Linux Distros Unpatched Vulnerability : CVE-2020-14586

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Security: Privileges. Supported versions that are affected are 8.0.20 and prior...

Linux Distros Unpatched Vulnerability : CVE-2025-30693

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0...

📄 VX Guestbook 1.07 SQL Injection

VX Guestbook version 1.07 suffers from a remote SQL injection vulnerability. Exploit Title: VX Guestbook SQL Injection Authenticated Date: 2025-08-02 Exploit Author: tmrswrr Category : Webapps Vendor: https://phpversion.com/ Version 1.07 1. Access the Admin Panel: - Click Words Censor...

Vulnerability of the Server component: The Optimizer component of the MySQL Server database management system, which allows a hacker to cause a service failure.

The vulnerability of the MySQL Server component of the database management system involves uncontrolled resource consumption. Exploiting this vulnerability can allow an attacker to cause service interruptions...

编号撤回

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. This CVE number has...

编号撤回

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. This CVE number has...

emlog 代码注入漏洞

emlog is emlog open source PHP and MySQL based on a set of CMS site building system . emlog 2.5.7 and previous versions of the code injection vulnerability , the vulnerability stems from the file /admin/article.php parameter activepost in the wrong operation leads to cross-site scripting...

CVE-2024-51108

Multiple stored cross-site scripting XSS vulnerabilities in the component /admin/card-bwdates-report.php of PHPGURUKUL Medical Card Generation System using PHP and MySQL v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the fromdate and todate...

CVE-2024-45174

An issue was discovered in za-internet C-MOR Video Surveillance 5.2401 and 6.00PL01. Due to improper validation of user-supplied data, different functionalities of the C-MOR web interface are vulnerable to SQL injection attacks. This kind of attack allows an authenticated user to execute arbitrar...

CVE-2023-50718

NocoDB is software for building databases as spreadsheets. Prior to version 0.202.10, an authenticated attacker with create access could conduct a SQL Injection attack on MySQL DB using unescaped tablename. This vulnerability may result in leakage of sensitive data in the database. Version 0.202....

CVE-2022-45347

Apache ShardingSphere-Proxy prior to 5.3.0 when using MySQL as database backend didn't cleanup the database session completely after client authentication failed, which allowed an attacker to execute normal commands by constructing a special MySQL client. This vulnerability has been fixed in Apac...

CVE-2021-41679

A SQL injection vulnerability exists in version 8.0 of openSIS when MySQL or MariaDB is used as the application database. An attacker can then issue the SQL command through the /opensis/modules/grades/InputFinalGrades.php, period parameter...

CVE-2021-23053

On version 15.1.x before 15.1.3, 14.1.x before 14.1.3.1, and 13.1.x before 13.1.3.6, when the brute force protection feature of BIG-IP Advanced WAF or BIG-IP ASM is enabled on a virtual server and the virtual server is under brute force attack, the MySQL database may run out of disk space due to...

CVE-2021-37614

In certain Progress MOVEit Transfer versions before 2021.0.3 aka 13.0.3, SQL injection in the MOVEit Transfer web application could allow an authenticated remote attacker to gain access to the database. Depending on the database engine being used MySQL, Microsoft SQL Server, or Azure SQL, an...

CVE-2021-39378

A SQL Injection vulnerability exists in openSIS 8.0 when MySQL MariaDB is being used as the application database. A malicious attacker can issue SQL commands to the MySQL MariaDB database through the NamesList.php str parameter...

CVE-2020-8519

SQL injection with the search parameter in Records.php for phpzag live add edit delete data tables records with ajax php mysql...

CVE-2020-11545

Project Worlds Official Car Rental System 1 is vulnerable to multiple SQL injection issues, as demonstrated by the email and parameters account.php, uname and pass parameters login.php, and id parameter bookcar.php This allows an attacker to dump the MySQL database and to bypass the login...

CVE-2020-13921

Resolved Only when using H2/MySQL/TiDB as Apache SkyWalking storage, there is a SQL injection vulnerability in the wildcard query cases...

CVE-2019-1010246

MailCleaner before c888fbb6aaa7c5f8400f637bcf1cbb844de46cd9 is affected by: Unauthenticated MySQL database password information disclosure. The impact is: MySQL database content disclosure e.g. username, password. The component is: The API call in the function allowAction in...

CVE-2019-13021

The administrative passwords for all versions of Bond JetSelect are stored within an unprotected file on the filesystem, rather than encrypted within the MySQL database. This backup copy of the passwords is made as part of the installation script, after the administrator has generated a password...