CVE-2022-27381

An issue in the component Field::setdefault of MariaDB Server v10.6 and below was discovered to allow attackers to cause a Denial of Service DoS via specially crafted SQL statements...

UBUNTU-CVE-2022-27379

An issue in the component Argcomparator::comparerealfixed of MariaDB Server v10.6.2 and below was discovered to allow attackers to cause a Denial of Service DoS via specially crafted SQL statements...

CVE-2022-27472

SQL injection vulnerability in Topics Counting feature of Roothub 2.6.0 allows unauthorized attackers to execute arbitrary SQL commands via the "s" parameter remotely...

Atom.CMS SQL注入漏洞

CMS is a content management system from The Digital Craft individual developers in the U.S. A SQL injection vulnerability exists in Atom.CMS version 2.0, which stems from a lack of validation of external input SQL statements in Atom.CMSadminajaxpages.php, and could be exploited by attackers to...

MariaDB SQL注入漏洞

MariaDB is a free and open source database management system from the MariaDB Mariadb Foundation and a forked version of MySQL with the Maria storage engine. A security vulnerability exists in MariaDB Server v10.6 and lower that allows an attacker to cause a denial of service DoS via a specially...

CSZ CMS SQL注入漏洞

CSZ CMS is a PHP-based open source content management system CMS. CSZ CMS version 1.2.2 is vulnerable to SQL injection, which stems from the lack of validation of external input SQL statements in cszcmsadminUserseditUser, and can be used by attackers to execute illegal SQL commands to obtain...

MariaDB SQL注入漏洞

MariaDB is a free and open source database management system from the MariaDB Foundation and a forked version of MySQL with the Maria storage engine. A security vulnerability exists in MariaDB Server v10.7 and lower, which can be exploited by an attacker to cause a denial of service DoS via a...

JHipster SQL注入漏洞

JHipster is an open source application builder that develops web applications and microservices primarily using Angular or React and Spring Framework.JHipster suffers from a SQL injection vulnerability that stems from the application's lack of validation of externally entered SQL statements, whic...

Pimcore SQL注入漏洞

Pimcore is an open source Web content management platform for creating and managing Web applications from Austrian company Pimcore. The platform integrates Web content management, e-commerce framework and product information management applications. pimcore has a SQL injection vulnerability, whic...

Car Rental System SQL注入漏洞

Car Rental System is a car rental system by individual developer AMEY THAKUR in India. car Rental System v1.0 is vulnerable to SQL injection, which originates from the lack of SQL data filtering for the id parameter in /CarRental/booking.php, and can be exploited by attackers to execute illegal S...

ZZCMS SQL注入漏洞

ZZCMS is a content management system CMS from the Zzcms team in China. zzCMS2021 is vulnerable to SQL injection, which stems from a lack of filtering of SQL data in admanage.php. An attacker could use this vulnerability to send malicious SQL commands...

cyrus-sasl: failure to properly escape SQL input allows an attacker to execute arbitrary SQL commands

A flaw was found in the SQL plugin shipped with Cyrus SASL. The vulnerability occurs due to failure to properly escape SQL input and leads to an improper input validation vulnerability. This flaw allows an attacker to execute arbitrary SQL commands and the ability to change the passwords for othe...

The vulnerability of the PuppetDB database management system lies in the lack of protective measures for SQL query structures. This allows attackers to gain access to confidential data, compromise its integrity, and cause service failures.

The vulnerability of the PuppetDB database management system is related to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to gain access to confidential data, compromise its integrity, and cause service interruptions...

CVE-2022-28467

Online Student Admission v1.0 was discovered to contain a SQL injection vulnerability via the txtapplicationID parameter...

CVE-2022-27123

Employee Performance Evaluation v1.0 was discovered to contain a SQL injection vulnerability via the email parameter...

CVE-2022-28115

Online Sports Complex Booking v1.0 was discovered to contain a SQL injection vulnerability via the id parameter...

Online Student Admission System SQL注入漏洞

Online Student Admission System is an online student admission system. It is used to computerize all pre- and post-admission activities of an institution. Online Student Admission v1.0 has a security vulnerability that allows an attacker to perform SQL injection via the txtapplicationID parameter...

SourceCodester Employee Performance Evaluation System SQL注入漏洞

SourceCodester Employee Performance Evaluation is a Php-based site builder for employee performance management from SourceCodester. sourceCodester Employee Performance Evaluation SQL injection vulnerability, which can be exploited by attackers to perform SQL injection via email parameters...

MingSoft MCMS SQL注入漏洞

MingSoft MCMS is a complete open source J2ee system from MingSoft, a Chinese company. mingsoft MCMS has a SQL injection vulnerability, which originates from the lack of filtering and escaping of SQL data in the categoryId parameter of /cms/content/list, and can be used by attackers to execute...

The vulnerability of the formatting function of the SQL parser for Python, Sqlparse, allows a hacker to cause a service failure.

The vulnerability of the SQL parser’s formatting module for Python Sqlparse is related to the incorrect handling of multiple occurrences of the "\r\n" character in SQL comments. Exploiting this vulnerability allows an attacker to cause service failures remotely...