The vulnerability of the sell_return.php script of the SourceCodester Inventory Management System allows a hacker to execute arbitrary SQL queries.

The vulnerability of the sellreturn.php script in the SourceCodester Inventory Management System is related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL queries remotely...

The vulnerability of TIBCO EBX asset management software lies in the lack of protective measures for SQL query structures, allowing attackers to execute arbitrary SQL queries.

The vulnerability of TIBCO EBX asset management software lies in the lack of protective measures for SQL query structures. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL queries remotely...

Ibermática RPS 2019 Log Information Disclosure Vulnerability

Ibermática RPS 2019 is an ERP software from Ibermática. Ibermática RPS 2019 suffers from a log information disclosure vulnerability that originates from allowing an unauthenticated user to retrieve sensitive information such as usernames, IP addresses, or SQL queries sent to the application...

The vulnerability of the configuration import function of the AcSELerator QuickSet SEL-5030 device management tool allows a perpetrator to execute arbitrary code.

The vulnerability of the configuration import function of the AcSELerator QuickSet SEL-5030 device management tool relates to the lack of measures taken to protect the SQL query structure during the processing of DMX format files. Exploiting this vulnerability allows a perpetrator to execute...

The vulnerability of the `grow_right_pane_tree()` function in the Cacti network monitoring software, which allows a hacker to execute arbitrary SQL queries.

The vulnerability of the growrightpanetree function in the Cacti network monitoring software’s script graphview.php relates to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL queries using a specially...

Zoo Management System SQL注入漏洞

Zoo Management System is a zoo management system. It provides an online and automated platform for zoo organizations to manage their daily records. Zoo Management System v1.0 suffers from a SQL injection vulnerability that stems from a lack of validation of externally entered SQL statements on th...

CVE-2023-27523

Improper data authorization check on Jinja templated queries in Apache Superset up to and including 2.1.0 allows for an authenticated user to issue queries on database tables they may not have access to...

ScienceLogic SL1 SQL注入漏洞

ScienceLogic SL1 is an application from ScienceLogic, Inc. Connect your real estate together to automate multidirectional data flow and workflow. A SQL injection vulnerability exists in ScienceLogic SL1 11.1.2 and earlier versions, which stems from a lack of validation of externally entered SQL...

Siemens RUGGEDCOM CROSSBOW

​​As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services ...

CVE-2023-26440

The cacheservice API could be abused to indirectly inject parameters with SQL syntax which was insufficiently sanitized and would later be executed when creating new cache groups. Attackers with access to a local or restricted network could perform arbitrary SQL queries. We have improved the inpu...

Discourse 安全漏洞

Discourse is an open source community discussion platform. The platform includes community, email, and chat room features. A security vulnerability exists in Discourse that stems from the fact that in multiple controller operations, Discourse accepts limiting parameters but does not impose any...

The vulnerability of the GLPI system’s handling of requests and incidents, related to improper neutralization of special elements used in SQL commands, allows attackers to execute arbitrary SQL queries in the database.

The vulnerability of the GLPI application’s request and incident handling system lies in the insufficient cleaning of user data at the final inventory registration stage. Users can send specially created requests to the affected application and execute arbitrary SQL commands in the application’s...

The vulnerability of the PnPSCADA automation system’s software lies in the lack of protective measures for SQL query structures. This allows attackers to gain unauthorized access to protected information and compromise the system.

The vulnerability of the PnPSCADA automation system’s software is related to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information and compromise the system...

CVE-2022-4259

Due to improper input validation in the Alerts controller, a SQL injection vulnerability in Nozomi Networks Guardian and CMC allows an authenticated attacker to execute arbitrary SQL queries on the DBMS used by the web application...

PT-2023-16236 · WordPress · The Random Text Wordpress Plugin

Name of the Vulnerable Software and Affected Versions: The Random Text WordPress plugin versions through 0.3.0 Description: The issue is related to a SQL injection that occurs because a parameter is not properly sanitized and escaped before being used in a SQL statement. This can be exploited by...

Archery SQL注入漏洞

Archery is an open source vulnerability assessment and management tool. Archery suffers from a SQL injection vulnerability that stems from the inclusion of multiple SQL injection vulnerabilities that could allow an attacker to query a connected database...

Archery SQL注入漏洞

Archery is an open source vulnerability assessment and management tool. Archery suffers from a SQL injection vulnerability that stems from the inclusion of multiple SQL injection vulnerabilities that could allow an attacker to query a connected database...

PT-2023-17192

Name of the Vulnerable Software and Affected Versions Veragroup Mobile Assistant versions prior to 21.S.2343 Description The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL Injection attacks...

CVE-2022-36979

This vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Avalanche 6.3.2.3490. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the...

PT-2023-6548 · Jmsblog +1 · Jmsblog +1

Name of the Vulnerable Software and Affected Versions: PrestaShop jmsblog version 2.5.5 Description: The issue is related to a lack of protection for the SQL query structure in the Jms Blog module of the PrestaShop e-commerce web application. This can be exploited by a remote attacker to execute...