Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-25517

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-08 May, 2024 | 00:00
Updated At-01 Aug, 2024 | 23:44
Rejected At-
Credits

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the tbTable argument at /WebUtility/MF.aspx.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:08 May, 2024 | 00:00
Updated At:01 Aug, 2024 | 23:44
Rejected At:
▼CVE Numbering Authority (CNA)

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the tbTable argument at /WebUtility/MF.aspx.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://gist.github.com/Mr-xn/bc8261a5c3e35a72768723acf1da358d#mfaspx
N/A
Hyperlink: https://gist.github.com/Mr-xn/bc8261a5c3e35a72768723acf1da358d#mfaspx
Resource: N/A
▼Authorized Data Publishers (ADP)
1. CISA ADP Vulnrichment
Affected Products
Vendor
guangzhou_luhua_information_technology
Product
ruvaroa
CPEs
  • cpe:2.3:a:guangzhou_luhua_information_technology:ruvaroa:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • 6.01,12.01
Problem Types
TypeCWE IDDescription
CWECWE-89CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Type: CWE
CWE ID: CWE-89
Description: CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Metrics
VersionBase scoreBase severityVector
3.19.8CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 9.8
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
2. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://gist.github.com/Mr-xn/bc8261a5c3e35a72768723acf1da358d#mfaspx
x_transferred
Hyperlink: https://gist.github.com/Mr-xn/bc8261a5c3e35a72768723acf1da358d#mfaspx
Resource:
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:08 May, 2024 | 15:15
Updated At:17 Apr, 2025 | 17:20

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the tbTable argument at /WebUtility/MF.aspx.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.19.8CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 9.8
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CPE Matches
ruvar
ruvar
>>ruvaroa>>6.01
cpe:2.3:a:ruvar:ruvaroa:6.01:*:*:*:*:*:*:*
ruvar
ruvar
>>ruvaroa>>12.01
cpe:2.3:a:ruvar:ruvaroa:12.01:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-89Secondary134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE ID: CWE-89
Type: Secondary
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://gist.github.com/Mr-xn/bc8261a5c3e35a72768723acf1da358d#mfaspxcve@mitre.org
Exploit
Third Party Advisory
https://gist.github.com/Mr-xn/bc8261a5c3e35a72768723acf1da358d#mfaspxaf854a3a-2127-422b-91ae-364da2661108
Exploit
Third Party Advisory
Hyperlink: https://gist.github.com/Mr-xn/bc8261a5c3e35a72768723acf1da358d#mfaspx
Source: cve@mitre.org
Resource:
Exploit
Third Party Advisory
Hyperlink: https://gist.github.com/Mr-xn/bc8261a5c3e35a72768723acf1da358d#mfaspx
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Exploit
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

4976Records found
CVE-2024-25520
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.06% / 17.24%
||
7 Day CHG~0.00%
Published-08 May, 2024 | 00:00
Updated-17 Apr, 2025 | 17:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the id parameter at /SysManage/sys_blogtemplate_new.aspx.

Action-Not Available
Vendor-ruvarn/aruvar
Product-ruvaroan/aruvarOA
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-25525
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.05% / 15.42%
||
7 Day CHG~0.00%
Published-08 May, 2024 | 00:00
Updated-17 Apr, 2025 | 17:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the filename parameter at /WorkFlow/OfficeFileDownload.aspx.

Action-Not Available
Vendor-ruvarn/aruvar
Product-ruvaroan/aruvarOA
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-25523
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.06% / 17.24%
||
7 Day CHG~0.00%
Published-08 May, 2024 | 00:00
Updated-17 Apr, 2025 | 17:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the file_id parameter at /filemanage/file_memo.aspx.

Action-Not Available
Vendor-ruvarn/aruvar
Product-ruvaroan/aruvarOA
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-25529
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.30% / 52.85%
||
7 Day CHG~0.00%
Published-08 May, 2024 | 00:00
Updated-17 Apr, 2025 | 17:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the id parameter at /WorkFlow/wf_office_file_history_show.aspx.

