Lucene search
K

70 matches found

Vulnrichment
Vulnrichment
added 2026/03/12 5:53 p.m.2 views

CVE-2026-32137 DataEase SQL Injection Vulnerability

Dataease is an open source data visualization analysis tool. Prior to 2.10.20, The table parameter for /de2api/datasource/previewData is directly concatenated into the SQL statement without any filtering or parameterization. Since tableName is a user-controllable string, attackers can inject...

9.3CVSS5.8AI score0.00418EPSS
Exploits1References1
OSV
OSV
added 2026/03/12 5:53 p.m.5 views

CVE-2026-32137 DataEase SQL Injection Vulnerability

Dataease is an open source data visualization analysis tool. Prior to 2.10.20, The table parameter for /de2api/datasource/previewData is directly concatenated into the SQL statement without any filtering or parameterization. Since tableName is a user-controllable string, attackers can inject...

9.3CVSS5.8AI score0.00418EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2026/01/09 10:41 a.m.5 views

CVE-2022-35148

maccms10 v2021.1000.1081 to v2022.1000.3031 was discovered to contain a SQL injection vulnerability via the table parameter at database/columns.html...

6.5CVSS8.3AI score0.00587EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2013-7182

Malware in sbrugna...

6.5CVSS6.4AI score0.02401EPSS
Exploits1References4
CNNVD
CNNVD
added 2025/06/16 12:0 a.m.4 views

Code-Projects Restaurant Order System 注入漏洞

Code-Projects Restaurant Order System is an open source restaurant order system from Code-Projects. An injection vulnerability exists in code-projects Restaurant Order System version 1.0, which originates from SQL injection due to incorrect manipulation of the parameter ID in the file /table.php...

8.8CVSS6.9AI score0.00342EPSS
Exploits1References7
RedhatCVE
RedhatCVE
added 2025/05/23 3:3 a.m.11 views

CVE-2023-2114

The NEX-Forms WordPress plugin before 8.4 does not properly escape the table parameter, which is populated with user input, before concatenating it to an SQL query...

7.2CVSS9.1AI score0.44629EPSS
Exploits3References1
CNNVD
CNNVD
added 2025/04/02 12:0 a.m.4 views

Open Solutions For Education OS4Ed OpenSIS SQL注入漏洞

Open Solutions For Education OS4Ed OpenSIS is commercial grade, secure, scalable and intuitive student information system, school management software from Open Solutions For Education, USA. With all the features to run single or multiple organizations in one installation. Web-based, php code, MyS...

7.5CVSS7.4AI score0.00433EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/02/07 12:0 a.m.6 views

PT-2025-6839 · Sourcecodester · Sourcecodester Multi Restaurant Table Reservation System

Name of the Vulnerable Software and Affected Versions: SourceCodester Multi Restaurant Table Reservation System version 1.0 Description: A critical issue has been found in the system, affecting an unknown function of the file select-menu.php. The manipulation of the table argument leads to SQL...

8.8CVSS8.1AI score0.00349EPSS
Exploits0References12
OSV
OSV
added 2025/01/15 11:15 p.m.6 views

CVE-2025-22964

DDSN Interactive cm3 Acora CMS version 10.1.1 has an unauthenticated time-based blind SQL Injection vulnerability caused by insufficient input sanitization and validation in the "table" parameter. This flaw allows attackers to inject malicious SQL queries by directly incorporating user-supplied...

8.1CVSS5.8AI score0.00906EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/01/15 12:0 a.m.9 views

PT-2025-4752 · Ddsn Interactive · Ddsn Interactive Cm3 Acora Cms

Name of the Vulnerable Software and Affected Versions: DDSN Interactive cm3 Acora CMS version 10.1.1 Description: The issue is caused by insufficient input sanitization and validation in the table parameter, leading to an unauthenticated time-based blind SQL Injection. This allows attackers to...

8.1CVSS7.4AI score0.00906EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/01/15 12:0 a.m.5 views

DDSN Interactive cm3 Acora CMS 安全漏洞

DDSN Interactive cm3 Acora CMS is an enterprise web and mobile CMS from DDSN Interactive. A security vulnerability exists in DDSN Interactive cm3 Acora CMS version 10.1.1 that stems from the presence of a SQL injection vulnerability that allows an attacker to execute arbitrary code via the table...

8.1CVSS8.5AI score0.00906EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/10/28 12:0 a.m.15 views

CVE-2024-48074

An authorized RCE vulnerability exists in the DrayTek Vigor2960 router version 1.4.4, where an attacker can place a malicious command into the table parameter of the doPPPoE function in the cgi-bin/mainfunction.cgi route, and finally the command is executed by the system function...

0.00653EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2023/12/20 7:15 p.m.6 views

CVE-2023-47990

SQL Injection vulnerability in components/tablemanager/html/editadmintable.php in CuppaCMS V1.0 allows attackers to run arbitrary SQL commands via the table parameter...

9.8CVSS6.1AI score0.0078EPSS
Exploits1References2
NVD
NVD
added 2023/12/20 7:15 p.m.29 views

CVE-2023-47990

SQL Injection vulnerability in components/tablemanager/html/editadmintable.php in CuppaCMS V1.0 allows attackers to run arbitrary SQL commands via the table parameter...

9.8CVSS0.0078EPSS
Exploits1References1
OSV
OSV
added 2023/12/20 7:15 p.m.4 views

CVE-2023-47990

SQL Injection vulnerability in components/tablemanager/html/editadmintable.php in CuppaCMS V1.0 allows attackers to run arbitrary SQL commands via the table parameter...

9.8CVSS6AI score
Exploits0References1
Prion
Prion
added 2023/12/20 7:15 p.m.16 views

Sql injection

SQL Injection vulnerability in components/tablemanager/html/editadmintable.php in CuppaCMS V1.0 allows attackers to run arbitrary SQL commands via the table parameter...

7.5CVSS8.7AI score0.0078EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2023/12/20 12:0 a.m.23 views

CVE-2023-47990

SQL Injection vulnerability in components/tablemanager/html/editadmintable.php in CuppaCMS V1.0 allows attackers to run arbitrary SQL commands via the table parameter...

10AI score0.0078EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2023/12/20 12:0 a.m.5 views

PT-2023-30663 · Cuppacms · Cuppacms

Name of the Vulnerable Software and Affected Versions: CuppaCMS version V1.0 Description: The issue allows attackers to run arbitrary SQL commands via the table parameter in the components/table manager/html/edit admin table.php file. This can be exploited by sending malicious input to the affect...

9.8CVSS7.5AI score0.0078EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2023/06/22 11:15 a.m.3 views

CVE-2023-34601

Jeesite before commit 10742d3 was discovered to contain a SQL injection vulnerability via the component $businessTable at /act/ActDao.xml...

9.8CVSS7.4AI score0.00692EPSS
Exploits1References2
OSV
OSV
added 2023/05/08 2:15 p.m.2 views

CVE-2023-2114

The NEX-Forms WordPress plugin before 8.4 does not properly escape the table parameter, which is populated with user input, before concatenating it to an SQL query...

7.2CVSS7.2AI score0.44629EPSS
Exploits3References2
Rows per page
Query Builder