Veritas Technologies Infoscale Operations Manager SQL注入漏洞

Veritas Technologies Infoscale Operations Manager is a suite of software from Veritas Technologies, Inc. that is used to manage the entire InfoScale deployment. The software provides multi-cluster management, customized interfaces, and centralized audit logging. A SQL injection vulnerability exis...

Apache InLong SQL Injection Vulnerability

Apache InLong is the United States Apache Apache Foundation's one-stop massive data integration framework. Apache InLong suffers from a SQL injection vulnerability. An attacker can exploit the vulnerability to view, add, modify, or delete information in a back-end database...

Apache InLong SQL注入漏洞

Apache InLong is the United States Apache Apache Foundation's one-stop massive data integration framework. Apache InLong suffers from a SQL injection vulnerability. An attacker can exploit the vulnerability to view, add, modify, or delete information in a back-end database...

Simple E-Commerce System SQL注入漏洞

Alphaware Simple E-Commerce System is an e-commerce system by razormist individual developer. A security vulnerability exists in Alphaware Simple E-Commerce System v1.0. An attacker exploited the vulnerability to send commands to the backend database system via /alphaware/details.php?id...

Two Stored XSS in Instructions and User Widget

Stored XSS 1 Description 1 The santinizer founction noxsshtml$html can be bypassed since it missed to ban the tag of in $bannedelements = 'script', 'iframe', 'embed';. By this missing, the logged admin can maliciously inject xss payloads like in the backend database using the point POST...

CVE-2022-41731

IBM Watson Knowledge Catalog on Cloud Pak for Data 4.5.0 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 237402...

Zoho Addresses SQL Injection Vulnerability in ManageEngine Products

Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary A security flaw affecting multiple ManageEngine products identified as CVE-2022-47523 is an SQL injection vulnerability found in the ZOHO’s Password Manager Pro Secure Vault, PAM360 Privileged...

PT-2022-16542 · Unknown · Feathers-Sequelize +1

Name of the Vulnerable Software and Affected Versions: Feathers js library affected versions not specified Description: The issue is related to improper input validation in the Feathers js library, which can lead to a SQL injection attack on the back-end database when the feathers-sequelize packa...

Rockwell Automation Factory Talk VantagePoint 安全漏洞

Rockwell Automation Factory Talk VantagePoint is an advanced industrial application ecosystem from Rockwell Automation, Inc. An access control error vulnerability exists in Rockwell Automation Factory Talk VantagePoint, which stems from improper access control of its FactoryTalk VantagePoint...

CVE-2022-22463

IBM Security Access Manager Appliance 10.0.0.0, 10.0.1.0, 10.0.2.0, and 10.0.3.0 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 22507...

Car Rental Management System SQL注入漏洞

Car Rental Management System is a car rental management system. SQL injection vulnerability exists in Car Rental Management System, which can be exploited by attackers to view, add, modify or delete information in the back-end database...

katello SQL Injection vulnerability

A SQL injection flaw was found in katello's errata-related API. An authenticated remote attacker can craft input data to force a malformed SQL query to the backend database, which will leak internal IDs. This is issue is related to an incomplete fix for CVE-2016-3072. Version 3.10 and older is...

GHSA-JX5V-788G-QW58 katello SQL Injection vulnerability

A SQL injection flaw was found in katello's errata-related API. An authenticated remote attacker can craft input data to force a malformed SQL query to the backend database, which will leak internal IDs. This is issue is related to an incomplete fix for CVE-2016-3072. Version 3.10 and older is...

CVE-2022-22413

IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 223022...

CVE-2022-28059

Verydows v2.0 was discovered to contain an arbitrary file deletion vulnerability via \backend\databasecontroller.php...

CVE-2022-28059

Verydows v2.0 was discovered to contain an arbitrary file deletion vulnerability via \backend\databasecontroller.php...

PT-2022-3654 · Mcafee · Epolicy Orchestrator (Epo) Extension Of Ma

Name of the Vulnerable Software and Affected Versions: ePolicy Orchestrator ePO extension of MA versions prior to 5.7.6 Description: A blind SQL injection issue exists in the ePolicy Orchestrator ePO extension of MA, related to the failure to neutralize special elements used in SQL queries. This...

PT-2022-15510 · Sap · Sap Netweaver As Abap

Name of the Vulnerable Software and Affected Versions: SAP NetWeaver AS ABAP Workplace Server versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 787 Description: The issue allows an attacker to execute crafted database queries, potentially exposing the backend database. Successf...

CVE-2021-41609

SQL injection in the ID parameter of the UploadedImageDisplay.aspx endpoint of SelectSurvey.NET before 5.052.000 allows a remote, unauthenticated attacker to retrieve data from the application's backend database via boolean-based blind and UNION injection...

CVE-2021-44161

Changing MOTP Mobile One Time Password system’s specific function parameter has insufficient validation for user input. A attacker in local area network can perform SQL injection attack to read, modify or delete backend database without authentication...