Action-Not Available
Vendor-ruvarn/aguangzhou_luhua_information_technology
Product-ruvaroan/aruvaroa
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-25508
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.12% / 31.31%
||
7 Day CHG~0.00%
Published-07 May, 2024 | 00:00
Updated-16 Apr, 2025 | 19:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the id parameter at /bulletin/bulletin_template_show.aspx.

Action-Not Available
Vendor-ruvarn/aguangzhou_luhua_information_technology
Product-ruvaroan/aruvaroa
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-25530
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.10% / 27.84%
||
7 Day CHG~0.00%
Published-08 May, 2024 | 00:00
Updated-17 Apr, 2025 | 17:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the PageID parameter at /WebUtility/get_find_condiction.aspx.

Action-Not Available
Vendor-ruvarn/aruvar
Product-ruvaroan/aruvarOA
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-25519
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.05% / 16.24%
||
7 Day CHG~0.00%
Published-08 May, 2024 | 00:00
Updated-17 Apr, 2025 | 17:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the idlist parameter at /WorkFlow/wf_work_print.aspx.

Action-Not Available
Vendor-ruvarn/aguangzhou_luhua_information_technology
Product-ruvaroan/aruvaroa
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-25510
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.12% / 31.31%
||
7 Day CHG~0.00%
Published-07 May, 2024 | 00:00
Updated-16 Apr, 2025 | 19:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the id parameter at /AddressBook/address_public_show.aspx.

Action-Not Available
Vendor-ruvarn/aguangzhou_luhua_information_technology
Product-ruvaroan/aruvaroa
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-25532
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.09% / 26.33%
||
7 Day CHG~0.00%
Published-08 May, 2024 | 00:00
Updated-17 Apr, 2025 | 17:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the bt_id parameter at /include/get_dict.aspx.

Action-Not Available
Vendor-ruvarn/aruvar
Product-ruvaroan/aruvarOA
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-25531
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.10% / 27.84%
||
7 Day CHG~0.00%
Published-08 May, 2024 | 00:00
Updated-17 Apr, 2025 | 17:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the PageID parameter at /WebUtility/SearchCondiction.aspx.

Action-Not Available
Vendor-ruvarn/aruvar
Product-ruvaroan/aruvarOA
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-25528
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.04% / 11.43%
||
7 Day CHG~0.00%
Published-08 May, 2024 | 00:00
Updated-17 Apr, 2025 | 17:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the id parameter at /PersonalAffair/worklog_template_show.aspx.

Action-Not Available
Vendor-ruvarn/aguangzhou_luhua_information_technology
Product-ruvaroan/aruvaroa
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-25526
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-8.1||HIGH
EPSS-0.06% / 17.24%
||
7 Day CHG~0.00%
Published-08 May, 2024 | 00:00
Updated-17 Apr, 2025 | 17:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the project_id parameter at /ProjectManage/pm_gatt_inc.aspx.

Action-Not Available
Vendor-ruvarn/aruvar
Product-ruvaroan/aruvarOA
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-25521
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.4||CRITICAL
EPSS-0.04% / 10.20%
||
7 Day CHG~0.00%
Published-08 May, 2024 | 00:00
Updated-17 Apr, 2025 | 17:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the txt_keyword parameter at get_company.aspx.

Action-Not Available
Vendor-ruvarn/aruvar
Product-ruvaroan/aruvarOA
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-25527
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.4||CRITICAL
EPSS-0.07% / 21.06%
||
7 Day CHG~0.00%
Published-08 May, 2024 | 00:00
Updated-17 Apr, 2025 | 17:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the id parameter at /PersonalAffair/worklog_template_show.aspx.

Action-Not Available
Vendor-ruvarn/aruvar
Product-ruvaroan/aruvarOA
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-25507
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.4||CRITICAL
EPSS-0.08% / 24.59%
||
7 Day CHG~0.00%
Published-07 May, 2024 | 00:00
Updated-16 Apr, 2025 | 19:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the email_attach_id parameter at /LHMail/AttachDown.aspx.

Action-Not Available
Vendor-ruvarn/aruvar
Product-ruvaroan/aruvarOA
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-25511
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.4||CRITICAL
EPSS-0.08% / 24.59%
||
7 Day CHG~0.00%
Published-07 May, 2024 | 00:00
Updated-16 Apr, 2025 | 19:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the id parameter at /AddressBook/address_public_new.aspx.

