Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2026-44337

Summary
Assigner-GitHub_M
Assigner Org ID-a0819718-46f1-4df5-94e2-005712e83aaa
Published At-08 May, 2026 | 13:33
Updated At-08 May, 2026 | 14:19
Rejected At-
Credits

PraisonAI knowledge-store backends interpolate unvalidated collection names into SQL and CQL queries

PraisonAI is a multi-agent teams system. From version 2.4.1 to before version 4.6.34, PraisonAI exposes optional SQL/CQL-backed knowledge-store implementations that build table and index identifiers from unvalidated name and collection arguments. Applications that pass untrusted collection names into these backends can trigger SQL or CQL injection. This issue has been patched in version 4.6.34.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:GitHub_M
Assigner Org ID:a0819718-46f1-4df5-94e2-005712e83aaa
Published At:08 May, 2026 | 13:33
Updated At:08 May, 2026 | 14:19
Rejected At:
▼CVE Numbering Authority (CNA)
PraisonAI knowledge-store backends interpolate unvalidated collection names into SQL and CQL queries

PraisonAI is a multi-agent teams system. From version 2.4.1 to before version 4.6.34, PraisonAI exposes optional SQL/CQL-backed knowledge-store implementations that build table and index identifiers from unvalidated name and collection arguments. Applications that pass untrusted collection names into these backends can trigger SQL or CQL injection. This issue has been patched in version 4.6.34.

Affected Products
Vendor
MervinPraison
Product
PraisonAI
Versions
Affected
  • >= 2.4.1, < 4.6.34
Problem Types
TypeCWE IDDescription
CWECWE-20CWE-20: Improper Input Validation
CWECWE-89CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Type: CWE
CWE ID: CWE-20
Description: CWE-20: Improper Input Validation
Type: CWE
CWE ID: CWE-89
Description: CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Metrics
VersionBase scoreBase severityVector
3.16.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Version: 3.1
Base score: 6.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-3643-7v76-5cj2
x_refsource_CONFIRM
Hyperlink: https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-3643-7v76-5cj2
Resource:
x_refsource_CONFIRM
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-3643-7v76-5cj2
exploit
Hyperlink: https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-3643-7v76-5cj2
Resource:
exploit
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security-advisories@github.com
Published At:08 May, 2026 | 14:16
Updated At:08 May, 2026 | 19:07

PraisonAI is a multi-agent teams system. From version 2.4.1 to before version 4.6.34, PraisonAI exposes optional SQL/CQL-backed knowledge-store implementations that build table and index identifiers from unvalidated name and collection arguments. Applications that pass untrusted collection names into these backends can trigger SQL or CQL injection. This issue has been patched in version 4.6.34.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.16.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Type: Secondary
Version: 3.1
Base score: 6.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
CPE Matches
praison
praison
>>praisonai>>Versions from 2.4.1(inclusive) to 4.6.34(exclusive)
cpe:2.3:a:praison:praisonai:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-20Secondarysecurity-advisories@github.com
CWE-89Secondarysecurity-advisories@github.com
CWE ID: CWE-20
Type: Secondary
Source: security-advisories@github.com
CWE ID: CWE-89
Type: Secondary
Source: security-advisories@github.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-3643-7v76-5cj2security-advisories@github.com
Exploit
Vendor Advisory
https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-3643-7v76-5cj2134c704f-9b21-4f2e-91b3-4a467353bcc0
Exploit
Vendor Advisory
Hyperlink: https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-3643-7v76-5cj2
Source: security-advisories@github.com
Resource:
Exploit
Vendor Advisory
Hyperlink: https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-3643-7v76-5cj2
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Resource:
Exploit
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

2321Records found
CVE-2024-6902
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.10% / 26.56%
||
7 Day CHG~0.00%
Published-19 Jul, 2024 | 07:31
Updated-01 Aug, 2024 | 21:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Record Management System sort_user.php sql injection

A vulnerability classified as critical was found in SourceCodester Record Management System 1.0. Affected by this vulnerability is an unknown functionality of the file sort_user.php. The manipulation of the argument sort leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-271927.

