CVE-2023-42243

In Selesta Visual Access Manager 4.42.2, an authenticated user can access the administrative page /common/vamSql.php, which allows for arbitrary SQL queries...

SQL Injection

github.com/apache/trafficcontrol is vulnerable to SQL Injection. The vulnerability is due to improper input validation in Traffic Ops, allowing a privileged user with roles such as "admin," "federation," "operations," "portal," or "steering" to execute arbitrary SQL queries through...

Trellix Data Loss Prevention SQL注入漏洞

Trellix Data Loss Prevention Trellix DLP is a data loss prevention solution from American FireEye Trellix. It provides a comprehensive scan of inbound and outbound network traffic for all ports, protocols, etc. Trellix Data Loss Prevention Trellix DLP version 11.11.1.3 suffers from a SQL injectio...

SQL Injection

Funadmin is vulnerable to SQL injection. The vulnerability is due to improper input sanitization in the /curd/table/list endpoint, which allows attackers to inject arbitrary SQL queries into the database...

CVE-2024-47487

There is a SQL injection vulnerability in some HikCentral Professional versions. This could allow an authenticated user to execute arbitrary SQL queries...

CVE-2024-47487

CVE-2024-47487 affects HikCentral Professional. Evidence from connected documents shows a SQL injection vulnerability in HikCentral Professional versions prior to 2.6.0, exploitable by an authenticated user to execute arbitrary SQL queries. The flaw is a remote vulnerability with high impact on c...

The vulnerability in the projets.php script of the SOPlanning CMS system allows a hacker to execute arbitrary SQL queries.

The vulnerability of the projets.php script within the SOPlanning CMS system is related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL queries remotely...

CVE-2023-50347

HCL DRYiCE MyXalytics is impacted by an insecure SQL interface vulnerability, potentially giving an attacker the ability to execute custom SQL queries. A malicious user can run arbitrary SQL commands including changing system configuration...

ROS-20240328-01

GLPI's asset management and data center management software vulnerability is related to the SQL code injection through administration of dashboards. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary SQL queries...

The vulnerability in the sanitize.go component of the PostgreSQL pgx tool set allows a malicious actor to execute arbitrary SQL queries.

The vulnerability in the sanitize.go component of the PostgreSQL pgx tool set is related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows an attacker to execute arbitrary SQL queries remotely...

CVE-2024-25833

F-logic DataCube3 v1.0 is vulnerable to unauthenticated SQL injection, which could allow an unauthenticated malicious actor to execute arbitrary SQL queries in database...

PT-2024-2074 · Unknown · Subrion Cms

Name of the Vulnerable Software and Affected Versions: Subrion CMS version 4.2.1 Description: The issue is related to a potential SQL injection vulnerability in the ia.core.mysqli.php component of the Subrion CMS system. This could allow a remote attacker to execute arbitrary SQL queries. However...

Siemens SINEC NMS SQL Injection Vulnerability (CNVD-2024-09309)

SINEC NMS is a new generation network management system NMS for digital enterprises. Siemens SINEC NMS suffers from a SQL injection vulnerability that can be exploited by an attacker to execute arbitrary SQL queries on the server database...

CVE-2024-23810

A vulnerability has been identified in SINEC NMS All versions V2.0 SP1. The affected application is vulnerable to SQL injection. This could allow an unauthenticated remote attacker to execute arbitrary SQL queries on the server database...

CVE-2024-23810

Siemens SINEC NMS is affected by CVE-2024-23810: all versions prior to 2.0 SP1 are vulnerable to SQL injection in the server database, potentially allowing an unauthenticated attacker to run arbitrary SQL queries. Sources consistently identify this CVE as a SQL-injection issue impacting SINEC NMS...

CVE-2023-39336

An unspecified SQL Injection vulnerability in Ivanti Endpoint Manager released prior to 2022 SU 5 allows an attacker with access to the internal network to execute arbitrary SQL queries and retrieve output without the need for authentication. Under specific circumstances, this may also lead to RC...

CVE-2023-39336

An unspecified SQL Injection vulnerability in Ivanti Endpoint Manager released prior to 2022 SU 5 allows an attacker with access to the internal network to execute arbitrary SQL queries and retrieve output without the need for authentication. Under specific circumstances, this may also lead to RC...

CVE-2023-44088 SQL Injection in Visual Console

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Pandora FMS on all allows SQL Injection. Arbitrary SQL queries were allowed to be executed using any account with low privileges. This issue affects Pandora FMS: from 700 through 774...

Sql injection

A SQL injection vulnerability in Zultys MX-SE, MX-SE II, MX-E, MX-Virtual, MX250, and MX30 with firmware versions prior to 17.0.10 patch 17161 and 16.04 patch 16109 allows an authenticated attacker to execute arbitrary SQL queries on the backend database via the filter parameter in requests to th...

CVE-2023-43743

A SQL injection vulnerability in Zultys MX-SE, MX-SE II, MX-E, MX-Virtual, MX250, and MX30 with firmware versions prior to 17.0.10 patch 17161 and 16.04 patch 16109 allows an authenticated attacker to execute arbitrary SQL queries on the backend database via the filter parameter in requests to th...