CVE-2023-4797

The Newsletters WordPress plugin before 4.9.3 does not properly escape user-controlled parameters when they are appended to SQL queries and shell commands, which could enable an administrator to run arbitrary commands on the server...

The vulnerability of the Ivanti Endpoint Manager software for managing endpoints in information networks lies in the lack of protective measures for SQL query structures, allowing attackers to execute arbitrary SQL queries against the database.

The vulnerability of the Ivanti Endpoint Manager software for managing endpoints in information networks relates to the lack of security measures regarding SQL query structures. Exploiting this vulnerability allows attackers to execute arbitrary SQL queries against the database...

PT-2023-30787 · Unknown · Wc Vendors – Woocommerce Multi-Vendor +2

Name of the Vulnerable Software and Affected Versions: WC Vendors – WooCommerce Multi-Vendor, WooCommerce Marketplace, Product Vendors versions 2.4.7 and earlier Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL...

The vulnerability of the Image Horizontal Reel Scroll Slideshow Plugin lies in its lack of measures to neutralize special elements, allowing attackers to execute arbitrary SQL queries.

The vulnerability of the Image Horizontal Reel Scroll Slideshow Plugin exists due to the failure to address the issue of eliminating special elements. Exploiting this vulnerability can allow a remote attacker to execute arbitrary SQL queries...

The vulnerability of the My Calendar plugin of the WordPress content management system allows a hacker to execute arbitrary SQL queries against the database.

The vulnerability of the My Calendar plugin for the WordPress content management system is related to the lack of validation for the consistency of XML objects. Exploiting this vulnerability allows a remote attacker to execute arbitrary SQL queries against the database...

PT-2023-9148 · Unknown · Sante Pacs Server

Name of the Vulnerable Software and Affected Versions: Sante PACS Server PG affected versions not specified Description: This issue allows remote attackers to execute arbitrary code on affected installations of Sante PACS Server PG. Authentication is not required to exploit this issue. The specif...

PT-2023-31032 · Klive · Klive

Name of the Vulnerable Software and Affected Versions: 32ns KLive versions 2019-1-19 and earlier Description: The issue allows a remote attacker to obtain sensitive information via a crafted script to the "web/user.php" component. This is achieved through a SQL Injection attack, which enables the...

VulnCheck KEV: CVE-2019-17503

An issue was discovered in Kirona Dynamic Resource Scheduling DRS 5.5.3.5. An unauthenticated user can access /osm/REGISTER.cmd aka /osmtiles/REGISTER.cmd directly: it contains sensitive information about the database through the SQL queries within this batch file. This file exposes SQL...

Vulnerability of the edd_ajax_download_search() function (/includes/ajax-functions.php) of the Easy Digital Downloads plugin in the WordPress content management system, allowing a hacker to execute arbitrary SQL queries

The vulnerability of the eddajaxdownloadsearch function /includes/ajax-functions.php in the Easy Digital Downloads plugin of the WordPress content management system is related to the lack of protection for the SQL query structure when processing the “s” parameter. Exploiting this vulnerability...

Cross-Site Request Forgery with QueryOnXWiki allows arbitrary database queries

Impact A CSRF vulnerability in the query on XWiki tool allows executing arbitrary database queries on the database of the XWiki installation. Among other things, this allows modifying and deleting all data of the wiki. This could be both used to damage the wiki and to create an account with...

GHSA-4F4C-RHJV-4WGV Cross-Site Request Forgery with QueryOnXWiki allows arbitrary database queries

Impact A CSRF vulnerability in the query on XWiki tool allows executing arbitrary database queries on the database of the XWiki installation. Among other things, this allows modifying and deleting all data of the wiki. This could be both used to damage the wiki and to create an account with...

CVE-2023-48293

The XWiki Admin Tools Application provides tools to help the administration of XWiki. Prior to version 4.5.1, a cross-site request forgery vulnerability in the query on XWiki tool allows executing arbitrary database queries on the database of the XWiki installation. Among other things, this allow...

CVE-2023-48293 XWiki Admin Tools Application CSRF with QueryOnXWiki allows arbitrary database queries

The XWiki Admin Tools Application provides tools to help the administration of XWiki. Prior to version 4.5.1, a cross-site request forgery vulnerability in the query on XWiki tool allows executing arbitrary database queries on the database of the XWiki installation. Among other things, this allow...

CVE-2023-48293 XWiki Admin Tools Application CSRF with QueryOnXWiki allows arbitrary database queries

The XWiki Admin Tools Application provides tools to help the administration of XWiki. Prior to version 4.5.1, a cross-site request forgery vulnerability in the query on XWiki tool allows executing arbitrary database queries on the database of the XWiki installation. Among other things, this allow...

Admin Tools Application Cross-Site Request Forgery Vulnerability

Admin Tools Application is an open source advanced management tool for XWiki from the XWiki Foundation. A cross-site request forgery vulnerability exists in Admin Tools Application versions prior to 4.5.1, which stems from a vulnerability that allows arbitrary database queries to be performed on...

PT-2023-8619 · Xwiki · Xwiki Admin Tools Application

Name of the Vulnerable Software and Affected Versions: XWiki Admin Tools Application versions prior to 4.5.1 Description: A cross-site request forgery issue in the query on XWiki tool allows executing arbitrary database queries on the database of the XWiki installation. This could be used to dama...

mariadb: lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer

MariaDB CONNECT Storage Engine Stack-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the...

CVE-2023-26452

Requests to cache an image and return its metadata could be abused to include SQL queries that would be executed unchecked. Exploiting this vulnerability requires at least access to adjacent networks of the imageconverter service, which is not exposed to public networks by default. Arbitrary SQL...

CVE-2023-26454

Requests to fetch image metadata could be abused to include SQL queries that would be executed unchecked. Exploiting this vulnerability requires at least access to adjacent networks of the imageconverter service, which is not exposed to public networks by default. Arbitrary SQL statements could b...

Exploit for SQL Injection in Moodle

CVE-2021-36393 Error-based blind SQL injection with bit-shi...