CVE-2026-4289 Tiandy Easy7 Integrated Management Platform getRecByTemplateId sql injection

A security vulnerability has been detected in Tiandy Easy7 Integrated Management Platform up to 7.17.0. This affects an unknown function of the file /rest/preSetTemplate/getRecByTemplateId. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The explo...

Tiandy Easy7 Integrated Management Platform SQL注入漏洞

Tiandy Easy7 Integrated Management Platform is a comprehensive video surveillance management platform developed by Tiandy Company in China. Versions of Tiandy Easy7 Integrated Management Platform prior to 7.17.0 have a SQL injection vulnerability. This vulnerability arises from incorrect handling...

Linux Distros Unpatched Vulnerability : CVE-2017-1000031

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - SQL injection vulnerability in graphtemplatesinputs.php in Cacti 0.8.8b allows remote attackers to execute arbitrary SQL commands via the graphtemplateinputid a...

AbanteCart 安全漏洞

AbanteCart is an open source e-commerce platform by AbanteCart. A security vulnerability exists in AbanteCart version 1.4.2, which stems from an unvalidated tmplid parameter in index.php, which could lead to a SQL injection attack...

PT-2025-1862 · WordPress · Ai Scribe

Name of the Vulnerable Software and Affected Versions: AI Scribe plugin for WordPress versions up to, and including, 2.3 Description: The issue is related to SQL Injection via the template id parameter of the article builder generate data shortcode. This is due to insufficient escaping on the...

WordPress plugin AI Scribe SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin AI...

WordPress HT Mega – Absolute Addons For Elementor plugin <= 2.6.5 - Authenticated (Contributor+) Sensitive Information Exposure via template_id vulnerability

Authenticated Contributor+ Sensitive Information Exposure via templateid vulnerability discovered by Ankit Patel in WordPress Plugin HT Mega versions = 2.6.5...

PT-2024-27891 · WordPress · Tagdiv Composer

Name of the Vulnerable Software and Affected Versions: tagDiv Composer plugin for WordPress versions up to, and including, 4.8 Description: The issue allows authenticated attackers with contributor-level and above permissions to include and execute arbitrary files on the server via the 'td block...

CVE-2024-25518

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the templateid parameter at /WorkFlow/wfgetfieldsapprove.aspx...

PT-2024-20979 · Ruvaroa · Ruvaroa

Name of the Vulnerable Software and Affected Versions: RuvarOA versions 6.01 through 12.01 Description: The issue is related to a SQL injection vulnerability. This vulnerability can be exploited via the template id parameter at the "/WorkFlow/wf get fields approve.aspx" API endpoint...

RuvarOA 安全漏洞

RuvarOA is an office automation system of Ruvar China. A SQL injection vulnerability exists in RuvarOA v6.01 and v12.01, which originates from the lack of validation of the templateid parameter in the /SysManage/wftemplatechildfieldlist.aspx file against external SQL input. An attacker can exploi...

VulnCheck KEV: CVE-2018-16159

The Gift Vouchers plugin through 2.0.1 for WordPress allows SQL Injection via the templateid parameter in a wp-admin/admin-ajax.php wpgvdoajaxfronttemplate request...

SUSE CVE-2015-4454

SQL injection vulnerability in the gethashgraphtemplate function in lib/functions.php in Cacti before 0.8.8d allows remote attackers to execute arbitrary SQL commands via the graphtemplateid parameter to graphtemplates.php...

SUSE CVE-2017-1000031

SQL injection vulnerability in graphtemplatesinputs.php in Cacti 0.8.8b allows remote attackers to execute arbitrary SQL commands via the graphtemplateinputid and graphtemplateid parameters...

SUSE CVE-2019-17357

Cacti through 1.2.7 is affected by a graphs.php?templateid= SQL injection vulnerability affecting how template identifiers are handled when a string and id composite value are used to identify the template type and id. An authenticated attacker can exploit this to extract data from the database, ...

CSRF vulnerability in Amazon EC2 Plugin

Amazon EC2 Plugin 1.50.1 and earlier does not require POST requests in several HTTP endpoints, resulting in cross-site request forgery CSRF vulnerabilities. This allows an attacker to provision instances with an attacker-specified template ID. Amazon EC2 Plugin 1.50.2 now requires POST requests f...

PT-2019-5226 · Cacti +2 · Cacti +2

Name of the Vulnerable Software and Affected Versions: Cacti versions prior to 1.2.8 Description: The issue affects how template identifiers are handled in Cacti when a string and a composite id value are used. This can be exploited by an authenticated attacker to extract data from the database...

CVE-2018-16159

The Gift Vouchers plugin through 2.0.1 for WordPress allows SQL Injection via the templateid parameter in a wp-admin/admin-ajax.php wpgvdoajaxfronttemplate request...

Cacti 'get_hash_graph_template' function SQL injection vulnerability

Cacti is a suite of open source network traffic monitoring and analysis tools from the Cacti Group. The tool through snmpget to obtain data , using RRDtool drawing graphs to analyze , and provide data and user management features . A SQL injection vulnerability exists in the 'gethashgraphtemplate...

UBUNTU-CVE-2015-4454

SQL injection vulnerability in the gethashgraphtemplate function in lib/functions.php in Cacti before 0.8.8d allows remote attackers to execute arbitrary SQL commands via the graphtemplateid parameter to graphtemplates.php...