SQL Injection

github.com/openclarity/kubeclarity is vulnerable to SQL Injection. The vulnerability is due to manipulating the packageID parameter in the /api/applicationResources endpoint, where the fmt.Sprintf function is used to build the SQL query string without validating the input. It allows an attacker t...

U.S. Dept Of Defense: Blind Sql Injection in https://████

A SQL injection vulnerability was discovered in the User-Agent parameter of the website "https://██████████/". The vulnerability allowed an attacker to inject SQL commands through the User-Agent HTTP header...

CVE-2024-29174

Dell Data Domain, versions prior to 7.13.0.0, LTS 7.7.5.30, LTS 7.10.1.20 contain an SQL Injection vulnerability. A local low privileged attacker could potentially exploit this vulnerability, leading to the execution of certain SQL commands on the application's backend database causing unauthoriz...

PT-2024-22780 · Dell · Dell Data Domain

Name of the Vulnerable Software and Affected Versions: Dell Data Domain versions prior to 7.13.0.0 Dell Data Domain LTS 7.7.5.30 Dell Data Domain LTS 7.10.1.20 Description: The issue allows a local low privileged attacker to potentially exploit an SQL Injection vulnerability, leading to the...

GHSA-7CRJ-24G3-G7H7 SQL injection in opencart

This affects versions of the package opencart/opencart from 0.0.0. An SQL Injection issue was identified in the Divido payment extension for OpenCart, which is included by default in version 3.0.3.9. As an anonymous unauthenticated user, if the Divido payment module is installed it does not have ...

CVE-2024-21514

CVE-2024-21514 affects opencart/opencart 0.0.0 and specifically the Divido payment extension bundled in OpenCart 3.0.3.9. The issue is an SQL injection vulnerability in the Divido module that an anonymous, unauthenticated user can exploit (even if Divido is not enabled) to gain unauthorized acces...

OpenCart 安全漏洞

OpenCart is an open source online store management system for creating and managing e-commerce websites. It is known for its user-friendliness and flexibility for online stores of different sizes. OpenCart suffers from an SQL injection vulnerability that stems from the presence of an SQL injectio...

PT-2024-18927 · Unknown +1 · Divido Payment Extension +1

Name of the Vulnerable Software and Affected Versions: opencart/opencart versions 0.0.0 through 3.0.3.9 Description: An SQL Injection issue was identified in the Divido payment extension for OpenCart. As an anonymous unauthenticated user, if the Divido payment module is installed, it is possible ...

CVE-2024-29390

Daily Expenses Management System version 1.0, developed by PHP Gurukul, contains a time-based blind SQL injection vulnerability in the 'add-expense.php' page. An attacker can exploit the 'item' parameter in a POST request to execute arbitrary SQL commands in the backend database. This can be done...

CVE-2024-29390

Daily Expenses Management System version 1.0, developed by PHP Gurukul, contains a time-based blind SQL injection vulnerability in the 'add-expense.php' page. An attacker can exploit the 'item' parameter in a POST request to execute arbitrary SQL commands in the backend database. This can be done...

CVE-2024-29390

Daily Expenses Management System version 1.0, developed by PHP Gurukul, contains a time-based blind SQL injection vulnerability in the 'add-expense.php' page. An attacker can exploit the 'item' parameter in a POST request to execute arbitrary SQL commands in the backend database. This can be done...

CVE-2024-29169

Dell SCG, versions prior to 5.22.00.00, contain a SQL Injection Vulnerability in the SCG UI for an internal audit REST API. A remote authenticated attacker could potentially exploit this vulnerability, leading to the execution of certain SQL commands on the application's backend database causing...

CVE-2024-28969

Dell SCG, versions prior to 5.24.00.00, contain an Improper Access Control vulnerability in the SCG exposed for an internal update REST API if enabled by Admin user from UI. A remote low privileged attacker could potentially exploit this vulnerability, leading to the execution of certain APIs...

CVE-2024-28968

Dell SCG, versions prior to 5.24.00.00, contain an Improper Access Control vulnerability in the SCG exposed for internal email and collection settings REST APIs if enabled by Admin user from UI. A remote low privileged attacker could potentially exploit this vulnerability, leading to the executio...

CVE-2024-28969

Dell SCG, versions prior to 5.24.00.00, contain an Improper Access Control vulnerability in the SCG exposed for an internal update REST API if enabled by Admin user from UI. A remote low privileged attacker could potentially exploit this vulnerability, leading to the execution of certain APIs...

CVE-2024-28968

Summary (CVE-2024-28968) Dell SCG (Dell Secure Connect Gateway) versions prior to 5.24.00.00 suffer an Improper Access Control vulnerability in the internal email and collection settings REST APIs (enabled by Admin from UI). A remote, low-privileged attacker could potentially cause execution of A...

CVE-2024-28967

Dell SCG, versions prior to 5.24.00.00, contain an Improper Access Control vulnerability in the SCG exposed for an internal maintenance REST API if enabled by Admin user from UI. A remote low privileged attacker could potentially exploit this vulnerability, leading to the execution of certain API...

CVE-2024-28967

Dell SCG, versions prior to 5.24.00.00, contain an Improper Access Control vulnerability in the SCG exposed for an internal maintenance REST API if enabled by Admin user from UI. A remote low privileged attacker could potentially exploit this vulnerability, leading to the execution of certain API...

CVE-2024-28967

Dell SCG (Secure Connect Gateway) vulnerable to improper access control in versions prior to 5.24.00.00 due to an exposed internal maintenance REST API that, if enabled by an Admin user from the UI, could allow a remote, low-privileged attacker to execute admin-only backend APIs associated with t...

CVE-2024-28966

CVE-2024-28966 affects Dell SCG with versions prior to 5.24.00.00, due to an Improper Access Control vulnerability in an internal update REST API that a Admin UI-enabled function exposes. A remote, low-privileged attacker could access APIs intended for Admin Users on the backend database and pote...