Action-Not Available
Vendor-ruvarn/aruvar
Product-ruvaroan/aruvarOA
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-25518
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.4||CRITICAL
EPSS-0.04% / 9.48%
||
7 Day CHG~0.00%
Published-08 May, 2024 | 00:00
Updated-17 Apr, 2025 | 17:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the template_id parameter at /WorkFlow/wf_get_fields_approve.aspx.

Action-Not Available
Vendor-ruvarn/aruvar
Product-ruvaroan/aruvarOA
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-25513
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.06% / 16.97%
||
7 Day CHG~0.00%
Published-07 May, 2024 | 00:00
Updated-16 Apr, 2025 | 19:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the file_id parameter at /CorporateCulture/kaizen_download.aspx.

Action-Not Available
Vendor-ruvarn/aguangzhou_luhua_information_technology
Product-ruvaroan/aruvaroa
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-25524
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.4||CRITICAL
EPSS-0.04% / 9.48%
||
7 Day CHG~0.00%
Published-08 May, 2024 | 00:00
Updated-17 Apr, 2025 | 17:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the sys_file_storage_id parameter at /WorkPlan/WorkPlanAttachDownLoad.aspx.

Action-Not Available
Vendor-ruvarn/aruvar
Product-ruvaroan/aruvarOA
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-25515
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.3||HIGH
EPSS-0.05% / 13.28%
||
7 Day CHG~0.00%
Published-08 May, 2024 | 00:00
Updated-16 Apr, 2025 | 19:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the sys_file_storage_id parameter at /WorkFlow/wf_work_finish_file_down.aspx.

Action-Not Available
Vendor-ruvarn/aruvar
Product-ruvaroan/aruvarOA
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-25512
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-8.1||HIGH
EPSS-0.12% / 31.02%
||
7 Day CHG~0.00%
Published-07 May, 2024 | 00:00
Updated-16 Apr, 2025 | 19:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the attach_id parameter at /Bulletin/AttachDownLoad.aspx.

Action-Not Available
Vendor-ruvarn/aguangzhou_luhua_information_technology
Product-ruvaroan/aruvaroa
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-25509
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.4||CRITICAL
EPSS-0.08% / 24.59%
||
7 Day CHG~0.00%
Published-07 May, 2024 | 00:00
Updated-16 Apr, 2025 | 19:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the sys_file_storage_id parameter at /WorkFlow/wf_file_download.aspx.

Action-Not Available
Vendor-ruvarn/aruvar
Product-ruvaroan/aruvarOA
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-25533
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.4||CRITICAL
EPSS-0.16% / 37.39%
||
7 Day CHG~0.00%
Published-08 May, 2024 | 00:00
Updated-17 Apr, 2025 | 17:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Error messages in RuvarOA v6.01 and v12.01 were discovered to leak the physical path of the website (/WorkFlow/OfficeFileUpdate.aspx). This vulnerability can allow attackers to write files to the server or execute arbitrary commands via crafted SQL statements.

Action-Not Available
Vendor-ruvarn/aruvar
Product-ruvaroan/aruvarOA
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-25522
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.4||CRITICAL
EPSS-0.04% / 9.48%
||
7 Day CHG~0.00%
Published-08 May, 2024 | 00:00
Updated-17 Apr, 2025 | 17:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the office_missive_id parameter at /WorkFlow/wf_work_form_save.aspx.

Action-Not Available
Vendor-ruvarn/aruvar
Product-ruvaroan/aruvarOA
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-25514
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.4||CRITICAL
EPSS-0.08% / 24.33%
||
7 Day CHG~0.00%
Published-07 May, 2024 | 00:00
Updated-16 Apr, 2025 | 19:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the template_id parameter at /SysManage/wf_template_child_field_list.aspx.

Action-Not Available
Vendor-ruvarn/aruvar
Product-ruvaroan/aruvarOA
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2020-22818
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.07% / 22.82%
||
7 Day CHG~0.00%
Published-03 Nov, 2022 | 00:00
Updated-05 May, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

MKCMS V6.2 has SQL injection via /ucenter/reg.php name parameter.

