Security
Headlines
HeadlinesLatestCVEs

Tag

#sql

CVE-2022-3332: vuls/Food Ordering Management System router.php SQL Injection.pdf at main · vuls/vuls

A vulnerability classified as critical has been found in SourceCodester Food Ordering Management System. This affects an unknown part of the file router.php of the component POST Parameter Handler. The manipulation of the argument username leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-209583.

CVE
Open in Source
#sql#vulnerability#php#pdf
CVE-2021-41433: CVE-References/CVE-2021-41433.md at main · martinkubecka/CVE-References

SQL Injection vulnerability exists in version 1.0 of the Resumes Management and Job Application Website application login form by EGavilan Media that allows authentication bypass through login.php.

CVE-2022-40877: Offensive Security’s Exploit Database Archive

Exam Reviewer Management System 1.0 is vulnerable to SQL Injection via the ‘id’ parameter.

CVE-2022-40354: Bug_report/SQLi-3.md at main · songbingxue/Bug_report

Online Tours & Travels Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/update_booking.php.

CVE-2022-40353: Bug_report/SQLi-2.md at main · songbingxue/Bug_report

Online Tours & Travels Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/up_booking.php.

CVE-2022-40352: Bug_report/SQLi-1.md at main · songbingxue/Bug_report

Online Tours & Travels Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/update_traveller.php.

CVE-2022-3323: Advantech iView ConfigurationServlet setConfiguration SQL Injection

An SQL injection vulnerability in Advantech iView 5.7.04.6469. The specific flaw exists within the ConfigurationServlet endpoint, which listens on TCP port 8080 by default. An unauthenticated remote attacker can craft a special column_value parameter in the setConfiguration action to bypass checks in com.imc.iview.utils.CUtils.checkSQLInjection() to perform SQL injection. For example, the attacker can exploit the vulnerability to retrieve the iView admin password.

CVE-2022-37209: GitHub - AgainstTheLight/CVE-2022-37209: CVE-2022-37209 POC

JFinal CMS 5.1.0 is affected by: SQL Injection. These interfaces do not use the same component, nor do they have filters, but each uses its own SQL concatenation method, resulting in SQL injection.