Security
Headlines
HeadlinesLatestCVEs

Tag

#sql

Global Multi School Management System Express 1.0 SQL Injection

Global Multi School Management System Express version 1.0 suffers from a remote SQL injection vulnerability.

Packet Storm
Open in Source
#sql#vulnerability#web#mac#windows#apple#linux#auth#chrome#webkit
OVOO Movie Portal CMS 3.3.3 SQL Injection

OVOO Movie Portal CMS version 3.3.3 suffers from a remote SQL injection vulnerability.

Taskhub CRM Tool 2.8.6 SQL Injection

Taskhub CRM Tool version 2.8.6 suffers from a remote SQL injection vulnerability.

Credit Lite 1.5.4 SQL Injection

Credit Lite version 1.5.4 suffers from a remote SQL injection vulnerability.

Event Locations CMS 1.0.1 Shell Upload

Event Locations CMS version 1.0.1 suffers from a remote shell upload vulnerability.

CVE-2023-38899: sql sql injection · Issue #2 · berkaygediz/O_Blog

SQL injection vulnerability in berkaygediz O_Blog v.1.0 allows a local attacker to escalate privileges via the secure_file_priv component.

CVE-2023-39939: LuxSoft Home

SQL injection vulnerability in LuxCal Web Calendar prior to 5.2.3M (MySQL version) and LuxCal Web Calendar prior to 5.2.3L (SQLite version) allows a remote unauthenticated attacker to execute arbitrary queries against the database and obtain or alter the information in it.

CVE-2023-4449: vuls/README.md at main · Jacky-Y/vuls

A vulnerability was found in SourceCodester Free and Open Source Inventory Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /index.php?page=member. The manipulation of the argument columns[0][data] leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-237570 is the identifier assigned to this vulnerability.

CVE-2023-4447: SQL injection vulnerability exists in RapidCMS Dev.1.3.1 · Issue #4 · OpenRapid/rapidcms

A vulnerability has been found in OpenRapid RapidCMS 1.3.1 and classified as critical. This vulnerability affects unknown code of the file admin/article-chat.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-237568.

CVE-2023-4448: 1.3.1.2 · OpenRapid/rapidcms@4dff387

A vulnerability was found in OpenRapid RapidCMS 1.3.1 and classified as critical. This issue affects some unknown processing of the file admin/run-movepass.php. The manipulation of the argument password/password2 leads to weak password recovery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of the patch is 4dff387283060961c362d50105ff8da8ea40bcbe. It is recommended to apply a patch to fix this issue. The identifier VDB-237569 was assigned to this vulnerability.