Action-Not Available
Vendor-mkcms_projectn/a
Product-mkcmsn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-30058
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.07% / 21.07%
||
7 Day CHG~0.00%
Published-11 Sep, 2023 | 00:00
Updated-26 Sep, 2024 | 18:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

novel-plus 3.6.2 is vulnerable to SQL Injection.

Action-Not Available
Vendor-n/axxyopen (Novel Plus)
Product-novel-plusn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-29629
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.80% / 73.09%
||
7 Day CHG~0.00%
Published-05 Jun, 2023 | 00:00
Updated-31 Jan, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PrestaShop jmsthemelayout 2.5.5 is vulnerable to SQL Injection via ajax_jmsvermegamenu.php.

Action-Not Available
Vendor-jmsthemelayout_projectn/a
Product-jmsthemelayoutn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-39887
Matching Score-4
Assigner-Apache Software Foundation
ShareView Details
Matching Score-4
Assigner-Apache Software Foundation
CVSS Score-4.3||MEDIUM
EPSS-45.77% / 97.53%
||
7 Day CHG-7.72%
Published-16 Jul, 2024 | 09:20
Updated-13 Feb, 2025 | 18:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apache Superset: Improper SQL authorisation, parse not checking for specific engine functions

An SQL Injection vulnerability in Apache Superset exists due to improper neutralization of special elements used in SQL commands. Specifically, certain engine-specific functions are not checked, which allows attackers to bypass Apache Superset's SQL authorization. To mitigate this, a new configuration key named DISALLOWED_SQL_FUNCTIONS has been introduced. This key disallows the use of the following PostgreSQL functions: version, query_to_xml, inet_server_addr, and inet_client_addr. Additional functions can be added to this list for increased protection. This issue affects Apache Superset: before 4.0.2. Users are recommended to upgrade to version 4.0.2, which fixes the issue.

Action-Not Available
Vendor-The Apache Software Foundation
Product-supersetApache Superset
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-30192
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-50.17% / 97.75%
||
7 Day CHG~0.00%
Published-11 May, 2023 | 00:00
Updated-27 Jan, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Prestashop possearchproducts 1.7 is vulnerable to SQL Injection via PosSearch::find().

Action-Not Available
Vendor-n/aPrestaShop S.A
Product-possearchproductsn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2020-23711
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.51% / 65.29%
||
7 Day CHG~0.00%
Published-28 Jun, 2021 | 16:07
Updated-04 Aug, 2024 | 15:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL Injection vulnerability in NavigateCMS 2.9 via the URL encoded GET input category in navigate.php.

Action-Not Available
Vendor-naviwebsn/a
Product-navigate_cmsn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-3047
Matching Score-4
Assigner-TR-CERT (Computer Emergency Response Team of the Republic of Türkiye)
ShareView Details
Matching Score-4
Assigner-TR-CERT (Computer Emergency Response Team of the Republic of Türkiye)
CVSS Score-9.8||CRITICAL
EPSS-7.12% / 91.17%
||
7 Day CHG~0.00%
Published-13 Jun, 2023 | 11:41
Updated-03 Jan, 2025 | 15:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SQLi in TMT's Lockcell

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in TMT Lockcell allows SQL Injection.This issue affects Lockcell: before 15.

Action-Not Available
Vendor-tmtmakineTMT
Product-lockcell_firmwarelockcellLockcell
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2011-10001
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.5||MEDIUM
EPSS-0.04% / 12.82%
||
7 Day CHG~0.00%
Published-18 Jan, 2023 | 15:58
Updated-07 Aug, 2024 | 00:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
iamdroppy phoenixcf articles.cfm sql injection

A vulnerability was found in iamdroppy phoenixcf. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file content/2-Community/articles.cfm. The manipulation leads to sql injection. The patch is named d156faf8bc36cd49c3b10d3697ef14167ad451d8. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-218491.

Action-Not Available
Vendor-phoenixcf_projectiamdroppy
Product-phoenixcfphoenixcf
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-42572
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.17% / 38.25%
||
7 Day CHG~0.00%
Published-20 Aug, 2024 | 00:00
Updated-21 Aug, 2024 | 16:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via the medium parameter at unitmarks.php.

