PT-2025-22046 · Unknown · Absolute Links

Name of the Vulnerable Software and Affected Versions: Absolute Links versions n/a through 1.1.1 Description: The issue is related to an SQL Injection vulnerability, specifically an Improper Neutralization of Special Elements used in an SQL Command. This allows for Blind SQL Injection, which can ...

The vulnerability of the Authenticate method in software for managing and monitoring remote objects in telemetry and telemechanics systems, allowing a perpetrator to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the Authenticate method in software for managing and monitoring remote objects in telemetry and telemechanics systems related to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to compromise the...

PT-2025-17193 · Quentn Wp · Quentn Wp

Name of the Vulnerable Software and Affected Versions: Quentn WP versions 1.2.8 and earlier Description: The issue is related to an SQL Injection flaw, which is caused by the improper neutralization of special elements used in an SQL command. This allows for SQL Injection attacks. Recommendations...

Azure Linux 3.0 Security Update: vitess (CVE-2024-53257)

The version of vitess installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-53257 advisory. - Vitess is a database clustering system for horizontal scaling of MySQL. The /debug/querylogz and /debug/env...

SAP NetWeaver 缓冲区错误漏洞

SAP NetWeaver is the German SAP SAP company's set of service-oriented integrated application platform. SAP NetWeaver suffers from a buffer overflow vulnerability that stems from improper handling of memory addresses, which could allow an attacker to execute certain forms of SQL queries. An attack...

Joomla! SQL注入漏洞

Joomla! is a free, open source content management system from Joomla! open source. A SQL injection vulnerability exists in Joomla! that stems from improper handling of identifiers, resulting in a SQL injection vulnerability...

PT-2025-37375

Name of the Vulnerable Software and Affected Versions Chamilo versions prior to 1.11.30 Description Chamilo is a learning management system. A flaw exists due to a failure to neutralize special elements used in an OS command. Successful exploitation could allow a remote attacker to execute...

PT-2025-13715 · WordPress · Aphotrax Uptime Robot Plugin

Name of the Vulnerable Software and Affected Versions: Aphotrax Uptime Robot Plugin for WordPress versions n/a through 2.3 Description: The issue is related to an SQL Injection vulnerability, allowing attackers to manipulate database queries. This is due to the improper neutralization of special...

The vulnerability of the sqlgplace_dpipes component in the Virtuoso-OpenSource web application development platform allows a hacker to trigger a service failure.

The vulnerability of the sqlgplacedpipes component in the Virtuoso-opensource web application development platform involves the distribution of resources without any restrictions or regulations. Exploiting this vulnerability allows a malicious actor to cause service failures by sending specially...

The vulnerability of the VMmanager 6 virtualization tool, related to the lack of protective measures for the SQL query structure, allows attackers to execute arbitrary SQL queries against the database.

The vulnerability of VMmanager 6’s virtualization mechanism is related to the lack of security measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL queries against the database remotely...

CVE-2025-0723 ProfileGrid – User Profiles, Groups and Communities <= 5.9.4.7 - Authenticated (Subscriber+) SQL Injection

The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to blind and time-based SQL Injections via the rid and search parameters in all versions up to, and including, 5.9.4.7 due to insufficient escaping on the user supplied parameter and lack of sufficient...

Vanna 跨站请求伪造漏洞

Vanna is a personalized AI SQL agent from Vanna. Vanna suffers from a cross-site request forgery vulnerability. An attacker exploiting this vulnerability could run arbitrary SQL commands...

WordPress plugin WordPress Awesome Import & Export Plugin 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. An authorization issue...

SQL Injection

moodle/moodle is vulnerable to SQL injection. The vulnerability is due to insufficient input sanitization in the module list filter, allowing attackers to manipulate database queries...

The vulnerability of the WP Sessions Time Monitoring full-automatic content management system plugin allows attackers to execute arbitrary SQL queries.

The vulnerability of the WP Sessions Time Monitoring full-automatic content management system for WordPress exists due to the lack of security measures taken to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL queries remotely...

CVE-2020-6249

The use of an admin backend report within SAP Master Data Governance, versions - S4CORE 101, S4FND 102, 103, 104, SAPBSFND 748; allows an attacker to execute crafted database queries, exposing the backend database, leading to SQL Injection...

CVE-2020-6241

SAP Adaptive Server Enterprise, version 16.0, allows an authenticated user to execute crafted database queries to elevate privileges of users in the system, leading to SQL Injection...

CVE-2020-6253

Under certain conditions, SAP Adaptive Server Enterprise Web Services, versions 15.7, 16.0, allows an authenticated user to execute crafted database queries to elevate their privileges, modify database objects, or execute commands they are not otherwise authorized to execute, leading to SQL...

Bentley Systems ProjectWise Integration Server 安全漏洞

Bentley Systems ProjectWise Integration Server is an application from Bentley Systems, USA. A security vulnerability exists in Bentley Systems ProjectWise Integration Server versions prior to 10.00.03.288. An attacker could exploit the vulnerability to execute unexpected SQL queries via API calls...

DEBIAN-CVE-2024-57663

An issue in the sqlgplacedpipes component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service DoS via crafted SQL statements...