47 matches found
The vulnerability of the WP Sessions Time Monitoring full-automatic content management system plugin allows attackers to execute arbitrary SQL queries.
The vulnerability of the WP Sessions Time Monitoring full-automatic content management system for WordPress exists due to the lack of security measures taken to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL queries remotely...
The vulnerability of the Multi-Factor Authentication component of the pgAdmin database management tool allows a malicious individual to gain unauthorized access to the application and execute arbitrary SQL code.
The vulnerability of the Multi-Factor Authentication component of the pgAdmin database management tool exists due to incorrect implementation of multi-factor authentication. Exploiting this vulnerability can allow an attacker to gain unauthorized access to the application and execute arbitrary SQ...
PT-2024-9375 · Ivanti · Ivanti Cloud Services Appliance
Name of the Vulnerable Software and Affected Versions: Ivanti Cloud Services Appliance versions prior to 5.0.3 Description: The issue is related to a lack of protection against SQL query structure exploitation in the admin web console of Ivanti Cloud Services Appliance. This allows a remote...
PT-2024-7743 · Cisco · Cisco Nexus Dashboard Fabric Controller
Name of the Vulnerable Software and Affected Versions: Cisco Nexus Dashboard Fabric Controller NDFC affected versions not specified Description: A vulnerability in the REST API endpoint and web-based management interface of Cisco Nexus Dashboard Fabric Controller NDFC could allow an authenticated...
The vulnerability of the Advantech WebAccess remote monitoring software lies in the lack of security measures for SQL query structures, allowing attackers to execute arbitrary SQL queries against the database.
The vulnerability of the Advantech WebAccess remote monitoring software lies in the lack of security measures for SQL query structures. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL queries against the database remotely...
The vulnerability of the Ivanti Endpoint Manager software for managing endpoints in information networks lies in the lack of protective measures for SQL query structures, allowing attackers to execute arbitrary SQL queries against the database.
The vulnerability of the Ivanti Endpoint Manager software for managing endpoints in information networks relates to the lack of security measures regarding SQL query structures. Exploiting this vulnerability allows attackers to execute arbitrary SQL queries against the database...
Vulnerability of the edd_ajax_download_search() function (/includes/ajax-functions.php) of the Easy Digital Downloads plugin in the WordPress content management system, allowing a hacker to execute arbitrary SQL queries
The vulnerability of the eddajaxdownloadsearch function /includes/ajax-functions.php in the Easy Digital Downloads plugin of the WordPress content management system is related to the lack of protection for the SQL query structure when processing the “s” parameter. Exploiting this vulnerability...
PT-2023-8619 · Xwiki · Xwiki Admin Tools Application
Name of the Vulnerable Software and Affected Versions: XWiki Admin Tools Application versions prior to 4.5.1 Description: A cross-site request forgery issue in the query on XWiki tool allows executing arbitrary database queries on the database of the XWiki installation. This could be used to dama...
Admin Tools Application Cross-Site Request Forgery Vulnerability
Admin Tools Application is an open source advanced management tool for XWiki from the XWiki Foundation. A cross-site request forgery vulnerability exists in Admin Tools Application versions prior to 4.5.1, which stems from a vulnerability that allows arbitrary database queries to be performed on...
CVE-2022-1578
The My wpdb WordPress plugin before 2.5 is missing CSRF check when running SQL queries, which could allow attacker to make a logged in admin run arbitrary SQL query via a CSRF attack...
CVE-2021-43971
A SQL injection vulnerability in /mobile/SelectUsers.jsp in SysAid ITIL 20.4.74 b10 allows a remote authenticated attacker to execute arbitrary SQL commands via the filterText parameter...
The vulnerability of the Apache DolphinScheduler scheduler platform, related to privilege management errors, allows a malicious actor to execute arbitrary SQL queries.
The vulnerability of the Apache DolphinScheduler scheduler platform is related to privilege management errors. Exploiting this vulnerability allows a remote attacker to execute arbitrary SQL queries...
Advantech R-SeeNet SQL注入漏洞
Advantech R-SeeNet is an industrial monitoring software from Advantech Taiwan. The software is based on the snmp protocol for monitoring platforms and is available for Linux and Windows platforms.Advantech R-SeeNet is vulnerable to SQL injection, which is caused by insufficient cleaning of...
The vulnerability of the information system openSIS, related to the failure to protect the SQL query structure, allows a perpetrator to execute arbitrary SQL queries.
The vulnerability of the information system openSIS is related to the failure to implement measures to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL queries using the index.php USERNAME parameter...
The vulnerability of the central/executar_login.php component of the Mk-Auth authentication software allows a hacker to execute arbitrary SQL queries against the database.
The vulnerability of the central/executarlogin.php component of the Mk-Auth authentication software is related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL queries against the database in the target...
The vulnerability of the SiTex-Gosuslu development platform’s component, related to insufficient validation of input data, allows for arbitrary queries to be executed against the database.
The vulnerability of the SiTex development platform’s service component is related to insufficient validation of input data. Exploiting this vulnerability could allow a malicious actor to execute arbitrary requests to the database using a specially created POST request...
The vulnerability in the vManage web interface of the software-defined Cisco SD-WAN network allows a attacker to execute arbitrary SQL queries.
The vulnerability in the vManage web interface of the Cisco SD-WAN software exists due to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL queries remotely...
The vulnerability of the web interface of the content management software in the Prime Collaboration Provisioning network allows a hacker to execute arbitrary SQL queries.
The vulnerability in the web interface for managing content in the Prime Collaboration Provisioning network involves a lack of measures to protect the SQL query structure. Exploiting this vulnerability allows an attacker to execute arbitrary SQL queries remotely...
CVE-2018-14502
controllers/quizzes.php in the Kiboko Chained Quiz plugin before 1.0.9 for WordPress allows remote unauthenticated users to execute arbitrary SQL commands via the 'answer' and 'answers' parameters...
The vulnerability in the web interface of the software-hardware management interface for Cisco Firepower Management Center allows a malicious actor to execute arbitrary SQL queries.
The vulnerability of the web interface for managing the software-hardware environment of Cisco Firepower Management Center is related to input validation errors. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL queries remotely...