Sql injection

Piccolo is an object-relational mapping and query builder which supports asyncio. Prior to version 1.1.1, the handling of named transaction savepoints in all database implementations is vulnerable to SQL Injection via f-strings. While the likelihood of an end developer exposing a savepoints name...

CVE-2023-26453

Requests to cache an image could be abused to include SQL queries that would be executed unchecked. Exploiting this vulnerability requires at least access to adjacent networks of the imageconverter service, which is not exposed to public networks by default. Arbitrary SQL statements could be...

CVE-2023-26454

Requests to fetch image metadata could be abused to include SQL queries that would be executed unchecked. Exploiting this vulnerability requires at least access to adjacent networks of the imageconverter service, which is not exposed to public networks by default. Arbitrary SQL statements could b...

PT-2023-20645 · Unknown · Imageconverter Service

Name of the Vulnerable Software and Affected Versions: imageconverter service affected versions not specified Description: The issue allows requests to cache an image and return its metadata to be abused, including SQL queries that would be executed unchecked. Exploiting this requires at least...

CVE-2023-43875

Multiple Cross-Site Scripting XSS vulnerabilities in installation of Subrion CMS v.4.2.1 allows a local attacker to execute arbitrary web scripts via a crafted payload injected into the dbhost, dbname, dbuser, adminusername and adminemail...

CVE-2023-43339

Cross-Site Scripting XSS vulnerability in cmsmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted payload injected into the Database Name, DataBase User or Database Port components...

CVE-2023-43339

Cross-Site Scripting XSS vulnerability in cmsmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted payload injected into the Database Name, DataBase User or Database Port components...

CVE-2023-43339

Cross-Site Scripting XSS vulnerability in cmsmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted payload injected into the Database Name, DataBase User or Database Port components...

CMS Made Simple Cross-Site Scripting Vulnerability

CMS Made Simple CMSMS is an open source content management system CMS by Cmsms team. The system supports role-based privilege management system, wizard-based installation and update mechanism, intelligent caching mechanism and so on. A security vulnerability exists in CMS Made Simple version...

SUSE CVE-2016-9013

Django 1.8.x before 1.8.16, 1.9.x before 1.9.11, and 1.10.x before 1.10.3 use a hardcoded password for a temporary database user created when running tests with an Oracle database, which makes it easier for remote attackers to obtain access to the database server by leveraging failure to manually...

Information disclosure

An issue discovered in phpwcms 1.9.25 allows remote attackers to run arbitrary code via DB user field during installation...

phpwcms 代码注入漏洞

phpwcms is an open source web content management system. It is fast, easy to install and runs on any standard web server platform that supports PHP/MySQL. A security vulnerability exists in phpwcms version 1.9.25, which stems from a vulnerability that allows remote attackers to run arbitrary code...

Information disclosure

Information disclosure vulnerability exists in Pgpool-II 4.4.0 to 4.4.1 4.4 series, 4.3.0 to 4.3.4 4.3 series, 4.2.0 to 4.2.11 4.2 series, 4.1.0 to 4.1.14 4.1 series, 4.0.0 to 4.0.21 4.0 series, All versions of 3.7 series, All versions of 3.6 series, All versions of 3.5 series, All versions of 3....

Pgpool-II 安全漏洞

Pgpool-II is an open source cluster management tool from PgPool Global Development Group. Pgpool-II has a security vulnerability that originates from the authentication information of a specific database user may be obtained by other database users, the information stored in the database may be...

PgHero Allows Information Disclosure Through EXPLAIN Feature

PgHero before 3.1.0 allows Information Disclosure via EXPLAIN because query results may be present in an error message. Depending on database user privileges, this may only be information from the database, or may be information from file contents on the database server...

CVE-2023-22626

PgHero before 3.1.0 allows Information Disclosure via EXPLAIN because query results may be present in an error message. Depending on database user privileges, this may only be information from the database, or may be information from file contents on the database server...

CVE-2023-22626

PgHero before 3.1.0 allows Information Disclosure via EXPLAIN because query results may be present in an error message. Depending on database user privileges, this may only be information from the database, or may be information from file contents on the database server...

PostgreSQL JDBC Driver SQL注入漏洞

PostgreSQL is a free object-relational database management system from the PostgreSQL organization. The system supports most of the SQL standards and provides many other features such as foreign keys, triggers, views, etc. The PostgreSQL JDBC Driver is an open source JDBC driver written in Pure...

U.S. Dept Of Defense: Critical sensitive information Disclosure. [HtUS]

Sensitive information, including the database user, password, and name, was disclosed due to a critical vulnerability on a website. This could have allowed an attacker to access the system...

USN-5451-1: InfluxDB vulnerability

Ilya Averyanov discovered that an InfluxDB vulnerability allowed attackers to bypass authentication and gain access to any known database user...