Delta Electronics DIAEnergie SQL注入漏洞

Delta Electronics DIAEnergie is an industrial energy management system used to monitor and analyze energy consumption in real time, calculate energy consumption and load characteristics, optimize equipment performance, improve production processes, and maximize energy efficiency.Delta Electronics...

In Cyrus SASL 2.1.17 through 2.1.27 before 2.1.28 plugins/sql.c does not escape the password for a SQL INSERT or UPDATE statement.

...

WordPress和WordPress plugin SQL注入漏洞

WordPress is a blogging platform developed by the Wordpress Foundation using the PHP language. A SQL injection vulnerability exists in versions of the WordPress Futurio Extra plugin prior to 1.6.3, which stems from a lack of filtering and escaping of SQL data submitted by users. A highly privileg...

Design/Logic Flaw

SAP NetWeaver AS ABAP Workplace Server - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 787, allows an attacker to execute crafted database queries, that could expose the backend database. Successful attacks could result in disclosure of a table of contents from the system,...

CVE-2022-22540

CVE-2022-22540 affects SAP NetWeaver AS ABAP (Workplace Server) across multiple versions (700, 701, 702, 731, 740, 750–756, 787). The connected sources describe a SQL injection vulnerability that enables an attacker to execute crafted database queries and potentially disclose a table of contents ...

WordPress plugin SQL注入漏洞

WordPress is a set of blogging platform developed by the WordPress Foundation using the PHP language. WordPress Wicked Folders plugin in version 2.8.10 has a SQL injection vulnerability, which stems from the failure to filter and escape the oderid parameter, and can be used by attackers to execut...

Remote Code Execution (RCE)

shenyu is vulnerable to remote code execution. The vulnerability exists due to lack of sanitization of database query language input to the system, allowing an attacker to inject maliciously crafted script via the query...

CVE-2021-24858

The Cookie Notification Plugin for WordPress plugin before 1.0.9 does not sanitise or escape the id GET parameter before using it in a SQL statement, when retrieving the setting to edit in the admin dashboard, leading to an authenticated SQL Injection...

CVE-2022-22055

The Le-yan dental management system contains an SQL-injection vulnerability. An unauthenticated remote attacker can inject SQL commands into the input field of the login page to acquire administrator’s privilege and perform arbitrary operations on the system or disrupt service...

Sql injection

An exploitable SQL injection vulnerability exist in the ‘grouplist’ page of the Advantech R-SeeNet 2.4.15 30.07.2021. A specially-crafted HTTP request at '‘ord’ parameter. An attacker can make authenticated HTTP requests to trigger this vulnerability. This can be done as any authenticated user or...

CVE-2021-43157

Projectsworlds Online Shopping System PHP 1.0 is vulnerable to SQL injection via the id parameter in cartremove.php...

Projectworlds Hospital Management System SQL注入漏洞

Projectworlds Hospital Management System is a hospital management system from Projectworlds Austria. version 1.0 of Projectworlds Hospital Management System is vulnerable to SQL injection, which can be exploited by attackers to compromise database system and in some cases use this vulnerability t...

Jackalope Doctrine-DBAL SQL注入漏洞

Jackalope Doctrine-DBAL is an implementation of the PHP Content Repository API PHPCR that uses a relational database to persist data. Jackalope Doctrine-DBAL suffers from a SQL injection vulnerability that stems from the software's lack of effective filtering for the $property parameter. In the...

PayPal Free Source Code SQL注入漏洞

PayPal Free Source Code is an online registration management system. A security vulnerability exists in PayPal Free Source Code 1.0 online registration management system, which allows attackers to obtain sensitive information and execute arbitrary SQL commands via the IDNO parameter...

Esri Arcgis Server SQL注入漏洞

Esri Arcgis Server is a Web-oriented, enterprise-class software platform that can be used to provide geolocation services from Esri, Inc. Esri ArcGIS Server suffers from a SQL injection vulnerability that stems from a lack of validation of externally entered SQL statements in database-based...

WordPress 插件 SQL注入漏洞

WordPress Plugin is an open source application plugin for WordPress. The WordPress plugin suffers from a SQL injection vulnerability that stems from the hmwp get user ip function attempting to retrieve an ip address from multiple headers, including ip address headers that the user can spoof, such...

Advantech R-SeeNet SQL注入漏洞

Advantech R-SeeNet is an industrial monitoring software from Advantech Taiwan, China. The software is based on the snmp protocol for monitoring platforms and is available for Linux and Windows platforms.Advantech R-SeeNet is vulnerable to SQL injection, which can be exploited by remote attackers ...

Roundcube Webmail SQL注入漏洞

Roundcube Webmail is an open source browser-based IMAP client that supports address book management, message searching, spell checking, and more. A SQL injection vulnerability exists in Roundcube Webmail, which can be exploited to perform SQL injection via "search" or "searchparams". The followin...

CVE-2021-24772

The Stream WordPress plugin before 3.8.2 does not sanitise and validate the order GET parameter from the Stream Records admin dashboard before using it in a SQL statement, leading to an SQL injection issue...

USN-5145-1 postgresql-10, postgresql-12, postgresql-13 vulnerabilities

Jacob Champion discovered that PostgreSQL incorrectly handled SSL certificate verification and encryption. A remote attacker could possibly use this issue to inject arbitrary SQL queries when a connection is first established...