13139 matches found
PT-2025-50504
Name of the Vulnerable Software and Affected Versions WBCE CMS versions prior to 1.6.5 Description WBCE CMS is a content management system. Versions 1.6.4 and below contain a flaw in the user management module that allows a low-privileged authenticated user with user modification permissions to...
GHSA-898V-775G-777C Neuron MySQLWriteTool allows arbitrary/destructive SQL when exposed to untrusted prompts (agent “footgun”)
Impact MySQLWriteTool executes arbitrary SQL provided by the caller using PDO::prepare + execute without semantic restrictions. This is consistent with the name “write tool”, but in an LLM/agent context it becomes a high-risk capability: prompt injection or indirect prompt manipulation can cause...
CVE-2025-12819
Untrusted search path in authquery connection handler in PgBouncer before 1.25.1 allows an unauthenticated attacker to execute arbitrary SQL during authentication via a malicious searchpath parameter in the StartupMessage...
CVE-2025-12819
CVE-2025-12819 affects PgBouncer; untrusted search path in the auth_query startup handling allows an unauthenticated attacker to run arbitrary SQL during authentication via a malicious search_path. Affected: PgBouncer
PgBouncer 安全漏洞
PgBouncer is an open source lightweight connection pool for PostgreSql from the PgBouncer community. A security vulnerability exists in PgBouncer versions prior to 1.25.1, which stems from an untrusted search path in the authquery connection handler, and could allow an unauthorized attacker to...
CVE-2025-65896
SQL injection vulnerability in long2ice assyncmy thru 0.2.10 allows attackers to execute arbitrary SQL commands via crafted dict keys...
PHPGurukul Billing System 安全漏洞
Billing System is a billing system. The Billing System suffers from a SQL injection vulnerability that originates when the username parameter in the admin/index.php endpoint is spliced directly into a back-end SQL query without validation. An attacker can exploit this vulnerability by submitting ...
CVE-2025-65896
SQL injection vulnerability in long2ice assyncmy thru 0.2.10 allows attackers to execute arbitrary SQL commands via crafted dict keys...
PT-2025-48019
A SQL injection vulnerability has been identified in bwdpi. A remote, authenticated attacker could leverage this vulnerability to potentially execute arbitrary SQL queries, leading to unauthorized data access. Refer to the 'Security Update for ASUS Router Firmware' section on the ASUS Security...
EUVD-2025-198260
phpPgAdmin 7.13.0 and earlier contains an incorrect access control vulnerability in sql.php at lines 68-76. The application allows unauthorized manipulation of session variables by accepting user-controlled parameters 'subject', 'server', 'database', 'queryid' without proper validation or access...
CVE-2025-60797
phpPgAdmin 7.13.0 and earlier contains a SQL injection vulnerability in dataexport.php at line 118. The application directly executes user-supplied SQL queries from the $REQUEST'query' parameter without any sanitization or parameterization via $data-conn-Execute$REQUEST'query'. An authenticated...
CVE-2025-60798
phpPgAdmin 7.13.0 and earlier contains a SQL injection vulnerability in display.php at line 396. The application passes user-controlled input from $REQUEST'query' directly to the browseQuery function without proper sanitization. An authenticated attacker can exploit this vulnerability to execute...
CVE-2025-60797
phpPgAdmin 7.13.0 and earlier contains a SQL injection vulnerability in dataexport.php at line 118. The application directly executes user-supplied SQL queries from the $REQUEST'query' parameter without any sanitization or parameterization via $data-conn-Execute$REQUEST'query'. An authenticated...
GHSA-FXM2-CMWJ-QVX4 phpMyFAQ has Authenticated SQL Injection in Configuration Update Functionality
Summary An authenticated SQL injection vulnerability in the main configuration update functionality of phpMyFAQ v4.0.13 and prior allows a privileged user with 'Configuration Edit' permissions to execute arbitrary SQL commands. Successful exploitation can lead to a full compromise of the database...
EUVD-2025-44043
An improper privilege management vulnerability was found in Looker Studio. It impacted all JDBC-based connectors. A Looker Studio user with report view access could make a copy of the report and execute arbitrary SQL that would run on the data source database due to the stored credentials attache...
CVE-2025-12405 Unauthorized access through stored credentials in Looker Studio
An improper privilege management vulnerability was found in Looker Studio. It impacted all JDBC-based connectors. A Looker Studio user with report view access could make a copy of the report and execute arbitrary SQL that would run on the data source database due to the stored credentials attache...
CVE-2025-12405 Unauthorized access through stored credentials in Looker Studio
An improper privilege management vulnerability was found in Looker Studio. It impacted all JDBC-based connectors. A Looker Studio user with report view access could make a copy of the report and execute arbitrary SQL that would run on the data source database due to the stored credentials attache...
CVE-2025-63718
The CVE-2025-63718 entry describes a SQL injection in SourceCodester PQMS 1.0 at api_patient_schedule.php, where the appointmentID parameter is not properly sanitized, enabling arbitrary SQL commands. This is evidenced across multiple connected sources (e.g., Red Hat, EUVD, NVD/CVE records, CNVD,...
CVE-2025-64114
ClipBucket v5 is an open source video sharing platform. Versions 5.5.2 - 151 and below allow authenticated administrators with plugin management privileges to execute arbitrary SQL commands against the database through its ClipBucket Custom Fields plugin. The vulnerabilities require the Custom...
EUVD-2025-37959
ClipBucket v5 is an open source video sharing platform. Versions 5.5.2 - 151 and below allow authenticated administrators with plugin management privileges to execute arbitrary SQL commands against the database through its ClipBucket Custom Fields plugin. The vulnerabilities require the Custom...