36 matches found
CVE-2025-14209
A weakness has been identified in Campcodes School File Management System 1.0. This impacts an unknown function of the file /updatequery.php. This manipulation of the argument studid causes sql injection. The attack can be initiated remotely. The exploit has been made available to the public and...
CVE-2025-14209
A weakness has been identified in Campcodes School File Management System 1.0. This impacts an unknown function of the file /updatequery.php. This manipulation of the argument studid causes sql injection. The attack can be initiated remotely. The exploit has been made available to the public and...
CVE-2025-14209
A weakness has been identified in Campcodes School File Management System 1.0. This impacts an unknown function of the file /updatequery.php. This manipulation of the argument studid causes sql injection. The attack can be initiated remotely. The exploit has been made available to the public and...
EUVD-2025-201656
A weakness has been identified in Campcodes School File Management System 1.0. This impacts an unknown function of the file /updatequery.php. This manipulation of the argument studid causes sql injection. The attack can be initiated remotely. The exploit has been made available to the public and...
CVE-2025-14209 Campcodes School File Management System update_query.php sql injection
A weakness has been identified in Campcodes School File Management System 1.0. This impacts an unknown function of the file /updatequery.php. This manipulation of the argument studid causes sql injection. The attack can be initiated remotely. The exploit has been made available to the public and...
PT-2025-49500
Name of the Vulnerable Software and Affected Versions Campcodes School File Management System version 1.0 Description A flaw exists in Campcodes School File Management System that allows for SQL injection. The issue is related to the manipulation of the stud id argument within the /update query.p...
Campcodes School File Management System SQL注入漏洞
CampCodes School File Management System is a school file management system from CampCodes Philippines. A SQL injection vulnerability exists in Campcodes School File Management System version 1.0, which stems from the incorrect manipulation of the parameter studentid in the file /updatequery.php,...
CVE-2025-66260 PostgreSQL SQL Injection (status_sql.php)
PostgreSQL SQL Injection statussql.php in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform SQL injection via sw1 and sw2 parameters in statussql.php. The statussql.php endpoint constructs...
CVE-2024-45847
An arbitrary code execution vulnerability exists in versions 23.11.4.2 up to 24.7.4.1 of the MindsDB platform, when one of several integrations is installed on the server. If a specially crafted ‘UPDATE’ query containing Python code is run against a database created with the specified integration...
GHSA-CRMG-RP64-5CM3 MindsDB Eval Injection vulnerability
An arbitrary code execution vulnerability exists in versions 23.11.4.2 up to 24.7.4.1 of the MindsDB platform, when one of several integrations is installed on the server. If a specially crafted ‘UPDATE’ query containing Python code is run against a database created with the specified integration...
CVE-2024-45847
An arbitrary code execution vulnerability exists in versions 23.11.4.2 up to 24.7.4.1 of the MindsDB platform, when one of several integrations is installed on the server. If a specially crafted ‘UPDATE’ query containing Python code is run against a database created with the specified integration...
CVE-2024-45847
An arbitrary code execution vulnerability exists in versions 23.11.4.2 up to 24.7.4.1 of the MindsDB platform, when one of several integrations is installed on the server. If a specially crafted ‘UPDATE’ query containing Python code is run against a database created with the specified integration...
CVE-2024-45847
The CVE-2024-45847 entry concerns MindsDB Platform versions 23.11.4.2 through 24.7.4.1 where, when certain integrations are installed, a specially crafted UPDATE query containing Python code is passed to an eval function and executes on the server. Documented across multiple sources (Red Hat, Ver...
CVE-2024-45847
An arbitrary code execution vulnerability exists in versions 23.11.4.2 up to 24.7.4.1 of the MindsDB platform, when one of several integrations is installed on the server. If a specially crafted ‘UPDATE’ query containing Python code is run against a database created with the specified integration...
MindsDB 安全漏洞
MindsDB is an emerging low-code machine learning platform from MindsDB, Inc. A security vulnerability exists in MindsDB versions 23.11.4.2 through 24.7.4.1, which stems from the presence of an arbitrary code execution vulnerability that is passed to the eval function and executed on the server if...
CVE-2023-24731
Simple Customer Relationship Management System v1.0 as discovered to contain a SQL injection vulnerability via the query parameter in the user profile update function...
Sql injection
A vulnerability was found in XpressEngine up to 1.4.4. It has been rated as critical. This issue affects some unknown processing of the component Update Query Handler. The manipulation leads to sql injection. Upgrading to version 1.4.5 is able to address this issue. The patch is named...
CVE-2011-10003 XpressEngine Update Query sql injection
A vulnerability was found in XpressEngine up to 1.4.4. It has been rated as critical. This issue affects some unknown processing of the component Update Query Handler. The manipulation leads to sql injection. Upgrading to version 1.4.5 is able to address this issue. The patch is named...
CVE-2011-10003
CVE-2011-10003 affects XpressEngine up to version 1.4.4. The issue arises from an unknown processing flaw in the Update Query Handler that enables a SQL injection. The vulnerability is fixed by upgrading to version 1.4.5, with the patch identified as c6e94449f21256d6362450b29c7847305e756ad5. Seve...
CVE-2011-10003 XpressEngine Update Query sql injection
A vulnerability was found in XpressEngine up to 1.4.4. It has been rated as critical. This issue affects some unknown processing of the component Update Query Handler. The manipulation leads to sql injection. Upgrading to version 1.4.5 is able to address this issue. The patch is named...