Action-Not Available
Vendor-arajajyothibabun/aarajajyothibabu
Product-school_management_systemn/aschool_management_system
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-40072
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.06% / 19.94%
||
7 Day CHG~0.00%
Published-16 Apr, 2025 | 00:00
Updated-22 Apr, 2025 | 16:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Sourcecodester Online ID Generator System 1.0 was discovered to contain a SQL injection vulnerability via the id parameter at id_generator/admin/?page=generate/index&id=1.

Action-Not Available
Vendor-n/aoretnom23
Product-online_id_generator_systemn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2011-10003
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.5||MEDIUM
EPSS-0.04% / 12.45%
||
7 Day CHG~0.00%
Published-07 Feb, 2023 | 21:00
Updated-25 Mar, 2025 | 15:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
XpressEngine Update Query sql injection

A vulnerability was found in XpressEngine up to 1.4.4. It has been rated as critical. This issue affects some unknown processing of the component Update Query Handler. The manipulation leads to sql injection. Upgrading to version 1.4.5 is able to address this issue. The patch is named c6e94449f21256d6362450b29c7847305e756ad5. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-220247.

Action-Not Available
Vendor-xpressenginen/a
Product-xpressengineXpressEngine
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2020-22209
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-45.91% / 97.54%
||
7 Day CHG~0.00%
Published-16 Jun, 2021 | 17:48
Updated-04 Aug, 2024 | 14:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL Injection in 74cms 3.2.0 via the query parameter to plus/ajax_common.php.

Action-Not Available
Vendor-74cmsn/a
Product-74cmsn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2011-10002
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.5||MEDIUM
EPSS-0.04% / 13.15%
||
7 Day CHG~0.00%
Published-07 Feb, 2023 | 17:00
Updated-07 Aug, 2024 | 00:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
weblabyrinth labyrinth.inc.php Labyrinth sql injection

A vulnerability classified as critical has been found in weblabyrinth 0.3.1. This affects the function Labyrinth of the file labyrinth.inc.php. The manipulation leads to sql injection. Upgrading to version 0.3.2 is able to address this issue. The identifier of the patch is 60793fd8c8c4759596d3510641e96ea40e7f60e9. It is recommended to upgrade the affected component. The identifier VDB-220221 was assigned to this vulnerability.

Action-Not Available
Vendor-weblabyrinth_projectn/a
Product-weblabyrinthweblabyrinth
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-29632
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.80% / 73.09%
||
7 Day CHG~0.00%
Published-06 Jun, 2023 | 00:00
Updated-08 Jan, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PrestaShop jmspagebuilder 3.x is vulnerable to SQL Injection via ajax_jmspagebuilder.php.

Action-Not Available
Vendor-joommastersn/a
Product-jmspagebuildern/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2022-23898
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-82.82% / 99.20%
||
7 Day CHG~0.00%
Published-03 Mar, 2022 | 18:01
Updated-03 Aug, 2024 | 03:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

MCMS v5.2.5 was discovered to contain a SQL injection vulnerability via the categoryId parameter in the file IContentDao.xml.

Action-Not Available
Vendor-mingsoftn/a
Product-mcmsn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-30149
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-10.58% / 92.97%
||
7 Day CHG~0.00%
Published-02 Jun, 2023 | 00:00
Updated-31 Jan, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in the City Autocomplete (cityautocomplete) module from ebewe.net for PrestaShop, prior to version 1.8.12 (for PrestaShop version 1.5/1.6) or prior to 2.0.3 (for PrestaShop version 1.7), allows remote attackers to execute arbitrary SQL commands via the type, input_name. or q parameter in the autocompletion.php front controller.

Action-Not Available
Vendor-ebewen/aPrestaShop S.A
Product-city_autocompleteprestashopn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2020-23973
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.25% / 48.24%
||
7 Day CHG~0.00%
Published-27 Aug, 2020 | 13:21
Updated-04 Aug, 2024 | 15:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

KandNconcepts Club CMS 1.1 and 1.2 has SQL Injection via the 'team.php,player.php,club.php' id parameter.

