Multiple SQL injection vulnerabilities in EasyVirt DCScope <= 8.6.4 and CO2Scope <= 1.3.4 allows remote authenticated attackers to execute arbitrary SQL commands via the (1) timeago, (2) user, (3) fil
Multiple SQL injection vulnerabilities in EasyVirt DCScope <= 8.6.0 and CO2Scope <= 1.3.0 allows remote authenticated attackers to execute arbitrary SQL commands via the (1) user parameter to /api/man
Multiple SQL injection vulnerabilities in EasyVirt DCScope <= 8.6.0 and CO2Scope <= 1.3.0 allows remote unauthenticated attackers to execute arbitrary SQL commands via the (1) username or (2) password
Multiple SQL injection vulnerabilities in EasyVirt DCScope <= 8.6.0 and CO2Scope <= 1.3.0 allows remote authenticated attackers, with low privileges, to (1) add an admin user via the /api/user/addalia
Multiple incorrect access control issues in EasyVirt DCScope <= 8.6.0 and CO2Scope <= 1.3.0 allows remote authenticated attackers, with low privileges, to (1) add an admin user via the /api/user/addal
Code Injection vulnerability in EasyVirt DCScope <= 8.6.0 and CO2Scope <= 1.3.0 allows remote unauthenticated attackers to execute arbitrary code to /api/license/sendlicense/.
Multiple Code Injection vulnerabilities in EasyVirt DC NetScope <= 8.7.0 allows remote authenticated attackers to execute arbitrary code via the (1) lang parameter to /international/keyboard/options;
SQL Injection in download student learning course function of Easytest Online Test Platform ver.24E01 and earlier allow remote attackers to execute arbitrary SQL commands via the uid parameter.
EasyFlow .NET and EasyFlow AiNet developed by Digiwin has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read database contents.
SQL Injection in download class learning course function of Easytest Online Test Platform ver.24E01 and earlier allow remote attackers to execute arbitrary SQL commands via the cstr parameter.
eNdonesia Portal 8.7 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through parameters in mod.php. At
A vulnerability was found in Quantico Tecnologia PRMV 6.48. It has been classified as critical. This affects an unknown part of the file /admin/login.php of the component Login Endpoint. The manipulat
A SQL injection vulnerability exists in the St. Joe ERP system ("圣乔ERP系统") that allows unauthenticated remote attackers to execute arbitrary SQL commands via crafted HTTP POST requests to the login en
Multiple cross-site scripting (XSS) vulnerabilities in EasyVirt DC NetScope <= 8.6.4 allow remote attackers to inject arbitrary JavaScript or HTML code via the (1) smtp_server, (2) smtp_account, (3) s
A CWE-89 "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')" in maxprofile/menu/model.lua (editUserMenu endpoint) in Q-Free MaxTime less than or equal to version 2.1
A SQL Injection vulnerability has been identified in EPICOR Prophet 21 (P21) up to 23.2.5232. This vulnerability allows authenticated remote attackers to execute arbitrary SQL commands through unsanit
A SQL injection vulnerability in SUNNET Corporate Training Management System before 10.11 allows remote attackers to execute arbitrary SQL commands.
SQL Injection in download personal learning course function of Easytest Online Test Platform ver.24E01 and earlier allow remote authenticated users to execute arbitrary SQL commands via the uid parame
A vulnerability was identified in Das Parking Management System 停车场管理系统 6.2.0. This affects the function xp_cmdshell of the file ParkingRecord/ExportParkingRecords of the component API Endpoint. The m
eNdonesia Portal 8.7 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through parameters in mod.php. At
Page 1+ Next →