Action-Not Available
Vendor-jkevSourceCodester
Product-record_management_systemRecord Management Systemrecord_management_system
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-6904
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.10% / 26.56%
||
7 Day CHG~0.00%
Published-19 Jul, 2024 | 08:31
Updated-01 Aug, 2024 | 21:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Record Management System sort2_user.php sql injection

A vulnerability, which was classified as critical, was found in SourceCodester Record Management System 1.0. This affects an unknown part of the file sort2_user.php. The manipulation of the argument qualification leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-271929 was assigned to this vulnerability.

Action-Not Available
Vendor-jkevSourceCodester
Product-record_management_systemRecord Management Systemrecord_management_system
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-6956
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.11% / 28.80%
||
7 Day CHG~0.00%
Published-21 Jul, 2024 | 14:00
Updated-21 Aug, 2024 | 17:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
itsourcecode University Management System view_cgpa.php sql injection

A vulnerability was found in itsourcecode University Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /view_cgpa.php. The manipulation of the argument VR/VN leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-272078 is the identifier assigned to this vulnerability.

Action-Not Available
Vendor-Angel Jude Reyes SuarezITSourceCode
Product-university_management_systemUniversity Management Systemuniversity_management_system
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-6652
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.06% / 17.64%
||
7 Day CHG~0.00%
Published-10 Jul, 2024 | 23:00
Updated-22 Dec, 2025 | 19:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
itsourcecode Gym Management System manage_member.php sql injection

A vulnerability was found in itsourcecode Gym Management System 1.0. It has been classified as critical. This affects an unknown part of the file manage_member.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-271059.

Action-Not Available
Vendor-admercITSourceCodeAdrian Mercurio
Product-gym_management_systemGym Management Systemgym_management_system
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-6067
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.10% / 26.56%
||
7 Day CHG~0.00%
Published-17 Jun, 2024 | 21:31
Updated-08 Aug, 2024 | 16:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Music Class Enrollment System sql injection

A vulnerability classified as critical was found in SourceCodester Music Class Enrollment System 1.0. Affected by this vulnerability is an unknown functionality of the file /mces/?p=class/view_class. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-268795.

Action-Not Available
Vendor-music_class_enrollment_system_projectoretnom23SourceCodester
Product-music_class_enrollment_systemMusic Class Enrollment Systemmusic_class_enrollment_system
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-6471
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.05% / 15.55%
||
7 Day CHG~0.00%
Published-03 Jul, 2024 | 13:31
Updated-23 Aug, 2024 | 16:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Online Tours & Travels Management sms_setting.php sql injection

A vulnerability classified as critical has been found in SourceCodester Online Tours & Travels Management 1.0. This affects an unknown part of the file sms_setting.php. The manipulation of the argument uname leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-270279.

Action-Not Available
Vendor-mayuri_kSourceCodester
Product-online_tours_\&_travels_management_systemOnline Tours & Travels Managementonline_tours_and_travels_management
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2026-6982
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.03% / 9.16%
||
7 Day CHG~0.00%
Published-25 Apr, 2026 | 14:30
Updated-27 Apr, 2026 | 13:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
star7th ShowDoc API Page Sort Endpoint PageController.class.PHP sql injection

A vulnerability was determined in star7th ShowDoc up to 2.10.10/3.6.2/3.8.0. Affected by this vulnerability is an unknown functionality of the file server/Application/Api/Controller/PageController.class.PHP of the component API Page Sort Endpoint. Executing a manipulation of the argument pages can lead to sql injection. The attack may be launched remotely. Upgrading to version 3.8.1 addresses this issue. It is suggested to upgrade the affected component. According to the researcher, "[t]he vendor explicitly stated they will not backport patches to the older affected versions."

Action-Not Available
Vendor-star7th
Product-ShowDoc
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-6905
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.10% / 26.56%
||
7 Day CHG~0.00%
Published-19 Jul, 2024 | 09:00
Updated-01 Aug, 2024 | 21:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Record Management System view_info_user.php sql injection

A vulnerability has been found in SourceCodester Record Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file view_info_user.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-271930 is the identifier assigned to this vulnerability.