Action-Not Available
Vendor-kandnconcepts_club_cms_projectn/a
Product-kandnconcepts_club_cmsn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2022-23902
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.26% / 49.60%
||
7 Day CHG~0.00%
Published-14 Feb, 2022 | 20:18
Updated-03 Aug, 2024 | 03:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tongda2000 v11.10 was discovered to contain a SQL injection vulnerability in export_data.php via the d_name parameter.

Action-Not Available
Vendor-tongda2000n/a
Product-tongda_office_anywheren/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-29598
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.06% / 19.29%
||
7 Day CHG~0.00%
Published-13 Apr, 2023 | 00:00
Updated-07 Feb, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

lmxcms v1.4.1 was discovered to contain a SQL injection vulnerability via the setbook parameter at index.php.

Action-Not Available
Vendor-lmxcmsn/a
Product-lmxcmsn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-38889
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.6||CRITICAL
EPSS-0.48% / 64.01%
||
7 Day CHG~0.00%
Published-02 Aug, 2024 | 00:00
Updated-10 Sep, 2024 | 16:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue in Horizon Business Services Inc. Caterease 16.0.1.1663 through 24.0.1.2405 and possibly later versions, allows a remote attacker to perform SQL Injection due to improper neutralization of special elements used in an SQL command.

Action-Not Available
Vendor-horizoncloudn/ahorizoncloud
Product-catereasen/acaterease
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-30016
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.02% / 76.27%
||
7 Day CHG~0.00%
Published-12 Jan, 2024 | 00:00
Updated-20 Jun, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL Injection vulnerability in oretnom23 Judging Management System v1.0, allows remote attackers to execute arbitrary code and obtain sensitive information via sub_event_id parameter in sub_event_details_edit.php.

Action-Not Available
Vendor-n/aoretnom23
Product-judging_management_systemn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-39309
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-9.8||CRITICAL
EPSS-4.81% / 89.08%
||
7 Day CHG+2.07%
Published-01 Jul, 2024 | 21:15
Updated-02 Aug, 2024 | 04:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ZDI-CAN-23894: Parse Server literalizeRegexPart SQL Injection Authentication Bypass Vulnerability

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. A vulnerability in versions prior to 6.5.7 and 7.1.0 allows SQL injection when Parse Server is configured to use the PostgreSQL database. The algorithm to detect SQL injection has been improved in versions 6.5.7 and 7.1.0. No known workarounds are available.

Action-Not Available
Vendor-parse-communityparse_community
Product-parse-serverparse_server
CWE ID-CWE-288
Authentication Bypass Using an Alternate Path or Channel
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2022-24263
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-2.04% / 83.11%
||
7 Day CHG~0.00%
Published-31 Jan, 2022 | 21:27
Updated-03 Aug, 2024 | 04:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Hospital Management System v4.0 was discovered to contain a SQL injection vulnerability in /Hospital-Management-System-master/func.php via the email parameter.

Action-Not Available
Vendor-n/aPHPGurukul LLP
Product-hospital_management_systemn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-3003
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.06% / 17.48%
||
7 Day CHG~0.00%
Published-31 May, 2023 | 08:31
Updated-02 Aug, 2024 | 06:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Train Station Ticketing System GET Parameter manage_prices.php sql injection

A vulnerability classified as critical was found in SourceCodester Train Station Ticketing System 1.0. Affected by this vulnerability is an unknown functionality of the file manage_prices.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-230347.

Action-Not Available
Vendor-train_station_ticketing_system_projectSourceCodester
Product-train_station_ticketing_systemTrain Station Ticketing System
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-2955
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.05% / 16.23%
||
7 Day CHG~0.00%
Published-29 May, 2023 | 07:00
Updated-02 Aug, 2024 | 06:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Students Online Internship Timesheet System GET Parameter rendered_report.php sql injection

A vulnerability, which was classified as critical, was found in SourceCodester Students Online Internship Timesheet System 1.0. Affected is an unknown function of the file rendered_report.php of the component GET Parameter Handler. The manipulation of the argument sid leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-230142 is the identifier assigned to this vulnerability.

Action-Not Available
Vendor-students_online_internship_timesheet_system_projectSourceCodester
Product-students_online_internship_timesheet_systemStudents Online Internship Timesheet System
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 99
  • 100
  • Next
Details not found