70 matches found
CVE-2026-32137 DataEase SQL Injection Vulnerability
Dataease is an open source data visualization analysis tool. Prior to 2.10.20, The table parameter for /de2api/datasource/previewData is directly concatenated into the SQL statement without any filtering or parameterization. Since tableName is a user-controllable string, attackers can inject...
CVE-2026-32137 DataEase SQL Injection Vulnerability
Dataease is an open source data visualization analysis tool. Prior to 2.10.20, The table parameter for /de2api/datasource/previewData is directly concatenated into the SQL statement without any filtering or parameterization. Since tableName is a user-controllable string, attackers can inject...
CVE-2022-35148
maccms10 v2021.1000.1081 to v2022.1000.3031 was discovered to contain a SQL injection vulnerability via the table parameter at database/columns.html...
EUVD-2013-7182
Malware in sbrugna...
Code-Projects Restaurant Order System 注入漏洞
Code-Projects Restaurant Order System is an open source restaurant order system from Code-Projects. An injection vulnerability exists in code-projects Restaurant Order System version 1.0, which originates from SQL injection due to incorrect manipulation of the parameter ID in the file /table.php...
CVE-2023-2114
The NEX-Forms WordPress plugin before 8.4 does not properly escape the table parameter, which is populated with user input, before concatenating it to an SQL query...
Open Solutions For Education OS4Ed OpenSIS SQL注入漏洞
Open Solutions For Education OS4Ed OpenSIS is commercial grade, secure, scalable and intuitive student information system, school management software from Open Solutions For Education, USA. With all the features to run single or multiple organizations in one installation. Web-based, php code, MyS...
PT-2025-6839 · Sourcecodester · Sourcecodester Multi Restaurant Table Reservation System
Name of the Vulnerable Software and Affected Versions: SourceCodester Multi Restaurant Table Reservation System version 1.0 Description: A critical issue has been found in the system, affecting an unknown function of the file select-menu.php. The manipulation of the table argument leads to SQL...
CVE-2025-22964
DDSN Interactive cm3 Acora CMS version 10.1.1 has an unauthenticated time-based blind SQL Injection vulnerability caused by insufficient input sanitization and validation in the "table" parameter. This flaw allows attackers to inject malicious SQL queries by directly incorporating user-supplied...
PT-2025-4752 · Ddsn Interactive · Ddsn Interactive Cm3 Acora Cms
Name of the Vulnerable Software and Affected Versions: DDSN Interactive cm3 Acora CMS version 10.1.1 Description: The issue is caused by insufficient input sanitization and validation in the table parameter, leading to an unauthenticated time-based blind SQL Injection. This allows attackers to...
DDSN Interactive cm3 Acora CMS 安全漏洞
DDSN Interactive cm3 Acora CMS is an enterprise web and mobile CMS from DDSN Interactive. A security vulnerability exists in DDSN Interactive cm3 Acora CMS version 10.1.1 that stems from the presence of a SQL injection vulnerability that allows an attacker to execute arbitrary code via the table...
CVE-2024-48074
An authorized RCE vulnerability exists in the DrayTek Vigor2960 router version 1.4.4, where an attacker can place a malicious command into the table parameter of the doPPPoE function in the cgi-bin/mainfunction.cgi route, and finally the command is executed by the system function...
CVE-2023-47990
SQL Injection vulnerability in components/tablemanager/html/editadmintable.php in CuppaCMS V1.0 allows attackers to run arbitrary SQL commands via the table parameter...
CVE-2023-47990
SQL Injection vulnerability in components/tablemanager/html/editadmintable.php in CuppaCMS V1.0 allows attackers to run arbitrary SQL commands via the table parameter...
CVE-2023-47990
SQL Injection vulnerability in components/tablemanager/html/editadmintable.php in CuppaCMS V1.0 allows attackers to run arbitrary SQL commands via the table parameter...
Sql injection
SQL Injection vulnerability in components/tablemanager/html/editadmintable.php in CuppaCMS V1.0 allows attackers to run arbitrary SQL commands via the table parameter...
CVE-2023-47990
SQL Injection vulnerability in components/tablemanager/html/editadmintable.php in CuppaCMS V1.0 allows attackers to run arbitrary SQL commands via the table parameter...
PT-2023-30663 · Cuppacms · Cuppacms
Name of the Vulnerable Software and Affected Versions: CuppaCMS version V1.0 Description: The issue allows attackers to run arbitrary SQL commands via the table parameter in the components/table manager/html/edit admin table.php file. This can be exploited by sending malicious input to the affect...
CVE-2023-34601
Jeesite before commit 10742d3 was discovered to contain a SQL injection vulnerability via the component $businessTable at /act/ActDao.xml...
CVE-2023-2114
The NEX-Forms WordPress plugin before 8.4 does not properly escape the table parameter, which is populated with user input, before concatenating it to an SQL query...