Action-Not Available
Vendor-jkevSourceCodester
Product-record_management_systemRecord Management Systemrecord_management_system
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2026-6991
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.01% / 0.97%
||
7 Day CHG~0.00%
Published-25 Apr, 2026 | 17:45
Updated-27 Apr, 2026 | 14:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
colinhacks Zod CUID Data Type regexes.ts sql injection

A vulnerability was determined in colinhacks Zod up to 4.3.6. The impacted element is an unknown function of the file packages/zod/src/v4/core/regexes.ts of the component CUID Data Type Handler. Executing a manipulation can lead to sql injection. The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-colinhacks
Product-Zod
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-6215
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.10% / 26.56%
||
7 Day CHG~0.00%
Published-21 Jun, 2024 | 01:00
Updated-23 Aug, 2024 | 02:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Food Ordering Management System view-ticket-admin.php sql injection

A vulnerability was found in SourceCodester Food Ordering Management System up to 1.0. It has been rated as critical. This issue affects some unknown processing of the file view-ticket-admin.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-269279.

Action-Not Available
Vendor-oretnom23SourceCodester
Product-food_ordering_management_systemFood Ordering Management Systemfood_ordering_management_system
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-6279
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.10% / 26.56%
||
7 Day CHG~0.00%
Published-24 Jun, 2024 | 02:31
Updated-09 Sep, 2024 | 17:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
lahirudanushka School Management System Exam Results Page examresults-par.php sql injection

A vulnerability was found in lahirudanushka School Management System 1.0.0/1.0.1 and classified as critical. Affected by this issue is some unknown functionality of the file examresults-par.php of the component Exam Results Page. The manipulation of the argument sid leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-269492.

Action-Not Available
Vendor-lahirudanushkalahirudanushkalahirudanushka
Product-school_management_systemSchool Management Systemschool_management_system
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-6008
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.05% / 14.67%
||
7 Day CHG~0.00%
Published-15 Jun, 2024 | 15:00
Updated-01 Aug, 2024 | 21:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
itsourcecode Online Book Store edit_book.php sql injection

A vulnerability, which was classified as critical, was found in itsourcecode Online Book Store up to 1.0. Affected is an unknown function of the file /edit_book.php. The manipulation of the argument image leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-268698 is the identifier assigned to this vulnerability.

Action-Not Available
Vendor-ITSourceCode
Product-online_book_store_project_in_php_with_source_codeOnline Book Storeonline_book_store
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-6729
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.08% / 23.36%
||
7 Day CHG~0.00%
Published-14 Jul, 2024 | 01:00
Updated-26 Aug, 2024 | 05:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Kortex Lite Advocate Office Management System add_act.php sql injection

A vulnerability was found in SourceCodester Kortex Lite Advocate Office Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /control/add_act.php. The manipulation of the argument aname leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-mayuri_kSourceCodester
Product-advocate_office_management_systemKortex Lite Advocate Office Management Systemkortex_lite_advocate_office_management_system
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-6014
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.06% / 19.87%
||
7 Day CHG~0.00%
Published-15 Jun, 2024 | 16:31
Updated-01 Aug, 2024 | 21:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
itsourcecode Document Management System edithis.php sql injection

A vulnerability classified as critical has been found in itsourcecode Document Management System 1.0. Affected is an unknown function of the file edithis.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-268722 is the identifier assigned to this vulnerability.

Action-Not Available
Vendor-ITSourceCode
Product-document_management_system_project_in_php_with_source_codeDocument Management Systemdocument_management_system
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-6901
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.10% / 26.56%
||
7 Day CHG~0.00%
Published-19 Jul, 2024 | 07:00
Updated-01 Aug, 2024 | 21:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Record Management System entry.php sql injection

A vulnerability classified as critical has been found in SourceCodester Record Management System 1.0. Affected is an unknown function of the file entry.php. The manipulation of the argument school leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-271926 is the identifier assigned to this vulnerability.

