CVE-2022-25880

Delta Electronics DIAEnergie All versions prior to 1.8.02.004 has a blind SQL injection vulnerability exists in HandlerTagKID.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands...

GLPI SQL注入漏洞

GLPI is an open source IT and asset management software for individual developers. The software provides a full-featured IT resource management interface that you can use to build databases to fully manage IT computers, monitors, servers, printers, network devices, phones, and even toner and ink...

Sourcecodester Online Project Time Management System SQL注入漏洞

Sourcecodester Online Project Time Management System is a web-based online project time management system that provides an online platform for a company's employees to report/record their assigned time or the time each project is resubmitted. sourcecodester Online Project Time Management System i...

Simple Membership System SQL注入漏洞

Simple Membership System is a simple membership system for Razormist individual developers. A security vulnerability exists in Simple Membership System that originates from allowing arbitrary SQL commands to be executed via the username and password parameters...

Apache Log4j 代码问题漏洞

Apache Log4j is a Java-based open source logging tool from the Apache Foundation. Apache log4j Chainsaw is vulnerable to deserialized code execution. The vulnerability stems from insufficient cleanup of user-supplied data in JDBCAppender in a non-default configuration with JDBCAppender enabled. A...

Dalmark Systems Systeam SQL注入漏洞

Dalmark Systems Systeam is an Erp system from Dalmark Systems in Brazil. Dalmark Systems Systeam has a security vulnerability that stems from the fact that the Systeam application is an ERP system that uses a hybrid architecture based on SaaS tenant and user management, as well as an on-premise...

Siemens SINEC NMS SQL注入漏洞

SINEC NMS is a network management system used by Siemens to monitor and manage industrial networks.A SQL injection vulnerability exists in versions prior to SINEC NMS 1.0 SP2 Update 1, which stems from the lack of validation and escaping of SQL parameter statements. An attacker could use this...

DOYO SQL注入漏洞

DOYO doyocms is a PHP-based open source content management system CMS. A SQL injection vulnerability exists in admin.php of DOYO CMS 2.3, which can be exploited by an attacker to execute arbitrary SQL commands via the orders parameter...

The vulnerability of the Zabbix universal monitoring system, related to improper cleaning of user data in the “hostinventoriesoverview.php” script, allows a hacker to execute arbitrary SQL commands.

The vulnerability of the Zabbix universal monitoring system is related to improper cleaning of user data in the script “hostinventoriesoverview.php”. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL commands by sending specially crafted queries remotely...

CVE-2021-32590

Multiple improper neutralization of special elements used in an SQL command vulnerabilities in FortiPortal 6.0.0 through 6.0.4, 5.3.0 through 5.3.5, 5.2.0 through 5.2.5, and 4.2.2 and earlier may allow an attacker with regular user's privileges to execute arbitrary commands on the underlying SQL...

Command execution vulnerability in tpAdmin

tpadmin is an administration backend based on ThinkPHP 5.0 official version and Hui.admin v2.5. A command execution vulnerability exists in tpAdmin. An attacker can exploit the vulnerability to execute database commands...

PT-2021-14137 · Unknown · Paid Memberships Pro

Name of the Vulnerable Software and Affected Versions: Paid Memberships Pro versions prior to 2.5.6 Description: The issue allows remote authenticated attackers to execute arbitrary SQL commands via unspecified vectors. This can be exploited by attackers to manipulate database queries, potentiall...

OpenEMR SQL注入漏洞

OpenEMR is a medical practice management software that also supports electronic medical records EMR. A SQL injection vulnerability exists in interface/reports/immunizationreport.php in OpenEMR versions prior to 5.0.2.5. A remote authenticated attacker can exploit this vulnerability to execute...

Teachers Record Management System SQL Injection Vulnerability

A SQL injection vulnerability exists in Teachers Record Management System that stems from a database-based application that lacks validation of externally entered SQL statements. An attacker can exploit this vulnerability to execute illegal SQL commands...

The vulnerability of the WP_Query function (wp-includes/class-wp-query.php) in the WordPress content management system allows a hacker to execute arbitrary SQL commands.

The vulnerability of the WPQuery function wp-includes/class-wp-query.php in the WordPress content management system is related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL commands remotely...

AudimexEE SQL Injection Vulnerability

AudimexEE is a system for audit management from Audimex AG, Germany. The system meets complex audit processes around the company's business, supports customization for use and is deployed platform-independently. A SQL injection vulnerability exists in the Documents component of AudimexEE versions...

mysql-connector-java: allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors which could result in unauthorized update, insert or delete

A flaw was found in the mysql-connector-java package. A complicated attack against the mysql Connector/J allows attackers on the local network to interfere with a user's connection and insert unauthorized SQL commands...

Gambio GX SQL Injection Vulnerability

Gambio GX is a suite of e-commerce platforms from Gambio Germany. A SQL injection vulnerability exists in the admin/mobile.php file in Gambio GX versions prior to 4.0.1.0. The vulnerability stems from a lack of validation of externally entered SQL statements in database-based applications. An...

Mitsubishi Electric MC Works64 and MC Works32 Code Injection Vulnerability

The Mitsubishi Electric MC Works64 and MC Works32 are both data acquisition and monitoring systems SCADA from Mitsubishi Electric Japan. A code injection vulnerability exists in Mitsubishi Electric MC Works64 version 4.02C 10.95.208.31 and earlier versions, and MC Works32 version 3.00A 9.50.255.0...

Blind SQL Injection Vulnerability in Joomla! com_content

Joomla! is an open source, cross-platform content management system CMS developed using PHP and MySQL. A security vulnerability exists in Joomla! comcontent. An attacker can exploit the vulnerability to execute illegal SQL commands...