SQL Injection

Django is vulnerable to SQL injection. The vulnerability exists due to the improper handling of untrusted data in the django.db.models.fields.json.HasKey lookup when used with an Oracle database, allowing attackers to execute arbitrary SQL commands...

SQL Injection

github.com/apache/trafficcontrol is vulnerable to SQL Injection. The vulnerability is due to improper input validation in Traffic Ops, allowing a privileged user with roles such as "admin," "federation," "operations," "portal," or "steering" to execute arbitrary SQL queries through...

Trellix Data Loss Prevention SQL注入漏洞

Trellix Data Loss Prevention Trellix DLP is a data loss prevention solution from American FireEye Trellix. It provides a comprehensive scan of inbound and outbound network traffic for all ports, protocols, etc. Trellix Data Loss Prevention Trellix DLP version 11.11.1.3 suffers from a SQL injectio...

CVE-2024-54811

A SQL injection vulnerability in /index.php in PHPGurukul Park Ticketing Management System v1.0 allows an attacker to execute arbitrary SQL commands via the "login" parameter...

CVE-2024-54811

A SQL injection vulnerability in /index.php in PHPGurukul Park Ticketing Management System v1.0 allows an attacker to execute arbitrary SQL commands via the "login" parameter...

CVE-2024-54811

PHPGurukul Park Ticketing Management System v1.0 is affected by a SQL injection in /index.php via the login parameter. Root cause, per connected sources, is lack of input validation/external SQL handling, enabling execution of arbitrary SQL commands. Affected component: /index.php in PHPGurukul P...

CVE-2024-11773

SQL injection in the admin web console of Ivanti CSA before version 5.0.3 allows a remote authenticated attacker with admin privileges to run arbitrary SQL statements...

CVE-2024-11773

Ivanti Cloud Security Appliance (CSA) admin web console prior to 5.0.3 is affected by a SQL injection that can be exploited by a remote authenticated attacker with admin privileges to execute arbitrary SQL statements. The issue is confirmed in CVE-2024-11773; affected product/version is CSA befor...

CVE-2024-11773

SQL injection in the admin web console of Ivanti CSA before version 5.0.3 allows a remote authenticated attacker with admin privileges to run arbitrary SQL statements...

CVE-2024-11773

SQL injection in the admin web console of Ivanti CSA before version 5.0.3 allows a remote authenticated attacker with admin privileges to run arbitrary SQL statements...

CVE-2024-54922

CVE-2024-54922 affects Kashipara E-learning Management System v1.0. A SQL Injection vulnerability exists in the web endpoint/workflow involving the file /admin/edit_user.php, impacting input parameters firstname , lastname , and username . The flaw allows remote attackers to execute arbitrary SQL...

CVE-2024-54931

A SQL Injection was found in /admin/deleteevent.php in kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the id parameter...

CVE-2024-54923

A SQL Injection vulnerability was found in /admin/editteacher.php in kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the department parameter...

CVE-2024-54921

A SQL Injection was found in /studentsignup.php in kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the username, firstname, lastname, and classid parameters...

Astra Linux – Vulnerability in PostgresSQL-15

The Time-of-Check Time-of-Use TOCTOU race condition in pgdump in PostgreSQL allows an object creator to execute arbitrary SQL functions while the user running pgdump is a superuser. The attack involves replacing another relation type with a view or foreign table. The attack requires waiting for...

CVE-2024-50970

A SQL injection vulnerability in orderview1.php of Itsourcecode Online Furniture Shopping Project 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter...

CVE-2024-50971

A SQL injection vulnerability in print.php of Itsourcecode Construction Management System 1.0 allows remote attackers to execute arbitrary SQL commands via the mapid parameter...

CVE-2024-50971

A SQL injection vulnerability in print.php of Itsourcecode Construction Management System 1.0 allows remote attackers to execute arbitrary SQL commands via the mapid parameter...

CVE-2024-50972

CVE-2024-50972 affects Itsourcecode Construction Management System 1.0. A SQL injection flaw exists in printtool.php that allows remote attackers to execute arbitrary SQL commands via the borrow_id parameter. The issue is supported by multiple sources (NVD, Red Hat, CNNVD, PT Security, CIRCL, CVE...

CVE-2024-50972

A SQL injection vulnerability in printtool.php of Itsourcecode Construction Management System 1.0 allows remote attackers to execute arbitrary SQL commands via the borrowid parameter...