Action-Not Available
Vendor-jkevSourceCodester
Product-record_management_systemRecord Management Systemrecord_management_system
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-6372
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.08% / 22.80%
||
7 Day CHG~0.00%
Published-27 Jun, 2024 | 13:00
Updated-20 Aug, 2024 | 13:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
itsourcecode Tailoring Management System customeradd.php sql injection

A vulnerability, which was classified as critical, was found in itsourcecode Tailoring Management System 1.0. This affects an unknown part of the file customeradd.php. The manipulation of the argument fullname/address/phonenumber/sex/email/city/comment leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-269805 was assigned to this vulnerability.

Action-Not Available
Vendor-Angel Jude Reyes SuarezITSourceCode
Product-tailoring_management_systemTailoring Management Systemtailoring_management_system
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-6906
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.10% / 26.56%
||
7 Day CHG~0.00%
Published-19 Jul, 2024 | 09:31
Updated-01 Aug, 2024 | 21:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Record Management System add_leave_non_user.php sql injection

A vulnerability was found in SourceCodester Record Management System 1.0 and classified as critical. This issue affects some unknown processing of the file add_leave_non_user.php. The manipulation of the argument LSS leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-271931.

Action-Not Available
Vendor-jkevSource Code & ProjectsSourceCodester
Product-record_management_systemRecord Management Systemrecord_management_system
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-6903
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.10% / 26.56%
||
7 Day CHG~0.00%
Published-19 Jul, 2024 | 08:00
Updated-01 Aug, 2024 | 21:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Record Management System sort1_user.php sql injection

A vulnerability, which was classified as critical, has been found in SourceCodester Record Management System 1.0. Affected by this issue is some unknown functionality of the file sort1_user.php. The manipulation of the argument position leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-271928.

Action-Not Available
Vendor-jkevSourceCodester
Product-record_management_systemRecord Management Systemrecord_management_system
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-6735
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.06% / 17.31%
||
7 Day CHG~0.00%
Published-15 Jul, 2024 | 00:00
Updated-01 Aug, 2024 | 21:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
itsourcecode Tailoring Management System setgeneral.php sql injection

A vulnerability was found in itsourcecode Tailoring Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file setgeneral.php. The manipulation of the argument sitename/email/mobile/sms/currency leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-271456.

Action-Not Available
Vendor-ITSourceCode
Product-Tailoring Management Systemtailoring_management_system
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-6676
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.02% / 5.63%
||
7 Day CHG~0.00%
Published-11 Jul, 2024 | 02:00
Updated-10 Oct, 2025 | 16:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
witmy my-springsecurity-plus user sql injection

A vulnerability has been found in witmy my-springsecurity-plus up to 2024-07-03 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /api/user. The manipulation of the argument params.dataScope leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The associated identifier of this vulnerability is VDB-271111.

Action-Not Available
Vendor-witmywitmywitmy
Product-my-springsecurity-plusmy-springsecurity-plusmy-springsecurity-plus
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-6952
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.10% / 26.56%
||
7 Day CHG~0.00%
Published-21 Jul, 2024 | 11:31
Updated-21 Aug, 2024 | 17:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
itsourcecode University Management System sql injection

A vulnerability has been found in itsourcecode University Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /view_single_result.php?vr=123321&vn=mirage. The manipulation of the argument seme leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-272074 is the identifier assigned to this vulnerability.

Action-Not Available
Vendor-Angel Jude Reyes SuarezITSourceCode
Product-university_management_systemUniversity Management Systemuniversity_management_system
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2026-7023
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.04% / 11.39%
||
7 Day CHG~0.00%
Published-26 Apr, 2026 | 06:30
Updated-01 May, 2026 | 20:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ByteDance coze-studio databaseTool database_impl.go ExecuteSQL sql injection

A vulnerability was detected in ByteDance coze-studio up to 0.5.1. Affected by this vulnerability is the function ExecuteSQL of the file backend/domain/memory/database/service/database_impl.go of the component databaseTool. Performing a manipulation results in sql injection. The attack can be initiated remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-cozeByteDance
Product-coze_studiocoze-studio
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-6728
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.07% / 20.78%
||
7 Day CHG~0.00%
Published-14 Jul, 2024 | 00:31
Updated-21 Aug, 2024 | 18:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
itsourcecode Tailoring Management System typeedit.php sql injection

A vulnerability was found in itsourcecode Tailoring Management System 1.0. It has been classified as critical. This affects an unknown part of the file typeedit.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-271401 was assigned to this vulnerability.

