CVE-2025-0165

IBM watsonx Orchestrate Cartridge for IBM Cloud Pak for Data 4.8.4, 4.8.5, and 5.0.0 through 5.2.0 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify, or delete information in the back-end database...

CVE-2025-50983

Readarr 0.4.15.2787 exposes a SQL Injection in the sortKey parameter of GET /api/v1/wanted/cutoff. The endpoint fails to sanitize user input, enabling arbitrary SQL execution against the backend SQLite DB. Exploitation was confirmed with sqlmap via stacked queries; a heavy query using SQLite RAND...

📄 PiHome MaxAir Smart Thermostat SQL Injection

A security vulnerability has been identified in the PiHome MaxAir Smart Thermostat system that permits an authenticated attacker to execute arbitrary SQL statements against the backend database. Description: A security vulnerability has been identified in the PiHome MaxAir Smart Thermostat system...

WeGIA SQL注入漏洞

WeGIA is a web manager for welfare organizations. WeGIA suffers from an SQL injection vulnerability that can be exploited by an attacker to view, add, modify, or delete information in the back-end database...

Dmacroweb DM Corporative CMS SQL注入漏洞

Dmacroweb DM Corporative CMS is a content management system from the Spanish company Dmacroweb. Dmacroweb DM Corporative CMS suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter codform in the file...

Dmacroweb DM Corporative CMS SQL注入漏洞

Dmacroweb DM Corporative CMS is a content management system from the Spanish company Dmacroweb. Dmacroweb DM Corporative CMS suffers from a SQL injection vulnerability that originates from a lack of validation of externally entered SQL statements in the parameter name in the file /antcatalogue.as...

DM Corporative CMS SQL注入漏洞

Dmacroweb DM Corporative CMS is a content management system from the Spanish company Dmacroweb. Dmacroweb DM Corporative CMS suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements for the parameters name and cod in file /antbuspre.as...

CVE-2024-29390

Daily Expenses Management System version 1.0, developed by PHP Gurukul, contains a time-based blind SQL injection vulnerability in the 'add-expense.php' page. An attacker can exploit the 'item' parameter in a POST request to execute arbitrary SQL commands in the backend database. This can be done...

CVE-2019-13447

An issue was discovered in Sertek Xpare 3.67. The login form does not sanitize input data. Because of this, a malicious agent could access the backend database via SQL injection...

U.S. Dept Of Defense: SQL Injection via URL

A SQL injection vulnerability was discovered in the website's URL. The vulnerability allowed manipulation of SQL queries executed by the backend database. The vulnerability was demonstrated by changing the sleep value, which resulted in longer or shorter delays in the page loading...

U.S. Dept Of Defense: SQL Injection - entryid parameter in 'formbuilderv2-confirmation.php'

A SQL injection vulnerability was discovered in the 'entryid' parameter of the 'formbuilderv2-confirmation.php' script on the website. The vulnerability allowed for the manipulation of SQL queries executed by the backend database...

DataEase 安全漏洞

DataEase is an open source data visualization and analysis tool from DataEase Open Source. It is used to help users quickly analyze data and gain insights into business trends for business improvement and optimization. A security vulnerability exists in versions prior to DataEase 2.10.9 , which...

CVE-2025-22953

A SQL injection vulnerability exists in Epicor HCM 2021 1.9, with patches available: 5.16.0.1033/HCM2022, 5.17.0.1146/HCM2023, and 5.18.0.573/HCM2024. The injection is specifically in the filter parameter of the JsonFetcher.svc endpoint. An attacker can exploit this vulnerability by injecting...

CVE-2025-22953

A SQL injection vulnerability exists in Epicor HCM 2021 1.9, with patches available: 5.16.0.1033/HCM2022, 5.17.0.1146/HCM2023, and 5.18.0.573/HCM2024. The injection is specifically in the filter parameter of the JsonFetcher.svc endpoint. An attacker can exploit this vulnerability by injecting...

CVE-2024-50706

Unauthenticated SQL injection vulnerability in Uniguest Tripleplay version 23.1+ allows remote attackers to execute arbitrary SQL queries on the backend database...

CVE-2024-50706

Unauthenticated SQL injection vulnerability in Uniguest Tripleplay version 23.1+ allows remote attackers to execute arbitrary SQL queries on the backend database...

CVE-2024-55971

SQL Injection vulnerability in the default configuration of the Logitime WebClock application = 5.43.0 allows an unauthenticated user to run arbitrary code on the backend database server...

CVE-2024-55971

SQL Injection vulnerability in the default configuration of the Logitime WebClock application = 5.43.0 allows an unauthenticated user to run arbitrary code on the backend database server...

IBM Engineering Lifecycle Optimization Publishing SQL注入漏洞

IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 is IBM's software for engineering lifecycle management optimization. A SQL injection vulnerability exists in IBM Engineering Lifecycle Optimization - Publishing. A remote attacker could exploit this vulnerability by sending...

PT-2024-28984 · Ibm · Ibm Infosphere Information Server

Name of the Vulnerable Software and Affected Versions: IBM InfoSphere Information Server version 11.7 Description: The issue allows a remote attacker to send specially crafted SQL statements, potentially enabling them to view, add, modify, or delete information in the back-end database. This is a...