CVE-2024-36428 - Understanding and Exploiting the OrangeHRM 3.3.3 SQL Injection via admin/viewProjects sortOrder
In June 2024, a new SQL Injection vulnerability—CVE-2024-36428—was disclosed in the open-source human resource management platform OrangeHRM version 3.3.3. This vulnerability
CVE-2024-35374 - Remote Code Execution in Mocodo Online via Unsanitized `sql_case` Input
A critical security vulnerability, CVE-2024-35374, has been identified in Mocodo Online, affecting version 4.2.6 and below. This flaw allows attackers to perform remote
CVE-2024-35090 - Exploiting SQL Injection in J2EEFAST v2.7.’s SysUreportFileMapper.xml
In June 2024, a dangerous SQL injection vulnerability, now designated CVE-2024-35090, was disclosed in J2EEFAST v2.7.. This issue affects the findPage function defined in
CVE-2024-35091 - Exploiting SQL Injection in J2EEFAST v2.7. via the `findPage` Function
In June 2024, a serious SQL injection vulnerability dubbed CVE-2024-35091 was disclosed for the open-source enterprise rapid development framework J2EEFAST version 2.7.. This bug
CVE-2024-34936 - SQL Injection in Campcodes Complete Web-Based School Management System 1. (`/view/event1.php` via `month` Parameter)
CVE-2024-34936 is a critical SQL injection vulnerability discovered in the popular Campcodes Complete Web-Based School Management System version 1.. The flaw exists in the /view/
Episode
00:00:00
00:00:00