Lucene search
K

47 matches found

BDU FSTEC
BDU FSTEC
added 2025/02/26 12:0 a.m.7 views

The vulnerability of the WP Sessions Time Monitoring full-automatic content management system plugin allows attackers to execute arbitrary SQL queries.

The vulnerability of the WP Sessions Time Monitoring full-automatic content management system for WordPress exists due to the lack of security measures taken to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL queries remotely...

9.3CVSS5.9AI score0.0106EPSS
Exploits1References4Affected Software1
BDU FSTEC
BDU FSTEC
added 2024/12/25 12:0 a.m.8 views

The vulnerability of the Multi-Factor Authentication component of the pgAdmin database management tool allows a malicious individual to gain unauthorized access to the application and execute arbitrary SQL code.

The vulnerability of the Multi-Factor Authentication component of the pgAdmin database management tool exists due to incorrect implementation of multi-factor authentication. Exploiting this vulnerability can allow an attacker to gain unauthorized access to the application and execute arbitrary SQ...

7.4CVSS7.6AI score0.00629EPSS
Exploits0References7Affected Software4
Positive Technologies
Positive Technologies
added 2024/12/10 12:0 a.m.3 views

PT-2024-9375 · Ivanti · Ivanti Cloud Services Appliance

Name of the Vulnerable Software and Affected Versions: Ivanti Cloud Services Appliance versions prior to 5.0.3 Description: The issue is related to a lack of protection against SQL query structure exploitation in the admin web console of Ivanti Cloud Services Appliance. This allows a remote...

10CVSS9.5AI score0.23598EPSS
Exploits0References14
Positive Technologies
Positive Technologies
added 2024/11/06 12:0 a.m.8 views

PT-2024-7743 · Cisco · Cisco Nexus Dashboard Fabric Controller

Name of the Vulnerable Software and Affected Versions: Cisco Nexus Dashboard Fabric Controller NDFC affected versions not specified Description: A vulnerability in the REST API endpoint and web-based management interface of Cisco Nexus Dashboard Fabric Controller NDFC could allow an authenticated...

9CVSS8.3AI score0.00772EPSS
Exploits0References14
BDU FSTEC
BDU FSTEC
added 2024/03/26 12:0 a.m.7 views

The vulnerability of the Advantech WebAccess remote monitoring software lies in the lack of security measures for SQL query structures, allowing attackers to execute arbitrary SQL queries against the database.

The vulnerability of the Advantech WebAccess remote monitoring software lies in the lack of security measures for SQL query structures. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL queries against the database remotely...

6.4CVSS6AI score0.003EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2024/01/15 12:0 a.m.9 views

The vulnerability of the Ivanti Endpoint Manager software for managing endpoints in information networks lies in the lack of protective measures for SQL query structures, allowing attackers to execute arbitrary SQL queries against the database.

The vulnerability of the Ivanti Endpoint Manager software for managing endpoints in information networks relates to the lack of security measures regarding SQL query structures. Exploiting this vulnerability allows attackers to execute arbitrary SQL queries against the database...

9.6CVSS8.4AI score0.0997EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2023/11/22 12:0 a.m.11 views

Vulnerability of the edd_ajax_download_search() function (/includes/ajax-functions.php) of the Easy Digital Downloads plugin in the WordPress content management system, allowing a hacker to execute arbitrary SQL queries

The vulnerability of the eddajaxdownloadsearch function /includes/ajax-functions.php in the Easy Digital Downloads plugin of the WordPress content management system is related to the lack of protection for the SQL query structure when processing the “s” parameter. Exploiting this vulnerability...

10CVSS8.1AI score0.11172EPSS
Exploits2References4Affected Software1
Positive Technologies
Positive Technologies
added 2023/11/20 12:0 a.m.6 views

PT-2023-8619 · Xwiki · Xwiki Admin Tools Application

Name of the Vulnerable Software and Affected Versions: XWiki Admin Tools Application versions prior to 4.5.1 Description: A cross-site request forgery issue in the query on XWiki tool allows executing arbitrary database queries on the database of the XWiki installation. This could be used to dama...

10CVSS8.6AI score0.00365EPSS
Exploits0References10
CNNVD
CNNVD
added 2023/11/20 12:0 a.m.5 views

Admin Tools Application Cross-Site Request Forgery Vulnerability

Admin Tools Application is an open source advanced management tool for XWiki from the XWiki Foundation. A cross-site request forgery vulnerability exists in Admin Tools Application versions prior to 4.5.1, which stems from a vulnerability that allows arbitrary database queries to be performed on...