Action-Not Available
Vendor-Angel Jude Reyes SuarezITSourceCode
Product-tailoring_management_systemTailoring Management Systemtailoring_management_system
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2022-2957
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.23% / 45.46%
||
7 Day CHG~0.00%
Published-25 Aug, 2022 | 06:10
Updated-15 Apr, 2025 | 13:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Simple and Nice Shopping Cart Script profile.php sql injection

A vulnerability classified as critical was found in SourceCodester Simple and Nice Shopping Cart Script. Affected by this vulnerability is an unknown functionality of the file /mkshop/Men/profile.php. The manipulation of the argument mem_id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-207001 was assigned to this vulnerability.

Action-Not Available
Vendor-SourceCodesterhabencs
Product-simple_and_nice_shopping_cart_scriptSimple and Nice Shopping Cart Script
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-6830
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.16% / 36.37%
||
7 Day CHG~0.00%
Published-17 Jul, 2024 | 16:00
Updated-17 Oct, 2024 | 13:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Simple Inventory Management System Order action.php sql injection

A vulnerability, which was classified as critical, was found in SourceCodester Simple Inventory Management System 1.0. Affected is an unknown function of the file action.php of the component Order Handler. The manipulation of the argument order_id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-271812.

Action-Not Available
Vendor-oretnom23SourceCodester
Product-simple_inventory_management_systemSimple Inventory Management Systemsimple_inventory_system
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-6039
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.16% / 36.13%
||
7 Day CHG~0.00%
Published-16 Jun, 2024 | 22:00
Updated-19 Aug, 2024 | 19:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Feng Office Workspaces sql injection

A vulnerability, which was classified as critical, was found in Feng Office 3.11.1.2. Affected is an unknown function of the component Workspaces. The manipulation of the argument dim leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-268752.

Action-Not Available
Vendor-fengofficen/a
Product-feng_officeFeng Office
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-6016
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.06% / 19.87%
||
7 Day CHG~0.00%
Published-15 Jun, 2024 | 18:31
Updated-01 Aug, 2024 | 21:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
itsourcecode Online Laundry Management System admin_class.php sql injection

A vulnerability, which was classified as critical, has been found in itsourcecode Online Laundry Management System 1.0. Affected by this issue is some unknown functionality of the file admin_class.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-268724.

Action-Not Available
Vendor-ITSourceCode
Product-laundry_management_system_project_in_php_with_source_codeOnline Laundry Management Systemonline_laundry_management_system
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-6007
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.11% / 28.18%
||
7 Day CHG~0.00%
Published-15 Jun, 2024 | 13:00
Updated-05 Feb, 2025 | 15:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Netentsec NS-ASG Application Security Gateway deleteiscgwrouteconf.php sql injection

A vulnerability classified as critical has been found in Netentsec NS-ASG Application Security Gateway 6.3. This affects an unknown part of the file /protocol/iscgwtunnel/deleteiscgwrouteconf.php. The manipulation of the argument messagecontent leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-268695. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-netentsecNetentsecnetentsec
Product-application_security_gatewayNS-ASG Application Security Gatewayapplication_security_gateway
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-6266
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.35% / 57.67%
||
7 Day CHG~0.00%
Published-23 Jun, 2024 | 02:00
Updated-19 Sep, 2024 | 16:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Pear Admin Boot loadDictItem sql injection

A vulnerability classified as critical has been found in Pear Admin Boot up to 2.0.2. Affected is an unknown function of the file /system/dictData/loadDictItem. The manipulation leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-269478 is the identifier assigned to this vulnerability.

