The vulnerability of the Multi-Factor Authentication component of the pgAdmin database management tool allows a malicious individual to gain unauthorized access to the application and execute arbitrary SQL code.

The vulnerability of the Multi-Factor Authentication component of the pgAdmin database management tool exists due to incorrect implementation of multi-factor authentication. Exploiting this vulnerability can allow an attacker to gain unauthorized access to the application and execute arbitrary SQ...

The vulnerability of the web console of the automation process management tool for IT services, Ivanti Cloud Services Appliance, allows a hacker to execute arbitrary SQL queries.

The vulnerability of the web console of the Ivanti Cloud Services Appliance, which is used for automating IT service management processes, relates to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL querie...

The vulnerability of the NuPoint Unified Messaging component of the Mitel MiCollab collaboration platform allows attackers to execute SQL code through this attack.

The vulnerability of the NuPoint Unified Messaging component of the Mitel MiCollab collaboration platform relates to the lack of security measures for handling SQL queries. Exploiting this vulnerability allows an attacker to carry out an attack by injecting SQL code by sending a specially crafted...

PT-2024-9375 · Ivanti · Ivanti Cloud Services Appliance

Name of the Vulnerable Software and Affected Versions: Ivanti Cloud Services Appliance versions prior to 5.0.3 Description: The issue is related to a lack of protection against SQL query structure exploitation in the admin web console of Ivanti Cloud Services Appliance. This allows a remote...

PT-2024-36100 · Roninwp · Roninwp Fat Services Booking

Name of the Vulnerable Software and Affected Versions: Roninwp FAT Services Booking versions n/a through 5.6 Description: The issue is related to an Improper Neutralization of Special Elements used in an SQL Command, also known as a SQL Injection vulnerability. This problem impacts Roninwp FAT...

The vulnerability in the virtual learning environment Moodle, related to the lack of measures to protect the SQL query structure, allows attackers to execute arbitrary SQL queries in the database.

The vulnerability in the virtual training environment Moodle is related to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL queries in the database remotely...

WordPress plugin MStore API 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

The vulnerability of the GLPI system’s request, incident, and computer equipment inventory management processes, related to the failure to protect the SQL request structure, allows a perpetrator to execute arbitrary code.

The vulnerability of the GLPI system’s request, incident, and computer equipment inventory management processes is related to the lack of protective measures for the SQL request structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary code...

PT-2024-7743 · Cisco · Cisco Nexus Dashboard Fabric Controller

Name of the Vulnerable Software and Affected Versions: Cisco Nexus Dashboard Fabric Controller NDFC affected versions not specified Description: A vulnerability in the REST API endpoint and web-based management interface of Cisco Nexus Dashboard Fabric Controller NDFC could allow an authenticated...

The vulnerability of the Dell OpenManage Enterprise console, related to the lack of protective measures for the SQL query structure, allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the Dell OpenManage Enterprise system management console is related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability could allow an attacker to gain unauthorized access to protected information...

The vulnerability of the dv_compare component in the Virtuoso-opensource web application development platform allows a attacker to trigger a service failure.

The vulnerability of the dvcompare component in the Virtuoso-opensource web application development platform is related to improper elimination of special elements used in SQL commands. Exploiting this vulnerability can allow an attacker to trigger a service failure using specially created SQL...

The vulnerability of the bif_mod component in the Virtuoso-opensource web application development platform allows a attacker to trigger a service failure.

The vulnerability of the bifmod component in the Virtuoso-opensource web application development platform is related to improper elimination of special elements used in SQL commands. Exploiting this vulnerability can allow an attacker to trigger a service failure using specially created SQL...

NetEase QAnything SQL注入漏洞

NetEase QAnything is a local knowledgebase question and answer system from China's NetEase that is designed to support files or databases in any format, and can be installed and used offline. A SQL injection vulnerability exists in NetEase QAnything version 1.4.1, which originates from the abilit...

Avaya Aura System Manager 安全漏洞

Avaya Aura System Manager is an administrative tool from Avaya Corporation USA. A security vulnerability exists in Avaya Aura System Manager that originates from a command line interface CLI user with administrative privileges being able to execute arbitrary queries against the Avaya Aura System...

The vulnerability of the GLPI reports’ reporting system, related to improper handling of input data during the generation of web pages used in SQL commands, allows attackers to carry out XSS attacks.

The vulnerability of the GLPI reports plugin relates to the proper neutralization of input data during the generation of web pages. Exploiting this vulnerability allows a malicious actor to carry out XSS attacks using a specially crafted website...

The vulnerability of the version/query_to_xml/inet_server_addr/inet_client_addr function in Apache Superset visualization software allows a hacker to bypass existing security restrictions.

The vulnerability of the version/querytoxml/inetserveraddr/inetclientaddr functions in Apache Superset visualization software is related to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to circumvent existing security...

SQL Injection

egroupware/egroupware is vulnerable to Sql Injection. The vulnerability is due to improper handling of the ORDER BY clause in database queries, potentially leading to SQL injection. An attacker can exploit this vulnerability to manipulate database queries, leading to unauthorized data access or...

The vulnerability of the XStore plugin of the WordPress content management system allows a hacker to execute arbitrary SQL queries against the database.

The vulnerability of the XStore plugin of the WordPress content management system is related to the lack of security measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL queries against the database...

WordPress plugin Email Subscribers by Icegram Express Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation, a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blog sites on servers running PHP and MySQL. A security vulnerability exists in the WordPress plugin...

WordPress plugin WP Hotel Booking security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...