Stock Management System SQL注入漏洞

Sourcecodester Stock Management System is an inventory management system. A security vulnerability exists in Stock Management System, which is caused by an incorrect manipulation of the parameter user/password leading to sql injection...

AeroCMS SQL注入漏洞

AeroCMS is a content management system from AeroCMS, Inc. A security vulnerability exists in AeroCMS v0.0.1, which stems from the id parameter of its adminpostcomments.php component allowing an attacker to implement SQL injection resulting in access to database information. No detailed...

The vulnerability of the my_strcasecmp_8bit component of the MariaDB database, related to memory usage after its deallocation, allows a attacker to cause a service failure.

The vulnerability of the mystrcasecmp8bit component of the MariaDB database is related to the use of memory after it is freed. Exploiting this vulnerability allows an attacker to cause a service failure through a specially crafted SQL query...

AeroCMS SQL注入漏洞

AeroCMS is a content management system from AeroCMS Inc. in the United States. AeroCMS version v0.0.1 suffers from a security vulnerability that stems from the Category parameter of its category.php component that allows an attacker to implement SQL injection resulting in access to database...

CVE-2022-3481

The WooCommerce Dropshipping WordPress plugin before 4.4 does not properly sanitise and escape a parameter before using it in a SQL statement via a REST endpoint available to unauthenticated users, leading to a SQL injection...

Authenticated SQL injection via filename & update-instance parameters

There is a SQL injection vulnerability inside saveMeta function in AttachmentAbstract.php. When a file is being uploaded via admin/index.php?action=ajax&ajax=att&ajaxaction=upload endpoint, the filename parameter isn't being sanitized and its later on interpolated into a raw SQL query inside...

SEMCMS SQL注入漏洞

SEMCMS is a multilingual content management system CMS for foreign trade websites. A SQL injection vulnerability exists in SEMCMS SHOP version 1.1, which stems from a SQL injection issue in AntMenu.php...

Sql injection

The WP All Export Pro WordPress plugin before 1.7.9 uses the contents of the ccsql POST parameter directly as a database query, allowing users which has been given permission to run exports to execute arbitrary SQL statements, leading to a SQL Injection vulnerability. By default only users with t...

CVE-2022-3395 WP All Export Pro < 1.7.9 - Authenticated SQLi

The WP All Export Pro WordPress plugin before 1.7.9 uses the contents of the ccsql POST parameter directly as a database query, allowing users which has been given permission to run exports to execute arbitrary SQL statements, leading to a SQL Injection vulnerability. By default only users with t...

Best Student Result Management System SQL注入漏洞

Best Student Result Management System is a student result management system by Mayuri K. Individual developer. A security vulnerability exists in version 1.0 of Best Student Result Management System, which stems from an SQL injection issue in the /upresult/upresult/notice-details.php?nid= locatio...

Apache Isis webconsole module may directly query the database in prototype mode

When running in prototype mode, the h2 webconsole module accessible from the Prototype menu is automatically made available with the ability to directly query the database. It was felt that it is safer to require the developer to explicitly enable this capability. As of 2.0.0-M8, this can now be...

CVE-2022-42467

When running in prototype mode, the h2 webconsole module accessible from the Prototype menu is automatically made available with the ability to directly query the database. It was felt that it is safer to require the developer to explicitly enable this capability. As of 2.0.0-M8, this can now be...

CVE-2022-42467 h2 webconsole (available only in prototype mode) should nevertheless be disabled by default.

When running in prototype mode, the h2 webconsole module accessible from the Prototype menu is automatically made available with the ability to directly query the database. It was felt that it is safer to require the developer to explicitly enable this capability. As of 2.0.0-M8, this can now be...

CVE-2022-42467

Summary of affected component: Apache Isis h2 webconsole module in prototype mode. Vulnerability mechanism: The webconsole is automatically available in prototype mode, enabling direct database queries; safeguards require explicit enablement via configuration. Root cause/mitigation details: Since...

CVE-2022-42467 h2 webconsole (available only in prototype mode) should nevertheless be disabled by default.

When running in prototype mode, the h2 webconsole module accessible from the Prototype menu is automatically made available with the ability to directly query the database. It was felt that it is safer to require the developer to explicitly enable this capability. As of 2.0.0-M8, this can now be...

The vulnerability of the admin_edit.php implementation in the online book store allows a hacker to execute arbitrary code.

The vulnerability of the adminedit.php script used by the Online Book Store involves a lack of protection for the SQL query structure when processing the bookisbn parameter. Exploiting this vulnerability allows an attacker to execute arbitrary code remotely...

PT-2022-24886 · Ree6 · Ree6

Name of the Vulnerable Software and Affected Versions: Ree6 versions prior to 1.7.0 Description: This issue allows manipulation of SQL queries. The estimated number of potentially affected devices is not provided. There are no reported real-world incidents where this issue was exploited. The issu...

CVE-2022-40834

B.C. Institute of Technology CodeIgniter =3.1.13 is vulnerable to SQL Injection via system\database\DBquerybuilder.php ornotlike function. Note: Multiple third parties have disputed this as not a valid vulnerability...

CVE-2022-40831

B.C. Institute of Technology CodeIgniter =3.1.13 is vulnerable to SQL Injection via system\database\DBquerybuilder.php like function. Note: Multiple third parties have disputed this as not a valid vulnerability...

CVE-2022-40835

B.C. Institute of Technology CodeIgniter =3.1.13 is vulnerable to SQL Injection via system\database\DBquerybuilder.php. Note: Multiple third parties have disputed this as not a valid vulnerability...