182 matches found
CVE-2023-36968
A SQL Injection vulnerability detected in Food Ordering System v1.0 allows attackers to run commands on the database by sending crafted SQL queries to the ID parameter...
CVE-2023-36968
A SQL Injection vulnerability detected in Food Ordering System v1.0 allows attackers to run commands on the database by sending crafted SQL queries to the ID parameter...
CVE-2023-36968
A SQL Injection vulnerability detected in Food Ordering System v1.0 allows attackers to run commands on the database by sending crafted SQL queries to the ID parameter...
CVE-2023-32115
An attacker can exploit MDS COMPARE TOOL and use specially crafted inputs to read and modify database commands, resulting in the retrieval of additional information persisted by the system...
Design/Logic Flaw
An attacker can exploit MDS COMPARE TOOL and use specially crafted inputs to read and modify database commands, resulting in the retrieval of additional information persisted by the system...
CVE-2023-32115
CVE-2023-32115 affects SAP MDS COMPARE TOOL, where an attacker can use specially crafted inputs to trigger a SQL injection in MDS COMPARE TOOL, allowing reading and modifying database commands and exposing additional persisted information. The issue is documented across multiple feeds (NVD, Red H...
CVE-2023-32115 SQL Injection in Master Data Synchronization (MDS COMPARE TOOL)
An attacker can exploit MDS COMPARE TOOL and use specially crafted inputs to read and modify database commands, resulting in the retrieval of additional information persisted by the system...
CVE-2023-32115 SQL Injection in Master Data Synchronization (MDS COMPARE TOOL)
An attacker can exploit MDS COMPARE TOOL and use specially crafted inputs to read and modify database commands, resulting in the retrieval of additional information persisted by the system...
PT-2023-23623 · Unknown · Mds Compare Tool
Name of the Vulnerable Software and Affected Versions: MDS COMPARE TOOL affected versions not specified Description: An attacker can exploit the system and use specially crafted inputs to read and modify database commands, resulting in the retrieval of additional information persisted by the...
PT-2023-9508 · Openlink +4 · Openlink Virtuoso-Opensource +4
Name of the Vulnerable Software and Affected Versions: openlink virtuoso-opensource version 7.2.9 Description: The issue in the sinv check exp component of openlink virtuoso-opensource is related to the improper neutralization of special elements used in SQL commands. This can allow a remote...
PT-2023-3265 · Glpi +2 · Glpi +2
Name of the Vulnerable Software and Affected Versions: GLPI versions 10.0.0 through 10.0.6 Description: The issue is related to insufficient cleaning of user data in the GLPI inventory endpoint, allowing an unauthenticated user to send a specially crafted request to the vulnerable application and...
CVE-2023-25432
An issue was discovered in Online Reviewer Management System v1.0. There is a SQL injection that can directly issue instructions to the background database system via reviewer0/admins/assessments/course/course-update.php...
CVE-2023-25432
An issue was discovered in Online Reviewer Management System v1.0. There is a SQL injection that can directly issue instructions to the background database system via reviewer0/admins/assessments/course/course-update.php...
PT-2023-20058 · Unknown · Online Reviewer Management System
Name of the Vulnerable Software and Affected Versions: Online Reviewer Management System version 1.0 Description: An issue was discovered in the Online Reviewer Management System, where a SQL injection can directly issue instructions to the background database system via the "reviewer...
CVE-2021-36503
SQL injection vulnerability in native-php-cms 1.0 allows remote attackers to run arbitrary SQL commands via the cat parameter to /list.php file...
The vulnerability in the virtual learning environment Moodle, related to insufficient cleaning of user data, allows a hacker to execute arbitrary SQL commands.
The vulnerability in the virtual training environment Moodle is related to insufficient cleaning of user data on the “browse list of users” page of the administration site. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL commands by sending a specially created quer...
CVE-2022-36257
A SQL injection vulnerability in UserDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via the parameters such as "users", "pass", etc...
Exment SQL注入漏洞
Exment is simple, easy, lightweight and free web database. A security vulnerability exists in Exment PHP8 v5.0.2 and earlier, laravel-admin v3.0.0 and earlier, and exment PHP7 v4.4.2 and earlier, which can be exploited by attackers to execute arbitrary SQL commands...
ChurchCRM SQL注入漏洞
ChurchCRM is an open source CRM system for churches. A security vulnerability exists in ChurchCRM versions 2.0.0 through 4.4.5. An attacker exploits the vulnerability to issue arbitrary SQL commands to the database by using unprocessed ENtyid, ID, and EID fields...
Fortinet FortiNAC SQL注入漏洞
Fortinet FortiNAC is a network access control solution from Fortinet, Inc. Fortinet FortiNAC versions 8.3.7 through 9.2.2 are vulnerable to SQL injection, a vulnerability that originates when user-provided data is not sufficiently cleaned and can be exploited to send ad-hoc requests to affected...