8.8CVSS6.8AI score0.00365EPSS
Exploits0References4
OSV
OSV
added 2022/11/21 11:15 a.m.3 views

CVE-2022-1578

The My wpdb WordPress plugin before 2.5 is missing CSRF check when running SQL queries, which could allow attacker to make a logged in admin run arbitrary SQL query via a CSRF attack...

8.8CVSS5.9AI score0.00425EPSS
Exploits2References1
ATTACKERKB
ATTACKERKB
added 2022/01/11 8:15 p.m.3 views

CVE-2021-43971

A SQL injection vulnerability in /mobile/SelectUsers.jsp in SysAid ITIL 20.4.74 b10 allows a remote authenticated attacker to execute arbitrary SQL commands via the filterText parameter...

8.8CVSS7.7AI score0.01744EPSS
Exploits1References4
BDU FSTEC
BDU FSTEC
added 2021/12/24 12:0 a.m.10 views

The vulnerability of the Apache DolphinScheduler scheduler platform, related to privilege management errors, allows a malicious actor to execute arbitrary SQL queries.

The vulnerability of the Apache DolphinScheduler scheduler platform is related to privilege management errors. Exploiting this vulnerability allows a remote attacker to execute arbitrary SQL queries...

9CVSS8.1AI score0.01861EPSS
Exploits0References5Affected Software1
CNNVD
CNNVD
added 2021/11/22 12:0 a.m.5 views

Advantech R-SeeNet SQL注入漏洞

Advantech R-SeeNet is an industrial monitoring software from Advantech Taiwan. The software is based on the snmp protocol for monitoring platforms and is available for Linux and Windows platforms.Advantech R-SeeNet is vulnerable to SQL injection, which is caused by insufficient cleaning of...

7.7CVSS6.3AI score0.01144EPSS
Exploits1References5
BDU FSTEC
BDU FSTEC
added 2021/10/27 12:0 a.m.5 views

The vulnerability of the information system openSIS, related to the failure to protect the SQL query structure, allows a perpetrator to execute arbitrary SQL queries.

The vulnerability of the information system openSIS is related to the failure to implement measures to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL queries using the index.php USERNAME parameter...

10CVSS8.2AI score0.02876EPSS
Exploits2References4Affected Software1
BDU FSTEC
BDU FSTEC
added 2021/01/28 12:0 a.m.6 views

The vulnerability of the central/executar_login.php component of the Mk-Auth authentication software allows a hacker to execute arbitrary SQL queries against the database.

The vulnerability of the central/executarlogin.php component of the Mk-Auth authentication software is related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL queries against the database in the target...

9.4CVSS8.2AI score0.01137EPSS
Exploits0References4Affected Software1
BDU FSTEC
BDU FSTEC
added 2020/07/21 12:0 a.m.6 views

The vulnerability of the SiTex-Gosuslu development platform’s component, related to insufficient validation of input data, allows for arbitrary queries to be executed against the database.

The vulnerability of the SiTex development platform’s service component is related to insufficient validation of input data. Exploiting this vulnerability could allow a malicious actor to execute arbitrary requests to the database using a specially created POST request...

10CVSS5.8AI score
Exploits0Affected Software1
BDU FSTEC
BDU FSTEC
added 2020/07/21 12:0 a.m.8 views

The vulnerability in the vManage web interface of the software-defined Cisco SD-WAN network allows a attacker to execute arbitrary SQL queries.

The vulnerability in the vManage web interface of the Cisco SD-WAN software exists due to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL queries remotely...

5.5CVSS6.3AI score0.00993EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2020/07/17 12:0 a.m.7 views

The vulnerability of the web interface of the content management software in the Prime Collaboration Provisioning network allows a hacker to execute arbitrary SQL queries.

The vulnerability in the web interface for managing content in the Prime Collaboration Provisioning network involves a lack of measures to protect the SQL query structure. Exploiting this vulnerability allows an attacker to execute arbitrary SQL queries remotely...

8.7CVSS7.2AI score0.00944EPSS
Exploits0References2
OSV
OSV
added 2020/03/10 1:15 p.m.1 views

CVE-2018-14502

controllers/quizzes.php in the Kiboko Chained Quiz plugin before 1.0.9 for WordPress allows remote unauthenticated users to execute arbitrary SQL commands via the 'answer' and 'answers' parameters...

9.8CVSS6.1AI score
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2019/10/09 12:0 a.m.5 views

The vulnerability in the web interface of the software-hardware management interface for Cisco Firepower Management Center allows a malicious actor to execute arbitrary SQL queries.

The vulnerability of the web interface for managing the software-hardware environment of Cisco Firepower Management Center is related to input validation errors. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL queries remotely...

9CVSS5.9AI score0.02965EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder