SQL injection vulnerability in Sentrifugo 3.2, through  /sentrifugo/index.php/reports/activitylogreport, 'sortby' parameter. The exploitation of this vulnerability could allow a remote user to send a specially crafted query to the server and extract all the data from it.
Max CVSS
9.8
EPSS Score
0.04%
Published
2024-03-21
Updated
2024-03-21
SQL injection vulnerability in Sentrifugo 3.2, through  /sentrifugo/index.php/default/reports/exportactiveuserrpt, 'sort_name' parameter. The exploitation of this vulnerability could allow a remote user to send a specially crafted query to the server and extract all the data from it.
Max CVSS
9.8
EPSS Score
0.04%
Published
2024-03-21
Updated
2024-03-21
SQL injection vulnerability in Sentrifugo 3.2, through /sentrifugo/index.php/default/reports/activeuserrptpdf, 'sort_name' parameter. The exploitation of this vulnerability could allow a remote user to send a specially crafted query to the server and extract all the data from it.
Max CVSS
9.8
EPSS Score
0.04%
Published
2024-03-21
Updated
2024-03-21
SQL injection vulnerability in Sentrifugo 3.2, through /sentrifugo/index.php/reports/businessunits/format/html, 'bunitname' parameter. The exploitation of this vulnerability could allow a remote user to send a specially crafted query to the server and extract all the data from it.
Max CVSS
9.8
EPSS Score
0.04%
Published
2024-03-21
Updated
2024-03-21
SQL injection vulnerability in Sentrifugo 3.2, through /sentrifugo/index.php/empscreening/add, 'agencyids' parameter. The exploitation of this vulnerability could allow a remote user to send a specially crafted query to the server and extract all the data from it.
Max CVSS
9.8
EPSS Score
0.04%
Published
2024-03-21
Updated
2024-03-21
SQL injection vulnerability in Sentrifugo 3.2, through /sentrifugo/index.php/index/getdepartments/sentrifugo/index.php/index/updatecontactnumber, 'id' parameter. The exploitation of this vulnerability could allow a remote user to send a specially crafted query to the server and extract all the data from it.
Max CVSS
9.8
EPSS Score
0.04%
Published
2024-03-21
Updated
2024-03-21
SQL injection vulnerability in Sentrifugo 3.2, through /sentrifugo/index.php/index/getdepartments/format/html, 'business_id' parameter./sentrifugo/index.php/index/getdepartments/format/html, 'business_id' parameter. The exploitation of this vulnerability could allow a remote user to send a specially crafted query to the server and extract all the data from it.
Max CVSS
9.8
EPSS Score
0.04%
Published
2024-03-21
Updated
2024-03-21
A SQL Injection has been found on SCAN_VISIO eDocument Suite Web Viewer of Abast. This vulnerability allows an unauthenticated user to retrieve, update and delete all the information of database. This vulnerability was found on login page via "user" parameter.
Max CVSS
9.8
EPSS Score
0.04%
Published
2024-03-21
Updated
2024-03-21
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ValvePress Automatic allows SQL Injection.This issue affects Automatic: from n/a through 3.92.0.
Max CVSS
9.9
EPSS Score
0.04%
Published
2024-03-21
Updated
2024-03-21
pgx is a PostgreSQL driver and toolkit for Go. SQL injection can occur if an attacker can cause a single query or bind message to exceed 4 GB in size. An integer overflow in the calculated message size can cause the one large message to be sent as multiple messages under the attacker's control. The problem is resolved in v4.18.2 and v5.5.4. As a workaround, reject user input large enough to cause a single query or bind message to exceed 4 GB in size.
Max CVSS
9.8
EPSS Score
0.04%
Published
2024-03-06
Updated
2024-03-06
parse-server is a Parse Server for Node.js / Express. This vulnerability allows SQL injection when Parse Server is configured to use the PostgreSQL database. The vulnerability has been fixed in 6.5.0 and 7.0.0-alpha.20.
Max CVSS
10.0
EPSS Score
0.05%
Published
2024-03-01
Updated
2024-03-01
EBM Technologies RISWEB's specific query function parameter does not properly restrict user input, and this feature page is accessible without login. This allows remote attackers to inject SQL commands without authentication, enabling them to read, modify, and delete database records.
Max CVSS
9.8
EPSS Score
0.09%
Published
2024-02-15
Updated
2024-02-15
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Joel Starnes postMash – custom post order.This issue affects postMash – custom post order: from n/a through 1.2.0.
Max CVSS
9.3
EPSS Score
0.04%
Published
2024-02-28
Updated
2024-02-28
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Skymoonlabs MoveTo.This issue affects MoveTo: from n/a through 6.2.
Max CVSS
9.8
EPSS Score
0.04%
Published
2024-02-28
Updated
2024-02-28
Code-projects Hotel Managment System 1.0 allows SQL Injection via the 'eid' parameter in Hotel/admin/usersettingdel.php?eid=2.
Max CVSS
9.8
EPSS Score
0.11%
Published
2024-02-09
Updated
2024-02-12
Code-projects Hotel Managment System 1.0, allows SQL Injection via the 'rid' parameter in Hotel/admin/roombook.php?rid=2.
Max CVSS
9.8
EPSS Score
0.11%
Published
2024-02-09
Updated
2024-02-12
Code-projects Hotel Managment System 1.0, allows SQL Injection via the 'sid' parameter in Hotel/admin/show.php?sid=2.
Max CVSS
9.8
EPSS Score
0.11%
Published
2024-02-09
Updated
2024-02-12
Code-projects Cinema Seat Reservation System 1.0 allows SQL Injection via the 'id' parameter at "/Cinema-Reservation/booking.php?id=1."
Max CVSS
9.8
EPSS Score
0.11%
Published
2024-02-09
Updated
2024-02-12
Sourcecodester Event Student Attendance System 1.0, allows SQL Injection via the 'student' parameter.
Max CVSS
9.8
EPSS Score
0.11%
Published
2024-02-09
Updated
2024-02-22
Task Manager App v1.0 was discovered to contain a SQL injection vulnerability via the projectID parameter at /TaskManager/EditProject.php.
Max CVSS
9.8
EPSS Score
0.11%
Published
2024-02-14
Updated
2024-02-16
Task Manager App v1.0 was discovered to contain a SQL injection vulnerability via the taskID parameter at /TaskManager/EditTask.php.
Max CVSS
9.8
EPSS Score
0.11%
Published
2024-02-14
Updated
2024-02-16
Employee Managment System v1.0 was discovered to contain a SQL injection vulnerability via the mailud parameter at /aprocess.php.
Max CVSS
9.8
EPSS Score
0.11%
Published
2024-02-14
Updated
2024-02-15
Employee Managment System v1.0 was discovered to contain a SQL injection vulnerability via the pwd parameter at /aprocess.php.
Max CVSS
9.8
EPSS Score
0.11%
Published
2024-02-14
Updated
2024-02-15
An issue in Employee Managment System v1.0 allows attackers to bypass authentication via injecting a crafted payload into the E-mail and Password parameters at /alogin.html.
Max CVSS
9.8
EPSS Score
0.11%
Published
2024-02-14
Updated
2024-02-15
SQLAlchemyDA is a generic database adapter for ZSQL methods. A vulnerability found in versions prior to 2.2 allows unauthenticated execution of arbitrary SQL statements on the database to which the SQLAlchemyDA instance is connected. All users are affected. The problem has been patched in version 2.2. There is no workaround for the problem.
Max CVSS
9.8
EPSS Score
0.13%
Published
2024-02-07
Updated
2024-02-14
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!