SQL Injection

openlink virtuoso-opensource is vulnerable to SQL Injection. The vulnerability is due to an issue in the stricmp component, allowing attackers to cause a DoS via crafted SQL statements...

CVE-2023-38724

Summary: CVE-2023-38724 affects IBM Cognos Controller versions 10.4.1, 10.4.2, and 11.0.0. The issue is a SQL injection vulnerability that could allow a remote attacker to view, add, modify, or delete data in the back-end database when exploiting crafted SQL statements. The connected/official rem...

CVE-2024-4309

SQL injection vulnerability in HubBank affecting version 1.0.2. This vulnerability could allow an attacker to send a specially crafted SQL query to the database through different endpoints /user/transaction.php?id=1, /user/credit-debittransaction.php?id=1,/user/viewtransaction. php?id=1 and...

CVE-2024-2590

Vulnerability in AMSS++ version 4.31 that allows SQL injection through /amssplus/modules/mail/main/selectsend.php, in the 'sdindex' parameter. This vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all the information stored in the DB...

CVE-2024-2585

Vulnerability in AMSS++ version 4.31 that allows SQL injection through /amssplus/modules/book/main/selectsend2.php, in the 'sdindex' parameter. This vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all the information stored in the DB...

CVE-2024-2591 SQL injection vulnerability in AMSS++

Vulnerability in AMSS++ version 4.31 that allows SQL injection through /amssplus/modules/book/main/bookdetailgroup.php, in multiple parameters. This vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all the information stored in the DB...

CVE-2024-2586 SQL injection vulnerability in AMSS++

Vulnerability in AMSS++ version 4.31 that allows SQL injection through /amssplus/index.php, in the 'username' parameter. This vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all the information stored in the DB...

CVE-2024-2585 SQL injection vulnerability in AMSS++

Vulnerability in AMSS++ version 4.31 that allows SQL injection through /amssplus/modules/book/main/selectsend2.php, in the 'sdindex' parameter. This vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all the information stored in the DB...

CVE-2024-2584 SQL injection vulnerability in AMSS++

Vulnerability in AMSS++ version 4.31 that allows SQL injection through /amssplus/modules/book/main/selectsend.php, in the 'sdindex' parameter. This vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all the information stored in the DB...

CVE-2024-1301

SQL injection vulnerability in Badger Meter Monitool affecting versions 4.6.3 and earlier. A remote attacker could send a specially crafted SQL query to the server via the jusername parameter and retrieve the information stored in the database...

BIT-MYSQL-CLIENT-2022-27378

An issue in the component Createtmptable::finalize of MariaDB Server v10.7 and below was discovered to allow attackers to cause a Denial of Service DoS via specially crafted SQL statements...

CVE-2024-27315 Apache Superset: Improper error handling on alerts

An authenticated user with privileges to create Alerts on Alerts & Reports has the capability to generate a specially crafted SQL statement that triggers an error on the database. This error is not properly handled by Apache Superset and may inadvertently surface in the error log of the Alert...

Apache Superset 信息泄露漏洞

Apache Superset is a data visualization and data exploration platform from the Apache USA Foundation. Apache Superset suffers from a security vulnerability that originates from the ability of an authenticated user to generate specially crafted SQL statements to trigger database errors and expose...

CVE-2022-43842 IBM Aspera Console SQL injection

IBM Aspera Console 3.4.0 through 3.4.2 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 239079...

Hospital Management System SQL Injection Vulnerability

A Hospital Management System HMS is a computerized system that helps manage healthcare-related information and helps healthcare providers do their jobs effectively. Hospital Management System V4.0 and prior versions suffer from a SQL injection vulnerability that stems from the application's lack ...

Security Bulletin: IBM DB2 used by IBM Security Verify Governance has multiple vulnerabilities

Summary IBM Security Verify Governance supports IBM DB2 database. Information about security vulnerabilities affecting IBM DB2 has been published in security bulletins. Vulnerability Details CVEID:CVE-2023-29257 DESCRIPTION: IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server 10.5,...

Apache Superset SQL Injection Vulnerability (CNVD-2024-0102192)

Apache Superset is a data visualization and data exploration platform from the Apache USA Foundation. Apache Superset suffers from a SQL injection vulnerability that can be exploited by an authenticated, remote attacker to send specially crafted SQL statements to the wherein JINJA macro...

CVE-2023-48945

Openlink virtuoso-opensource is vulnerable to stack overflow vulnerability which allows a remote attackers to cause Denial of Service using crafted SQL statements...

PT-2023-7699 · Ibm · Ibm Db2

Name of the Vulnerable Software and Affected Versions: IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server versions 10.5, 11.1, and 11.5 Description: The issue exists due to insufficient input validation in the system, allowing a remote attacker to cause a denial of service with a...

CVE-2023-6411

A vulnerability has been reported in Voovi Social Networking Script that affects version 1.0 and consists of a SQL injection via home.php in the update parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all...