Action-Not Available
Vendor-pearadminn/apearadmin
Product-pear_admin_bootPear Admin Bootpear_admin_boot
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-6440
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.10% / 26.21%
||
7 Day CHG~0.00%
Published-02 Jul, 2024 | 11:00
Updated-01 Aug, 2024 | 21:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Home Owners Collection Management System sql injection

A vulnerability was found in SourceCodester Home Owners Collection Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /classes/Master.php?f=delete_category. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-270168.

Action-Not Available
Vendor-home_owners_collection_management_system_projectSourceCodester
Product-home_owners_collection_management_systemHome Owners Collection Management Systemhome_owners_collection_management_system
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-6731
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.08% / 23.72%
||
7 Day CHG~0.00%
Published-14 Jul, 2024 | 22:00
Updated-26 Aug, 2024 | 05:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Student Study Center Desk Management System Master.php sql injection

A vulnerability classified as critical has been found in SourceCodester Student Study Center Desk Management System 1.0. This affects an unknown part of the file /Master.php?f=save_student. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-oretnom23SourceCodester
Product-student_study_center_desk_management_systemStudent Study Center Desk Management Systemstudent_study_center_desk_management_system
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-7069
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.21% / 43.57%
||
7 Day CHG~0.00%
Published-24 Jul, 2024 | 15:31
Updated-07 Sep, 2024 | 12:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Employee and Visitor Gate Pass Logging System sql injection

A vulnerability, which was classified as critical, has been found in SourceCodester Employee and Visitor Gate Pass Logging System 1.0. This issue affects some unknown processing of the file /employee_gatepass/classes/Master.php?f=delete_department. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-272351.

Action-Not Available
Vendor-oretnom23SourceCodester
Product-employee_and_visitor_gate_pass_logging_systemEmployee and Visitor Gate Pass Logging Systememployee_visitor_gatepass_logging_system
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-6900
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.10% / 26.56%
||
7 Day CHG~0.00%
Published-19 Jul, 2024 | 06:31
Updated-01 Aug, 2024 | 21:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Record Management System edit_emp.php sql injection

A vulnerability was found in SourceCodester Record Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file edit_emp.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-271925 was assigned to this vulnerability.

Action-Not Available
Vendor-jkevSourceCodester
Product-record_management_systemRecord Management System
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-6734
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.06% / 17.31%
||
7 Day CHG~0.00%
Published-14 Jul, 2024 | 23:31
Updated-01 Aug, 2024 | 21:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
itsourcecode Tailoring Management System templateadd.php sql injection

A vulnerability was found in itsourcecode Tailoring Management System 1.0. It has been classified as critical. This affects an unknown part of the file templateadd.php. The manipulation of the argument title/msg leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-271455.

Action-Not Available
Vendor-ITSourceCode
Product-Tailoring Management Systemtailoring_management_system
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-6438
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.08% / 23.06%
||
7 Day CHG~0.00%
Published-02 Jul, 2024 | 10:31
Updated-01 Aug, 2024 | 21:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Hitout Carsale OrderController.java sql injection

A vulnerability has been found in Hitout Carsale 1.0 and classified as critical. This vulnerability affects unknown code of the file OrderController.java. The manipulation of the argument orderBy leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-270166 is the identifier assigned to this vulnerability.

Action-Not Available
Vendor-hitoutHitouthitout
Product-carsaleCarsalecarsale
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-6217
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.10% / 26.56%
||
7 Day CHG~0.00%
Published-21 Jun, 2024 | 02:00
Updated-23 Aug, 2024 | 02:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Food Ordering Management System user-router.php sql injection

A vulnerability classified as critical was found in SourceCodester Food Ordering Management System 1.0. Affected by this vulnerability is an unknown functionality of the file user-router.php. The manipulation of the argument 1_verified leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-269281 was assigned to this vulnerability.

