13176 matches found
CVE-2024-7871
SQL Injection in online dictionary function of Easytest Online Test Platform ver.24E01 and earlier allow remote authenticated users to execute arbitrary SQL commands via the word parameter...
CVE-2024-43772
SQL Injection in download student learning course function of Easytest Online Test Platform ver.24E01 and earlier allow remote attackers to execute arbitrary SQL commands via the uid parameter...
CVE-2024-43776 Huachu Easytest Online Learning Test Platform - SQL Injection
SQL Injection in mock exam function of Easytest Online Test Platform ver.24E01 and earlier allow remote authenticated users to execute arbitrary SQL commands via the qlevel parameter...
CVE-2024-43776
This CVE (CVE-2024-43776) concerns a SQL Injection vulnerability in the mock exam function of Easytest Online Test Platform, version 24E01 and earlier. The flaw allows remote authenticated users to execute arbitrary SQL via the qlevel parameter. Affected component: mock exam function; underlying ...
CVE-2024-43775
The CVE-2024-43775 affects Easytest Online Test Platform versions 24E01 and earlier. The vulnerability is a SQL Injection in the search course titles function, exploitable by remote authenticated users through the search parameter, enabling arbitrary SQL commands. Evidence from multiple sources c...
CVE-2024-43774 Huachu Easytest Online Learning Test Platform - SQL Injection
SQL Injection in download personal learning course function of Easytest Online Test Platform ver.24E01 and earlier allow remote authenticated users to execute arbitrary SQL commands via the uid parameter...
CVE-2024-43773 Huachu Easytest Online Learning Test Platform - SQL Injection
SQL Injection in download class learning course function of Easytest Online Test Platform ver.24E01 and earlier allow remote attackers to execute arbitrary SQL commands via the cstr parameter...
CVE-2024-43773 Huachu Easytest Online Learning Test Platform - SQL Injection
SQL Injection in download class learning course function of Easytest Online Test Platform ver.24E01 and earlier allow remote attackers to execute arbitrary SQL commands via the cstr parameter...
CVE-2024-43773
CVE-2024-43773 affects Easytest Online Test Platform versions 24E01 and earlier. The vulnerability is a SQL injection in the download class learning course function, exploitable via the cstr parameter, enabling remote attackers to execute arbitrary SQL commands. Impact details are described as po...
CVE-2024-43772
The Easytest Online Test Platform (Huachu) contains an SQL injection in the download student learning course function, exploitable via the uid parameter in versions prior to 24E01. Impact: remote arbitrary SQL execution and potential data access/modification. Mitigation: upgrade to version 24E01 ...
CVE-2024-43772 Huachu Easytest Online Learning Test Platform - SQL Injection
SQL Injection in download student learning course function of Easytest Online Test Platform ver.24E01 and earlier allow remote attackers to execute arbitrary SQL commands via the uid parameter...
CVE-2024-43772 Huachu Easytest Online Learning Test Platform - SQL Injection
SQL Injection in download student learning course function of Easytest Online Test Platform ver.24E01 and earlier allow remote attackers to execute arbitrary SQL commands via the uid parameter...
CVE-2024-7871
CVE-2024-7871: SQL Injection in the online dictionary function of Easytest Online Test Platform (versions 24E01 and earlier). Root cause: vulnerable handling of the word parameter enables arbitrary SQL execution by remote authenticated users. Impact notes (from CVSS): high confidentiality, integr...
SQL Injection
centreon/centreon is vulnerable to SQL Injection. The vulnerability is due to improper input validation in the service configuration functionality, which allows attackers to execute arbitrary SQL commands through specially crafted inputs...
postgresql: PostgreSQL relation replacement during pg_dump executes arbitrary SQL
A vulnerability was found in PostgreSQL. A Race condition in pgdump allows an object creator to execute arbitrary SQL functions as the user running pgdump, which is often a superuser...
postgresql: PostgreSQL relation replacement during pg_dump executes arbitrary SQL
A vulnerability was found in PostgreSQL. A Race condition in pgdump allows an object creator to execute arbitrary SQL functions as the user running pgdump, which is often a superuser...
postgresql: PostgreSQL relation replacement during pg_dump executes arbitrary SQL
A vulnerability was found in PostgreSQL. A Race condition in pgdump allows an object creator to execute arbitrary SQL functions as the user running pgdump, which is often a superuser...
Important: postgresql security update
PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: PostgreSQL relation replacement during pgdump executes arbitrary SQL CVE-2024-7348 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other...
ALSA-2024:6018 Important: postgresql:13 security update
PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: PostgreSQL relation replacement during pgdump executes arbitrary SQL CVE-2024-7348 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other...
AlmaLinux 8 : postgresql:15 (ALSA-2024:6001)
The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:6001 advisory. postgresql: PostgreSQL relation replacement during pgdump executes arbitrary SQL CVE-2024-7348 postgresql: PostgreSQL pgstatsext and pgstatsextexprs lack...