Security
Headlines
HeadlinesLatestCVEs

Tag

#sql

CVE-2023-41578: Jeecg-boot <=3.5.3 Arbitrary File Read · Issue #1 · Snakinya/Bugs

Jeecg boot up to v3.5.3 was discovered to contain an arbitrary file read vulnerability via the interface /testConnection.

CVE
#sql#vulnerability#web#windows#apple#js#chrome#webkit
CVE-2023-42268: jeecgboot3.5.3 存在未授权sql注入(布尔盲注绕过) · Issue #5311 · jeecgboot/jeecg-boot

Jeecg boot up to v3.5.3 was discovered to contain a SQL injection vulnerability via the component /jeecg-boot/jmreport/show.

CVE-2023-41615: Student Management System in PHP | Student Management Project in PHP

Zoo Management System v1.0 was discovered to contain multiple SQL injection vulnerabilities in the Admin sign-in page via the username and password fields.

CVE-2023-41594

Dairy Farm Shop Management System Using PHP and MySQL v1.1 was discovered to contain multiple SQL injection vulnerabilities in the Login function via the Username and Password parameters.

CVE-2021-45811: Enhancesoft – Enhance Your Business Today

A SQL injection vulnerability in the "Search" functionality of "tickets.php" page in osTicket 1.15.x allows authenticated attackers to execute arbitrary SQL commands via the "keywords" and "topic_id" URL parameters combination.

JPC2 CMS 1.0 SQL Injection

JPC2 CMS version 1.0 suffers from a remote SQL injection vulnerability.

Meeting Room Booking System 1.0 SQL Injection

Meeting Room Booking System version 1.0 suffers from multiple remote SQL injection vulnerabilities.

CVE-2023-39424

A vulnerability in RDPngFileUpload.dll, as used in the IRM Next Generation booking system, allows a remote attacker to upload arbitrary content (such as a web shell component) to the SQL database and execute it with SYSTEM privileges. This vulnerability requires authentication to be exploited but can be paired with another vulnerability in the platform (CVE-2023-39420, which grants access to hardcoded credentials) to carry the attack without having assigned credentials. 

Alert: Apache SuperSet Vulnerabilities Expose Servers to Remote Code Execution Attacks

Patches have been released to address two new security vulnerabilities in Apache SuperSet that could be exploited by an attacker to gain remote code execution on affected systems. The update (version 2.1.1) plugs CVE-2023-39265 and CVE-2023-37941, which make it possible to conduct nefarious actions once a bad actor is able to gain control of Superset’s metadata database. Outside of these