25 matches found
CVE-2024-25514
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the templateid parameter at /SysManage/wftemplatechildfieldlist.aspx...
CVE-2024-25518
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the templateid parameter at /WorkFlow/wfgetfieldsapprove.aspx...
RuvarOA template_id Parameter SQL Injection Vulnerability
RuvarOA is an office automation system of Ruvar China. A SQL injection vulnerability exists in RuvarOA v6.01 and v12.01, which originates from the lack of validation of the templateid parameter of the /WorkFlow/wfgetfieldsapprove.aspx file against externally entered SQL statements. An attacker ca...
CVE-2024-25518
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the templateid parameter at /WorkFlow/wfgetfieldsapprove.aspx...
CVE-2024-25518
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the templateid parameter at /WorkFlow/wfgetfieldsapprove.aspx...
CVE-2024-25518
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the templateid parameter at /WorkFlow/wfgetfieldsapprove.aspx...
CVE-2024-25518
RuvarOA v6.01 and v12.01 expose a SQL injection via the template_id parameter on /WorkFlow/wf_get_fields_approve.aspx. Root cause: lack of validation for template_id input, enabling arbitrary SQL execution and potential data disclosure as described across CVE-2024-25518 and related feeds. Documen...
CVE-2024-25514
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the templateid parameter at /SysManage/wftemplatechildfieldlist.aspx...
CVE-2024-25514
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the templateid parameter at /SysManage/wftemplatechildfieldlist.aspx...
CVE-2024-25514
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the templateid parameter at /SysManage/wftemplatechildfieldlist.aspx...
CVE-2024-25514
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the templateid parameter at /SysManage/wftemplatechildfieldlist.aspx...
CVE-2024-25514
RuvarOA versions 6.01 and 12.01 are affected by a SQL injection vulnerability in the template_id parameter of /SysManage/wf_template_child_field_list.aspx. The issue originates from lack of input validation in the affected endpoint. Documented impact includes potential data exposure or manipulati...
CVE-2019-17357
Cacti through 1.2.7 is affected by a graphs.php?templateid= SQL injection vulnerability affecting how template identifiers are handled when a string and id composite value are used to identify the template type and id. An authenticated attacker can exploit this to extract data from the database, ...
CVE-2019-17357
Cacti through 1.2.7 is affected by a graphs.php?templateid= SQL injection vulnerability affecting how template identifiers are handled when a string and id composite value are used to identify the template type and id. An authenticated attacker can exploit this to extract data from the database, ...
CVE-2019-17357
Cacti through 1.2.7 is affected by a graphs.php?templateid= SQL injection vulnerability affecting how template identifiers are handled when a string and id composite value are used to identify the template type and id. An authenticated attacker can exploit this to extract data from the database, ...
CVE-2019-17357
Cacti through 1.2.7 is affected by a graphs.php?templateid= SQL injection vulnerability affecting how template identifiers are handled when a string and id composite value are used to identify the template type and id. An authenticated attacker can exploit this to extract data from the database, ...
CVE-2019-17357
Cacti through 1.2.7 is affected by a graphs.php?templateid= SQL injection vulnerability affecting how template identifiers are handled when a string and id composite value are used to identify the template type and id. An authenticated attacker can exploit this to extract data from the database, ...
WordPress Gift Vouchers SQL Injection Vulnerability
WordPress is a blogging platform developed by the WordPress Software Foundation using the PHP language, which supports personal blog sites on servers running PHP and MySQL.The Gift Vouchers plugin is an e-gift voucher plugin that is used in... A SQL injection vulnerability exists in the...
CVE-2018-16159
CVE-2018-16159 affects the WordPress Gift Vouchers plugin (versions up to 2.0.1; later fixed in 4.1.8). The vulnerability is a blind SQL injection via the template_id parameter in the wpgv_doajax_front_template AJAX request (wp-admin/admin-ajax.php). Root cause: insufficient input handling for te...
WordPress Gift Voucher 1.0.5 Plugin - template_id SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: WordPress Plugin Gift Voucher 1.0.5 - 'templateid' SQL Injection Google Dork: intext:"/wp-content/plugins/gift-voucher/" Exploit Author: Renos Nikolaou Software Link: https://wordpress.org/plugins/gift-voucher/ Vendor Homepage:...