Action-Not Available
Vendor-oretnom23SourceCodester
Product-food_ordering_management_systemFood Ordering Management Systemfood_ordering_management_system
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-6195
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.09% / 25.00%
||
7 Day CHG~0.00%
Published-20 Jun, 2024 | 16:00
Updated-01 Aug, 2024 | 21:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
itsourcecode Tailoring Management System orderadd.php sql injection

A vulnerability has been found in itsourcecode Tailoring Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file orderadd.php. The manipulation of the argument customer leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-269167.

Action-Not Available
Vendor-ITSourceCode
Product-tailoring_management_system_in_php_with_source_codeTailoring Management Systemtailoring_management_system
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-6194
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.08% / 23.69%
||
7 Day CHG~0.00%
Published-20 Jun, 2024 | 15:31
Updated-01 Aug, 2024 | 21:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
itsourcecode Tailoring Management System editmeasurement.php sql injection

A vulnerability, which was classified as critical, was found in itsourcecode Tailoring Management System 1.0. Affected is an unknown function of the file editmeasurement.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-269166 is the identifier assigned to this vulnerability.

Action-Not Available
Vendor-ITSourceCode
Product-tailoring_management_system_in_php_with_source_codeTailoring Management Systemtailoring_management_system
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-6951
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.10% / 26.56%
||
7 Day CHG~0.00%
Published-21 Jul, 2024 | 11:00
Updated-14 Aug, 2024 | 16:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Simple Online Book Store System admin_delete.php sql injection

A vulnerability, which was classified as critical, was found in SourceCodester Simple Online Book Store System 1.0. This affects an unknown part of the file admin_delete.php. The manipulation of the argument bookisbn leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-272073 was assigned to this vulnerability.

Action-Not Available
Vendor-oretnom23SourceCodester
Product-simple_online_book_store_systemSimple Online Book Store Systemsimple_online_book_store_system
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-6416
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.10% / 26.21%
||
7 Day CHG~0.00%
Published-30 Jun, 2024 | 22:00
Updated-05 Apr, 2025 | 00:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SeaCMS sql injection

A vulnerability was found in SeaCMS 12.9. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /js/player/dmplayer/dmku/?ac=edit. The manipulation of the argument cid with the input (select(0)from(select(sleep(10)))v) leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-270007.

Action-Not Available
Vendor-seacmsn/a
Product-seacmsSeaCMS
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-6452
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.33% / 55.79%
||
7 Day CHG~0.00%
Published-02 Jul, 2024 | 20:00
Updated-11 Sep, 2025 | 15:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
linlinjava litemall AdminGoodscontroller.java sql injection

A vulnerability classified as critical was found in linlinjava litemall up to 1.8.0. Affected by this vulnerability is an unknown functionality of the file AdminGoodscontroller.java. The manipulation of the argument goodsId/goodsSn/name leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-270235.

Action-Not Available
Vendor-linlinjavalinlinjavalitemall_project
Product-litemalllitemalllitemall
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-6066
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.10% / 26.56%
||
7 Day CHG~0.00%
Published-17 Jun, 2024 | 21:00
Updated-08 Aug, 2024 | 16:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Best House Rental Management System payment_report.php sql injection

A vulnerability classified as critical has been found in SourceCodester Best House Rental Management System 1.0. Affected is an unknown function of the file payment_report.php. The manipulation of the argument month_of leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-268794 is the identifier assigned to this vulnerability.

Action-Not Available
Vendor-mayuri_kSourceCodester
Product-best_house_rental_management_systemBest House Rental Management Systembest_house_rental_management_system
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-6967
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.06% / 18.94%
||
7 Day CHG~0.00%
Published-22 Jul, 2024 | 02:31
Updated-07 Sep, 2024 | 12:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Employee and Visitor Gate Pass Logging System sql injection

A vulnerability was found in SourceCodester Employee and Visitor Gate Pass Logging System 1.0. It has been classified as critical. This affects an unknown part of the file /employee_gatepass/admin/?page=employee/manage_employee. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-272121 was assigned to this vulnerability.

