PT-2022-3916 · Unknown · Pinniped Supervisor

Name of the Vulnerable Software and Affected Versions: Pinniped Supervisor affected versions not specified Description: An issue was discovered in the Pinniped Supervisor with either LADPIdentityProvider or ActiveDirectoryIdentityProvider resources. The issue allows an attack where a malicious us...

OpenMRS SQL注入漏洞

OpenMRS is a medical records system from OpenMRS, Inc. SQL injection vulnerability can be exploited to cause a SQL injection vulnerability via GET requests...

Sql injection

A SQL injection vulnerability exists in Sourcecodester Fantastic Blog CMS 1.0 . An attacker can inject query in "/fantasticblog/single.php" via the "id=5" parameters...

Hospital Management System SQL注入漏洞

Hospital Management System HMS is a computer system that helps manage health care-related information and helps health care providers do their jobs efficiently. v1.0 of Hospital Management System is vulnerable to SQL injection, which can be exploited by attackers via the patientsearch.php with th...

CVE-2022-1369

Delta Electronics DIAEnergie All versions prior to 1.8.02.004 has a blind SQL injection vulnerability exists in ReadRegIND. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands...

Delta Electronics DIAEnergie SQL注入漏洞

Delta Electronics DIAEnergie is an industrial energy management system for monitoring and analyzing energy consumption in real time, calculating energy consumption and load characteristics, optimizing equipment performance, improving production processes and maximizing energy efficiency. A SQL...

Delta Electronics DIAEnergie SQL注入漏洞

Delta Electronics DIAEnergie is an industrial energy management system for monitoring and analyzing energy consumption in real time, calculating energy consumption and load characteristics, optimizing equipment performance, improving production processes and maximizing energy efficiency. Delta...

CVE-2022-28415

Home Owners Collection Management System v1.0 was discovered to contain a SQL injection vulnerability via /hocms/classes/Master.php?f=deletecollection...

CVE-2022-28411

Simple Real Estate Portal System v1.0 was discovered to contain a SQL injection vulnerability via /reps/admin/?page=agents/manageagent...

CVE-2022-28020

Attendance and Payroll System v1.0 was discovered to contain a SQL injection vulnerability via the component \admin\positionedit.php...

CVE-2022-28022

Purchase Order Management System v1.0 was discovered to contain a SQL injection vulnerability via /purchaseorder/classes/Master.php?f=deleteitem...

SQL Injection

Overview blazer is an allows you to explore your data with SQL. Easily create charts and dashboards, and share them with your team. Affected versions of this package are vulnerable to SQL Injection by allowing specific variable values to modify the query rather than just the variable. This can...

DEBIAN-CVE-2022-26651

An issue was discovered in Asterisk through 19.x and Certified Asterisk through 16.8-cert13. The funcodbc module provides possibly inadequate escaping functionality for backslash characters in SQL queries, resulting in user-provided data creating a broken SQL query or possibly a SQL injection. Th...

Chamilo LMS SQL注入漏洞

Chamilo LMS is an open source online learning and collaboration system from the Chamilo Association. The system supports the creation of instructional content, remote training and online question answering, etc. Chamilo LMS v1.11.13 is vulnerable to SQL injection, and no detailed vulnerability...

DEBIAN-CVE-2022-28347

A SQL injection issue was discovered in QuerySet.explain in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. This occurs by passing a crafted dictionary with dictionary expansion as the options argument, and placing the injection payload in an option name...

CSZ CMS SQL注入漏洞

CSZ CMS is a PHP-based open source content management system CMS. CSZ CMS version 1.2.2 contains a SQL injection vulnerability, which originates from the lack of validation of external input SQL statements in cszcmsadminUsersviewUsers and can be exploited by attackers to execute illegal SQL...

Atom.Cms SQL注入漏洞

CMS is a content management system from The Digital Craft personal developer in the U.S. A SQL injection vulnerability exists in Atom.CMS version 2.0, which stems from a lack of validation of external input SQL statements in Atom.CMSadminajaxnavigation.php, which could be exploited by attackers t...

log4j: SQL injection in Log4j 1.x when application is configured to use JDBCAppender

A flaw was found in the Java logging library Apache Log4j in version 1.x. JDBCAppender in Log4j 1.x is vulnerable to SQL injection in untrusted data. This allows a remote attacker to run SQL statements in the database if the deployed application is configured to use JDBCAppender with certain...

Django SQL注入漏洞

Django is the Django Foundation's set of open source web application framework based on the Python language . The framework includes an object-oriented mapper, view system, template system, etc. Django version 2.2.28 before version 2.2, version 3.2.13 before version 3.2, and version 4.0.4 before...

Insurance Management System SQL注入漏洞

Insurance Management System is an insurance management system by Angel Jude Reyes Suarez, an individual developer. A security vulnerability exists in Insurance Management System 1.0, which allows an attacker to perform SQL injection via the username parameter...