SQL - CVE CyberSecurity Database News (Page 38)

May 30, 2024 SQL PHP

CVE-2024-35350 - SQL Injection Vulnerability in Diño Physics School Assistant 2.3 — Exploit Details & Remediation

--- In June 2024, a critical vulnerability was discovered in the Diño Physics School Assistant, version 2.3, putting school records and sensitive academic data

May 30, 2024 SQL PHP

CVE-2024-35349 - Critical SQL Injection in Diño Physics School Assistant 2.3 – Full Exploit & Analysis

In June 2024, security researchers identified a dangerous SQL Injection vulnerability in Diño Physics School Assistant, version 2.3. The flaw affects the /admin/category/

May 27, 2024 Exploit SQL PHP

CVE-2024-36428 - Understanding and Exploiting the OrangeHRM 3.3.3 SQL Injection via admin/viewProjects sortOrder

In June 2024, a new SQL Injection vulnerability—CVE-2024-36428—was disclosed in the open-source human resource management platform OrangeHRM version 3.3.3. This vulnerability

May 24, 2024 RCE SQL PHP

CVE-2024-35374 - Remote Code Execution in Mocodo Online via Unsanitized `sql_case` Input

A critical security vulnerability, CVE-2024-35374, has been identified in Mocodo Online, affecting version 4.2.6 and below. This flaw allows attackers to perform remote

May 23, 2024 API Exploit SQL Java PHP

CVE-2024-35091 - Exploiting SQL Injection in J2EEFAST v2.7. via the `findPage` Function

In June 2024, a serious SQL injection vulnerability dubbed CVE-2024-35091 was disclosed for the open-source enterprise rapid development framework J2EEFAST version 2.7.. This bug