Action-Not Available
Vendor-oretnom23SourceCodester
Product-employee_and_visitor_gate_pass_logging_systemEmployee and Visitor Gate Pass Logging Systememployee_visitor_gatepass_logging_system
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-6732
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.08% / 23.72%
||
7 Day CHG~0.00%
Published-14 Jul, 2024 | 22:31
Updated-26 Aug, 2024 | 05:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Student Study Center Desk Management System Users.php sql injection

A vulnerability classified as critical was found in SourceCodester Student Study Center Desk Management System 1.0. This vulnerability affects unknown code of the file /sscdms/classes/Users.php?f=save. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-oretnom23SourceCodester
Product-student_study_center_desk_management_systemStudent Study Center Desk Management System
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-5893
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.11% / 28.18%
||
7 Day CHG~0.00%
Published-12 Jun, 2024 | 14:31
Updated-01 Aug, 2024 | 21:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Cab Management System sql injection

A vulnerability classified as critical has been found in SourceCodester Cab Management System 1.0. This affects an unknown part of the file /cms/classes/Users.php?f=delete_client. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-268137 was assigned to this vulnerability.

Action-Not Available
Vendor-SourceCodester
Product-Cab Management System
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-5773
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.07% / 22.02%
||
7 Day CHG~0.00%
Published-09 Jun, 2024 | 03:00
Updated-29 Jan, 2025 | 17:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Netentsec NS-ASG Application Security Gateway deletemacbind.php sql injection

A vulnerability, which was classified as critical, was found in Netentsec NS-ASG Application Security Gateway 6.3. Affected is an unknown function of the file /protocol/firewall/deletemacbind.php. The manipulation of the argument messagecontent leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-267456. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-netentsecNetentsecnetentsec
Product-application_security_gatewayNS-ASG Application Security Gatewayns-asg_application_security_gateway
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2022-2801
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.31% / 54.15%
||
7 Day CHG~0.00%
Published-12 Aug, 2022 | 19:45
Updated-15 Apr, 2025 | 13:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Automated Beer Parlour Billing System Login sql injection

A vulnerability, which was classified as critical, was found in SourceCodester Automated Beer Parlour Billing System. This affects an unknown part of the component Login. The manipulation of the argument username leads to sql injection. It is possible to initiate the attack remotely. The associated identifier of this vulnerability is VDB-206247.

Action-Not Available
Vendor-automated_beer_parlour_billing_system_projectSourceCodester
Product-automated_beer_parlour_billing_systemAutomated Beer Parlour Billing System
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2022-2770
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.31% / 54.15%
||
7 Day CHG~0.00%
Published-11 Aug, 2022 | 11:50
Updated-15 Apr, 2025 | 13:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Simple Online Book Store System book.php sql injection

A vulnerability, which was classified as critical, was found in SourceCodester Simple Online Book Store System. Affected is an unknown function of the file /obs/book.php. The manipulation of the argument bookisbn leads to sql injection. It is possible to launch the attack remotely. VDB-206166 is the identifier assigned to this vulnerability.

Action-Not Available
Vendor-SourceCodesteroretnom23
Product-simple_online_book_store_systemSimple Online Book Store System
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2022-2876
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.29% / 52.23%
||
7 Day CHG~0.00%
Published-18 Aug, 2022 | 07:30
Updated-15 Apr, 2025 | 13:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Student Management System index.php sql injection

A vulnerability, which was classified as critical, was found in SourceCodester Student Management System. Affected is an unknown function of the file index.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-206634 is the identifier assigned to this vulnerability.

Action-Not Available
Vendor-student_management_system_projectSourceCodester
Product-student_management_systemStudent Management System
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-5981
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.19% / 40.96%
||
7 Day CHG~0.00%
Published-14 Jun, 2024 | 01:00
Updated-16 Aug, 2024 | 20:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
itsourcecode Online House Rental System manage_user.php sql injection

A vulnerability was found in itsourcecode Online House Rental System 1.0. It has been classified as critical. Affected is an unknown function of the file manage_user.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-268458 is the identifier assigned to this vulnerability.

Action-Not Available
Vendor-Angel Jude Reyes SuarezITSourceCode
Product-online_house_rental_systemOnline House Rental System
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • ...
  • 46
  • 47
  • Next
Details not found