37 matches found
CVE-2025-14209
A weakness has been identified in Campcodes School File Management System 1.0. This impacts an unknown function of the file /updatequery.php. This manipulation of the argument studid causes sql injection. The attack can be initiated remotely. The exploit has been made available to the public and...
CVE-2025-14209
A weakness has been identified in Campcodes School File Management System 1.0. This impacts an unknown function of the file /updatequery.php. This manipulation of the argument studid causes sql injection. The attack can be initiated remotely. The exploit has been made available to the public and...
CVE-2025-14209
A weakness has been identified in Campcodes School File Management System 1.0. This impacts an unknown function of the file /updatequery.php. This manipulation of the argument studid causes sql injection. The attack can be initiated remotely. The exploit has been made available to the public and...
CVE-2025-14209 Campcodes School File Management System update_query.php sql injection
A weakness has been identified in Campcodes School File Management System 1.0. This impacts an unknown function of the file /updatequery.php. This manipulation of the argument studid causes sql injection. The attack can be initiated remotely. The exploit has been made available to the public and...
EUVD-2025-201656
A weakness has been identified in Campcodes School File Management System 1.0. This impacts an unknown function of the file /updatequery.php. This manipulation of the argument studid causes sql injection. The attack can be initiated remotely. The exploit has been made available to the public and...
Campcodes School File Management System SQL注入漏洞
CampCodes School File Management System is a school file management system from CampCodes Philippines. A SQL injection vulnerability exists in Campcodes School File Management System version 1.0, which stems from the incorrect manipulation of the parameter studentid in the file /updatequery.php,...
PT-2025-49500
Name of the Vulnerable Software and Affected Versions Campcodes School File Management System version 1.0 Description A flaw exists in Campcodes School File Management System that allows for SQL injection. The issue is related to the manipulation of the stud id argument within the /update query.p...
CVE-2025-66260 PostgreSQL SQL Injection (status_sql.php)
PostgreSQL SQL Injection statussql.php in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform SQL injection via sw1 and sw2 parameters in statussql.php. The statussql.php endpoint constructs...
CVE-2024-45847
An arbitrary code execution vulnerability exists in versions 23.11.4.2 up to 24.7.4.1 of the MindsDB platform, when one of several integrations is installed on the server. If a specially crafted ‘UPDATE’ query containing Python code is run against a database created with the specified integration...
The vulnerability of the eval function in software platforms for automating data exchange between MindsDB queues allows a hacker to execute arbitrary code.
The vulnerability of the eval function in software platforms for automating data exchange between MindsDB queues is related to improper code generation. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by introducing a specially crafted UPDATE query...
GHSA-CRMG-RP64-5CM3 MindsDB Eval Injection vulnerability
An arbitrary code execution vulnerability exists in versions 23.11.4.2 up to 24.7.4.1 of the MindsDB platform, when one of several integrations is installed on the server. If a specially crafted ‘UPDATE’ query containing Python code is run against a database created with the specified integration...
CVE-2024-45847
An arbitrary code execution vulnerability exists in versions 23.11.4.2 up to 24.7.4.1 of the MindsDB platform, when one of several integrations is installed on the server. If a specially crafted ‘UPDATE’ query containing Python code is run against a database created with the specified integration...
CVE-2024-45847
An arbitrary code execution vulnerability exists in versions 23.11.4.2 up to 24.7.4.1 of the MindsDB platform, when one of several integrations is installed on the server. If a specially crafted ‘UPDATE’ query containing Python code is run against a database created with the specified integration...
CVE-2024-45847
The CVE-2024-45847 entry concerns MindsDB Platform versions 23.11.4.2 through 24.7.4.1 where, when certain integrations are installed, a specially crafted UPDATE query containing Python code is passed to an eval function and executes on the server. Documented across multiple sources (Red Hat, Ver...
CVE-2024-45847
An arbitrary code execution vulnerability exists in versions 23.11.4.2 up to 24.7.4.1 of the MindsDB platform, when one of several integrations is installed on the server. If a specially crafted ‘UPDATE’ query containing Python code is run against a database created with the specified integration...
MindsDB 安全漏洞
MindsDB is an emerging low-code machine learning platform from MindsDB, Inc. A security vulnerability exists in MindsDB versions 23.11.4.2 through 24.7.4.1, which stems from the presence of an arbitrary code execution vulnerability that is passed to the eval function and executed on the server if...
CVE-2023-24731
Simple Customer Relationship Management System v1.0 as discovered to contain a SQL injection vulnerability via the query parameter in the user profile update function...
Sql injection
A vulnerability was found in XpressEngine up to 1.4.4. It has been rated as critical. This issue affects some unknown processing of the component Update Query Handler. The manipulation leads to sql injection. Upgrading to version 1.4.5 is able to address this issue. The patch is named...
CVE-2011-10003 XpressEngine Update Query sql injection
A vulnerability was found in XpressEngine up to 1.4.4. It has been rated as critical. This issue affects some unknown processing of the component Update Query Handler. The manipulation leads to sql injection. Upgrading to version 1.4.5 is able to address this issue. The patch is named...
CVE-2011-10003 XpressEngine Update Query sql injection
A vulnerability was found in XpressEngine up to 1.4.4. It has been rated as critical. This issue affects some unknown processing of the component Update Query Handler. The manipulation leads to sql injection. Upgrading to version 1.4.5 is able to address this issue. The patch is named...