configuration setting is set to true, an attacker can read, with the use of a rogue MySQL server, any file on the server that the web server's user can access. This is related to the mysql.allowlocalinfi...

Popup Builder Plugin - SQL Injection and Cross-Site Scripting

The Popup Builder WordPress plugin before 4.1.1 is vulnerable to SQL Injection and Reflected XSS via the sgpb-subscription-popup-id parameter. id: CVE-2022-0479 info: name: Popup Builder Plugin - SQL Injection and Cross-Site Scripting author: ritikchaddha severity: critical description: | The Pop...

rConfig 3.9.4 - SQL Injection

rConfig 3.9.4 and previous versions has unauthenticated compliancepolicyelements.inc.php SQL injection. Because nodes' passwords are stored by default in cleartext, this vulnerability leads to lateral movement, granting an attacker access to monitored network devices. id: CVE-2020-10547 info: nam...

rConfig <=3.9.4 - SQL Injection

rConfig 3.9.4 and prior has unauthenticated snippets.inc.php SQL injection. Because nodes' passwords are stored in cleartext by default, this vulnerability leads to lateral movement, granting an attacker access to monitored network devices. id: CVE-2020-10549 info: name: rConfig 3.9.4 or apply th...

rConfig 3.9 - SQL Injection

An issue was discovered in rConfig through 3.9.4. The web interface is prone to a SQL injection via the commands.inc.php searchColumn parameter. id: CVE-2020-10220 info: name: rConfig 3.9 - SQL Injection author: ritikchaddha,theamanrawat severity: critical description: | An issue was discovered i...

Quiz Maker <= 6.5.8.3 - SQL Injection

The Quiz Maker plugin for WordPress is vulnerable to time-based SQL Injection via the 'aysquestions' parameter in all versions up to, and including, 6.5.8.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...

Online Event Booking and Reservation System 2.3.0 - SQL Injection

Online Event Booking and Reservation System 2.3.0 contains a SQL injection vulnerability in event-management/views. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site. id:...

WordPress Paid Memberships Pro <2.6.7 - Blind SQL Injection

WordPress Paid Memberships Pro plugin before 2.6.7 is susceptible to blind SQL injection. The plugin does not escape the discountcode in one of its REST routes before using it in a SQL statement. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized...

Slimstat Analytics < 4.9.3.3 Subscriber - SQL Injection

The Slimstat Analytics WordPress plugin before 4.9.3.3 does not prevent subscribers from rendering shortcodes that concatenates attributes directly into an SQL query. id: CVE-2023-0630 info: name: Slimstat Analytics 4.9.3.3 Subscriber - SQL Injection author: DhiyaneshDK severity: high description...

Opencart Divido - Sql Injection

OpenCart Divido plugin is susceptible to SQL injection id: CVE-2018-11231 info: name: Opencart Divido - Sql Injection author: ritikchaddha severity: high description: | OpenCart Divido plugin is susceptible to SQL injection impact: | This vulnerability can lead to data theft, unauthorized access,...

Gogs (Go Git Service) - SQL Injection

Multiple SQL injection vulnerabilities in Gogs aka Go Git Service 0.3.1-9 through 0.5.x before 0.5.6.1105 Beta allow remote attackers to execute arbitrary SQL commands via the q parameter to 1 api/v1/repos/search, which is not properly handled in models/repo.go, or 2 api/v1/users/search, which is...

School Dormitory Management System 1.0 - SQL Injection

School Dormitory Management System 1.0 contains a SQL injection vulnerability via accounts/paymenthistory.php:31. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site. id: CVE-2022-30512 info:...

WhatsUp Gold GetStatisticalMonitorList SQL Injection - Authentication Bypass

In WhatsUp Gold versions released before 2024.0.0, if the application is configured with only a single user, a SQL Injection vulnerability allows an unauthenticated attacker to retrieve the users encrypted password. id: CVE-2024-6671 info: name: WhatsUp Gold GetStatisticalMonitorList SQL Injectio...

MasterStudy LMS WordPress Plugin <= 3.2.5 - SQL Injection

The MasterStudy LMS WordPress Plugin for Online Courses and Education plugin for WordPress is vulnerable to union based SQL Injection via the 'user' parameter of the /lms/stm-lms/order/items REST route in all versions up to, and including, 3.2.5 due to insufficient escaping on the user supplied...

PrestaShop Responsive Mega Menu Module - Remote Code Execution

The 'Responsive Mega Menu' module for PrestaShop is prone to a remote code execution and SQL injection vulnerability. modules/bamegamenu/ajaxphpcode.php in the Responsive Mega Menu Horizontal+Vertical+Dropdown Pro module 1.0.32 for PrestaShop allows remote attackers to execute an SQL injection or...

WordPress RSVPMaker <=9.3.2 - SQL Injection

WordPress RSVPMaker plugin through 9.3.2 contains a SQL injection vulnerability due to insufficient escaping and parameterization on user-supplied data passed to multiple SQL queries in /rsvpmaker-email.php. An attacker can possibly obtain sensitive information, modify data, and/or execute...

Security Bulletin: Multiple vulnerabilities in IBM Security QRadar EDR Software

Summary Multiple vulnerabilities were addressed in IBM Security QRadar EDR Software version 3.12.25 Vulnerability Details CVEID:CVE-2026-30951 DESCRIPTION: Sequelize is a Node.js ORM tool. Prior to 6.37.8, there is SQL injection via unescaped cast type in JSON/JSONB where clause processing. The...

WordPress GEO my WP plugin <= 4.5.5 - Unauthenticated SQL Injection vulnerability

Unauthenticated SQL Injection vulnerability discovered by Naoya Takahashi nakko in WordPress Plugin GEO my WordPress versions = 4.5.5...