CVE-2022-3395 WP All Export Pro < 1.7.9 - Authenticated SQLi

The WP All Export Pro WordPress plugin before 1.7.9 uses the contents of the ccsql POST parameter directly as a database query, allowing users which has been given permission to run exports to execute arbitrary SQL statements, leading to a SQL Injection vulnerability. By default only users with t...

Best Student Result Management System SQL注入漏洞

Best Student Result Management System is a student result management system by Mayuri K. Individual developer. A security vulnerability exists in version 1.0 of Best Student Result Management System, which stems from an SQL injection issue in the /upresult/upresult/notice-details.php?nid= locatio...

Apache Isis webconsole module may directly query the database in prototype mode

When running in prototype mode, the h2 webconsole module accessible from the Prototype menu is automatically made available with the ability to directly query the database. It was felt that it is safer to require the developer to explicitly enable this capability. As of 2.0.0-M8, this can now be...

CVE-2022-42467

When running in prototype mode, the h2 webconsole module accessible from the Prototype menu is automatically made available with the ability to directly query the database. It was felt that it is safer to require the developer to explicitly enable this capability. As of 2.0.0-M8, this can now be...

CVE-2022-42467

Summary of affected component: Apache Isis h2 webconsole module in prototype mode. Vulnerability mechanism: The webconsole is automatically available in prototype mode, enabling direct database queries; safeguards require explicit enablement via configuration. Root cause/mitigation details: Since...

CVE-2022-42467 h2 webconsole (available only in prototype mode) should nevertheless be disabled by default.

When running in prototype mode, the h2 webconsole module accessible from the Prototype menu is automatically made available with the ability to directly query the database. It was felt that it is safer to require the developer to explicitly enable this capability. As of 2.0.0-M8, this can now be...

CVE-2022-42467 h2 webconsole (available only in prototype mode) should nevertheless be disabled by default.

When running in prototype mode, the h2 webconsole module accessible from the Prototype menu is automatically made available with the ability to directly query the database. It was felt that it is safer to require the developer to explicitly enable this capability. As of 2.0.0-M8, this can now be...

PT-2022-24886 · Ree6 · Ree6

Name of the Vulnerable Software and Affected Versions: Ree6 versions prior to 1.7.0 Description: This issue allows manipulation of SQL queries. The estimated number of potentially affected devices is not provided. There are no reported real-world incidents where this issue was exploited. The issu...

CVE-2022-40833

B.C. Institute of Technology CodeIgniter =3.1.13 is vulnerable to SQL Injection via system\database\DBquerybuilder.php orwherein function. Note: Multiple third parties have disputed this as not a valid vulnerability...

CVE-2022-40826

B.C. Institute of Technology CodeIgniter =3.1.13 is vulnerable to SQL Injection via system\database\DBquerybuilder.php orhaving function. Note: Multiple third parties have disputed this as not a valid vulnerability...

CVE-2022-40834

B.C. Institute of Technology CodeIgniter =3.1.13 is vulnerable to SQL Injection via system\database\DBquerybuilder.php ornotlike function. Note: Multiple third parties have disputed this as not a valid vulnerability...

CVE-2022-40831

B.C. Institute of Technology CodeIgniter =3.1.13 is vulnerable to SQL Injection via system\database\DBquerybuilder.php like function. Note: Multiple third parties have disputed this as not a valid vulnerability...

CVE-2022-40831

B.C. Institute of Technology CodeIgniter =3.1.13 is vulnerable to SQL Injection via system\database\DBquerybuilder.php like function. Note: Multiple third parties have disputed this as not a valid vulnerability...

CVE-2022-40832

B.C. Institute of Technology CodeIgniter =3.1.13 is vulnerable to SQL Injection via system\database\DBquerybuilder.php having function. Note: Multiple third parties have disputed this as not a valid vulnerability...

CVE-2022-40835

B.C. Institute of Technology CodeIgniter =3.1.13 is vulnerable to SQL Injection via system\database\DBquerybuilder.php. Note: Multiple third parties have disputed this as not a valid vulnerability...

PT-2022-25559 · Unknown · Codeigniter

Name of the Vulnerable Software and Affected Versions: CodeIgniter versions =3.1.13 Description: The issue concerns SQL Injection via the where function in the system/database/DB query builder.php file. Note that the validity of this issue has been disputed by multiple third parties...

CodeIgniter SQL注入漏洞

CodeIgniter is an open source web framework written in PHP. A SQL injection vulnerability exists in CodeIgniter version 3.1.13 and earlier versions, which stems from a SQL injection problem in the orwherein method in the systemdatabaseDBquerybuilder.php location...

CodeIgniter SQL注入漏洞

CodeIgniter is an open source web framework written in PHP. A SQL injection vulnerability exists in CodeIgniter version 3.1.13 and earlier versions, which stems from a SQL injection problem in the orwherenotin method in the systemdatabaseDBquerybuilder.php location...

PT-2022-26431 · Centreon · Centreon

Name of the Vulnerable Software and Affected Versions: Centreon affected versions not specified Description: This issue allows remote attackers to escalate privileges on affected installations. Authentication is required to exploit this issue. The specific flaw exists within the handling of...

CodeIgniter SQL注入漏洞

CodeIgniter is an open source web framework written in PHP. A SQL injection vulnerability exists in CodeIgniter version 3.1.13 and earlier versions, which stems from a SQL injection problem in the orhaving method in the systemdatabaseDBquerybuilder.php location...