CVE-2022-25492

HMS v1.0 was discovered to contain a SQL injection vulnerability via the medicineid parameter in ajaxmedicine.php...

CVE-2022-25490

HMS v1.0 was discovered to contain a SQL injection vulnerability via the editid parameter in department.php...

CVE-2022-25488

Atom CMS v2.0 was discovered to contain a SQL injection vulnerability via the id parameter in /admin/ajax/avatar.php...

HMS SQL注入漏洞

HMS is a computer or web based hospital management system by Kabir Khyrul personal developer in Bangladesh. It helps to manage the operations of a hospital or any healthcare organization. A SQL injection vulnerability exists in HMS version 1.0, which allows attackers to perform SQL injection via...

GLPI SQL注入漏洞

GLPI is an open source IT and asset management software for individual developers. The software provides a full-featured IT resource management interface that you can use to build databases to fully manage IT computers, monitors, servers, printers, network devices, phones, and even toner cartridg...

CVE-2022-24606

Luocms v2.0 is affected by SQL Injection in /admin/news/sortok.php...

Network Olympus SQL注入漏洞

Network Olympus is Softinventive Lab's enterprise network for agentless monitoring. Network Olympus version 1.8.0 is vulnerable to SQL injection, which stems from a missing sqlparameter JSON parameter in /api/eventinstance validation of external input SQL statements. An attacker could exploit thi...

Quicklert SQL注入漏洞

Quicklert is an easy-to-use messaging, alerting, and emergency response solution from Quicklert USA, Inc. Quicklert for Digium version 10.0.0 is vulnerable to SQL injection, which originates from the login.jsp page. The vulnerability stems from the application's lack of validation of externally...

cyrus-sasl: failure to properly escape SQL input allows an attacker to execute arbitrary SQL commands

A flaw was found in the SQL plugin shipped with Cyrus SASL. The vulnerability occurs due to failure to properly escape SQL input and leads to an improper input validation vulnerability. This flaw allows an attacker to execute arbitrary SQL commands and the ability to change the passwords for othe...

WordPress plugin AdRotate SQL注入漏洞

WordPress is a set of blogging platforms developed using the PHP language by the Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A SQL injection vulnerability exists in WordPress AdRotate Plugin versions prior to 5.8.22. The vulnerability...

CVE-2022-26201

Victor CMS v1.0 was discovered to contain a SQL injection vulnerability...

MingSoft Mcms SQL注入漏洞

MingSoft Mcms is China's MingFei MingSoft company's a complete open source J2ee system . A security vulnerability exists in MingSoft Mcms v5.2.4 that allows attackers to conduct SQL injection attacks via the search.do parameter in the file /mdiy/dict/listExcludeApp. No details of the vulnerabilit...

CVE-2022-26171

Bank Management System v1.o was discovered to contain a SQL injection vulnerability via the email parameter...

cyrus-sasl: failure to properly escape SQL input allows an attacker to execute arbitrary SQL commands

A flaw was found in the SQL plugin shipped with Cyrus SASL. The vulnerability occurs due to failure to properly escape SQL input and leads to an improper input validation vulnerability. This flaw allows an attacker to execute arbitrary SQL commands and the ability to change the passwords for othe...

cyrus-sasl: failure to properly escape SQL input allows an attacker to execute arbitrary SQL commands

A flaw was found in the SQL plugin shipped with Cyrus SASL. The vulnerability occurs due to failure to properly escape SQL input and leads to an improper input validation vulnerability. This flaw allows an attacker to execute arbitrary SQL commands and the ability to change the passwords for othe...

CVE-2022-23972

ASUS RT-AX56U’s SQL handling function has an SQL injection vulnerability due to insufficient user input validation. An unauthenticated LAN attacker to inject arbitrary SQL code to read, modify and delete database...

Auto Spare Parts Management SQL注入漏洞

Auto Spare Parts Management is an automated spare parts management system. auto spare parts management is vulnerable to SQL injection and no detailed vulnerability details are available at this time...

CLSA-2022-1646061262 Fix CVE(s): CVE-2022-24407

SECURITY UPDATE: SQL injection in SQL plugin - debian/patches/CVE-2022-24407.patch: escape password for SQL insert/update commands in plugins/sql.c. - CVE-2022-24407...

AZL-8794 CVE-2022-24407 affecting package cyrus-sasl for versions less than 2.1.28-1

In Cyrus SASL 2.1.17 through 2.1.27 before 2.1.28, plugins/sql.c does not escape the password for a SQL INSERT or UPDATE statement...

cyrus-sasl: failure to properly escape SQL input allows an attacker to execute arbitrary SQL commands

A flaw was found in the SQL plugin shipped with Cyrus SASL. The vulnerability occurs due to failure to properly escape SQL input and leads to an improper input validation vulnerability. This flaw allows an attacker to execute arbitrary SQL commands and the ability to change the passwords for othe...