CVE-2025-9073 All in one Minifier <= 3.2 - Unauthenticated SQL Injection

The All in one Minifier plugin for WordPress is vulnerable to SQL Injection via the 'postid' parameter in all versions up to, and including, 3.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

Secure LogIn and SignUp API in PHP 安全漏洞

Secure LogIn and SignUp API in PHP is a security interface software by Vishnu Sivadas Individual Developer. A security vulnerability exists in Secure LogIn and SignUp API in PHP, which stems from an insecure SQL query construct in DataBase.php that could lead to SQL injection...

The vulnerability of the NetworkServlet.getNextTrapPage() function in the system for centrally managing network devices and ports of Advantech iView allows a hacker to execute arbitrary code.

The vulnerability of the NetworkServlet.getNextTrapPage function in the system for centrally managing network devices and ports of Advantech iView is related to the lack of security measures for SQL query structures. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

The vulnerability of the BuildEnterpriseSearchString method implemented by the PolicyServer server of the Trend Micro Endpoint Encryption (TMEE) encryption data solution allows a perpetrator to increase their privileges.

The vulnerability of the BuildEnterpriseSearchString method implemented by the PolicyServer server of the Trend Micro Endpoint Encryption TMEE encryption data solution is related to the lack of security measures for the SQL query structure. Exploiting this vulnerability can allow an attacker...

The vulnerability of the synchronization application for Qsync Central files relates to the lack of security measures for the SQL query structure, allowing a hacker to execute arbitrary code.

The vulnerability of the Qsync Central file synchronization application is related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

The vulnerability of the UnlockWebServerGatewaySettings method in the software for managing and monitoring remote devices in telemetering and telemechanics systems allows a security intruder to read and write arbitrary files and execute arbitrary code.

The vulnerability of the UnlockWebServerGatewaySettings method in the software for managing and monitoring remote devices in telemetering and telemechanics systems is related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor to...

The vulnerability of the Safari browser on macOS, iOS, and iPadOS operating systems allows a hacker to execute arbitrary code.

The vulnerability of the Safari browser in operating systems macOS, iOS, and iPadOS is related to the lack of security measures for handling SQL query structures. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

The vulnerability of the UnlockUser method in the software for managing and monitoring deleted objects in telemetry and telemechanics systems of the TeleControl Server Basic allows a hacker to circumvent security restrictions and gain access to write and read arbitrary files.

The vulnerability of the UnlockUser method in software for managing and monitoring remote devices in telemetry and telemechanics systems related to the lack of security measures taken to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to bypass security...

The vulnerability of the CLI component of the Fortinet FortiManager device management software and the FortiAnalyzer and FortiAnalyzer-BigData security event monitoring and analysis tools allows a attacker to execute arbitrary commands or code.

The vulnerability of the CLI component of the Fortinet FortiManager device management software, as well as the FortiAnalyzer and FortiAnalyzer-BigData security event monitoring and analysis tools, is related to the lack of protective measures for the SQL query structure. Exploiting this...

The vulnerability of the VMmanager 6 virtualization tool, related to the lack of protective measures for the SQL query structure, allows attackers to execute arbitrary SQL queries against the database.

The vulnerability of VMmanager 6’s virtualization mechanism is related to the lack of security measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL queries against the database remotely...

The vulnerability of the get_discovery_results() function in the Cacti network monitoring software allows a hacker to execute arbitrary code.

The vulnerability of the getdiscoveryresults function in the Cacti network monitoring software is related to the lack of security measures for the SQL query structure. Exploiting this vulnerability allows an attacker who operates remotely to execute arbitrary code...

The vulnerability of the Amazon Redshift JDBC driver lies in the lack of security measures for SQL query structures, allowing attackers to exploit this to increase their privileges.

The vulnerability of the Amazon Redshift JDBC driver is related to the lack of security measures for SQL query structures. Exploiting this vulnerability can allow attackers to enhance their privileges...

The vulnerability of the Ivanti Endpoint Manager software for managing endpoints in information networks lies in the lack of security measures regarding SQL query structures. This allows attackers to execute arbitrary code within the root user’s context.

The vulnerability of the Ivanti Endpoint Manager software for managing endpoints in information networks relates to the lack of security measures taken to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary code in the context of the root...

The vulnerability of the LoadSlotsTable method in the Ivanti EPM endpoint management software allows a hacker to execute arbitrary code.

The vulnerability of the LoadSlotsTable method in the Ivanti EPM endpoint management software is related to the lack of security measures for the SQL query structure. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

The vulnerability of the updateAssetInfo method in the Ivanti EPM endpoint management software allows a hacker to execute arbitrary code.

The vulnerability of the updateAssetInfo method in the Ivanti EPM endpoint management software is related to the lack of security measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

The vulnerability of the Zohocorp ManageEngine Exchange Reporter Plus software, which is related to the lack of measures taken to protect the SQL query structure, allows attackers to execute arbitrary SQL queries against the database.

The vulnerability of the monitoring, analysis, and reporting software Zohocorp ManageEngine Exchange Reporter Plus is related to the lack of security measures for SQL query structures. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL queries against the database...

The vulnerability of the getSortString method in the microprogramming software for network devices in the ProSAFE Network Management System (NMS300) allows a perpetrator to execute arbitrary code.

The vulnerability of the getSortString method in the microprogramming software for network devices, the ProSAFE Network Management System NMS300, is related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows an attacker operating remotely to execu...

The vulnerability of the setgeneral.php file in the Tailoring Management System (TMS) allows a hacker to execute arbitrary SQL code, gain unauthorized access to read, modify, or delete data, or cause service interruptions.

The vulnerability of the setgeneral.php file in the Tailoring Management System TMS involves a lack of security measures for the SQL query structure. Exploiting this vulnerability allows an attacker to execute arbitrary SQL code, gain unauthorized access to read, modify, or delete data, or cause ...

The vulnerability of the XStore plugin of the WordPress content management system allows a hacker to execute arbitrary SQL queries against the database.

The vulnerability of the XStore plugin of the WordPress content management system is related to the lack of security measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL queries against the database...

The vulnerability of the GetLogFileRulesSQL method in the Ivanti Endpoint Manager software for managing endpoints in information networks allows a hacker to execute arbitrary code.

The vulnerability of the GetLogFileRulesSQL method in the Ivanti Endpoint Manager software for managing endpoints in information networks is related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary code usi...