CVE-2024-10835

In eosphoros-ai/db-gpt version v0.6.0, the web API POST /api/v1/editor/sql/run allows execution of arbitrary SQL queries without any access control. This vulnerability can be exploited by attackers to perform Arbitrary File Write using DuckDB SQL, enabling them to write arbitrary files to the...

CVE-2019-25222

The Thumbnail carousel slider plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter in all versions up to, and including, 1.0.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

LogicalDOC SQL注入漏洞

LogicalDOC is the United States LogicalDOC company a set of document management system developed using Java technology. The system has features such as Lucene full-text search indexing and automatic import. A security vulnerability exists in LogicalDOC that originates from a blind SQL injection,...

Apartment Visitors Management System contactno Parameter SQL Injection Vulnerability

Apartment Visitors Management System is an apartment visitor management system. The Apartment Visitors Management System suffers from a SQL injection vulnerability that stems from a lack of validation of the contactno parameter against externally entered SQL statements. An attacker can use this...

Online Shopping Portal product-details.php file SQL Injection Vulnerability

Online Shopping Portal is an online store. Online Shopping Portal suffers from a SQL injection vulnerability that stems from a lack of validation of externally entered SQL statements in the product-details.php file. An attacker can exploit this vulnerability to execute illegal SQL commands to ste...

The vulnerability of the Query Handler component of the IBM DB2 database management system and the IBM DB2 Connect Server automatic redirection server allows a perpetrator to cause service failures.

The vulnerability of the Query Handler component of the IBM DB2 database management system and the IBM DB2 Connect Server automatic redirection server is related to uncontrolled memory allocation. Exploiting this vulnerability could allow a malicious actor to cause service interruptions by using ...

The vulnerability of the Query Handler component of the IBM DB2 database management system and the IBM DB2 Connect Server automatic redirection server allows a perpetrator to cause service failures.

The vulnerability of the Query Handler component of the IBM DB2 database management system and the IBM DB2 Connect Server automatic redirection server is related to uncontrolled memory allocation. Exploiting this vulnerability could allow a malicious actor to cause service interruptions by using ...

WordPress Hero Slider plugin <= 1.3.5 - Authenticated (Subscriber+) SQL Injection vulnerability

Authenticated Subscriber+ SQL Injection vulnerability discovered by Lucio Sá in WordPress Plugin Hero Slider versions = 1.3.5...

zz 注入漏洞

zz is an e-commerce platform for zj1983 individual developers. An injection vulnerability exists in zz 2024-8 and prior versions, which stems from SQL injection and could lead to remote code execution...

CVE-2025-26971

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in ays-pro Poll Maker allows Blind SQL Injection. This issue affects Poll Maker: from n/a through 5.6.5...

WordPress plugin vents Manager SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection vulnerabili...

WordPress plugin Pollin SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection...

CVE-2024-13595

The Simple Signup Form plugin for WordPress is vulnerable to SQL Injection via the 'id' attribute of the 'ssf' shortcode in all versions up to, and including, 1.6.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes...

ChurchCRM 安全漏洞

ChurchCRM is an open source CRM system built for churches by ChurchCRM Open Source. A security vulnerability exists in ChurchCRM version 5.13.0 and prior versions that stems from the newCountName parameter being directly connected to a SQL query without proper cleanup. An attacker exploiting this...

Library Card System 注入漏洞

Library Card System is a library management system. A SQL injection vulnerability exists in Library Card System version 1.0, which originates from a lack of validation of the id parameter of the card.php file against externally entered SQL statements. An attacker can use this vulnerability to...

WordPress Bit Assist plugin <= 1.5.2 - Authenticated (Subscriber+) SQL Injection via id Parameter vulnerability

Authenticated Subscriber+ SQL Injection via id Parameter vulnerability discovered by Arkadiusz Hydzik in WordPress Plugin Bit Assist versions = 1.5.2...

WeGIA SQL注入漏洞

WeGIA is a web manager for welfare organizations by the individual developer Nilson Lazarin. An SQL injection vulnerability exists in WeGIA 3.2.11 and prior versions that originates from allowing an authorized attacker to execute arbitrary SQL queries that could allow access to or delete sensitiv...

CVE-2024-53357

Multiple SQL injection vulnerabilities in EasyVirt DCScope = 8.6.0 and CO2Scope = 1.3.0 allows remote authenticated attackers, with low privileges, to 1 add an admin user via the /api/user/addalias route; 2 modifiy a user via the /api/user/updatealiasroute; 4 delete users via the /api/user/delali...

Centreon SQL注入漏洞

Centreon is a set of open source system monitoring tools from the French company Centreon . The product provides monitoring capabilities for resources such as networks, systems and applications. A security vulnerability exists in versions of Centreon Web prior to 24.10.3, which originates from an...

WeGIA SQL注入漏洞

WeGIA is a web manager for welfare organizations by the individual developer Nilson Lazarin. A SQL injection vulnerability exists in WeGIA versions prior to 3.2.9. An attacker can exploit this vulnerability to execute arbitrary SQL commands in the database to access sensitive information...