PT-2022-1665 · Microsoft · Sql Server

Name of the Vulnerable Software and Affected Versions: SQL Server for Linux Containers affected versions not specified Description: The issue is related to insecure privilege management in Microsoft SQL Server for Linux. Exploitation of this issue may allow an attacker to elevate their privileges...

PT-2022-9669

Name of the Vulnerable Software and Affected Versions Paid Memberships Pro WordPress plugin versions prior to 2.6.7 Description The issue concerns a SQL injection problem. It occurs because the discount code is not properly escaped before being used in a SQL statement, specifically in one of the...

Synology DiskStation Manager SQL注入漏洞

Synology DiskStation Manager DSM is an operating system used on network storage servers NAS by Synology Inc. of Taiwan, China. A SQL injection vulnerability exists in Synology DiskStation Manager, which stems from the failure of the product's Log Management function to handle special characters i...

Synology DiskStation Manager SQL注入漏洞

Synology DiskStation Manager DSM is an operating system used on network storage servers NAS by Synology Inc. of Taiwan, China. A SQL injection vulnerability exists in Synology DiskStation Manager, which stems from the failure of the product's Security Management feature to handle special characte...

The vulnerability of the app/admin/routing/edit-bgp-mapping-search.php web application for managing IP addresses in phpipam allows a attacker to execute arbitrary SQL queries.

The vulnerability of the app/admin/routing/edit-bgp-mapping-search.php web application for managing IP addresses in phpipam lies in the lack of measures taken to protect the SQL query structure when processing the “subnet” parameter. Exploiting this vulnerability allows a malicious actor to execu...

The vulnerability of the GLPI system’s handling of requests and incidents, related to the failure to protect the SQL query structure, allows attackers to execute arbitrary SQL queries.

The vulnerability of the GLPI system’s handling of requests and incidents is related to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL queries remotely...

Emlog SQL注入漏洞

Emlog is a PHP and MySQL based CMS website builder by the individual developer of Emlog. Emlog has a SQL injection vulnerability, which originates from the discovery that Emlog v6.0 contains a SQL injection vulnerability via the $TagID parameter of getblogidsfromtagid...

Airspan Networks Mmp SQL注入漏洞

Airspan Networks Mmp is an advanced standalone network management software platform for Mimosa fixed wireless devices from Airspan Networks, Inc. Airspan Networks Mmp is vulnerable to SQL injection, which can be exploited by attackers to perform SQL injection and obtain sensitive information...

Victor CMS SQL注入漏洞

Victor CMS is an open source content management system from the individual developers of Victor Alagwu in Nigeria.A security vulnerability exists in Victor CMS, which stems from the lack of validation of externally entered SQL statements in the database-based application. An attacker could exploi...

DEBIAN-CVE-2021-46667

MariaDB before 10.6.5 has a sqllex.cc integer overflow, leading to an application crash...

Elite Graphix Elite Cms SQL注入漏洞

Elite Graphix Elite Cms is a web content management written in Php language from Elite Graphix India. platform for storing and organizing information and documents. Elite Graphix Elite Cms suffers from a SQL injection vulnerability that stems from a lack of validation of externally entered SQL...

WordPress pluginSQL注入漏洞

WordPress is a set of blogging platforms developed by the WordPress Foundation using the PHP language.The WordPress Perfect Survey plugin has a SQL injection vulnerability in versions prior to 1.5.2, which stems from the lack of validation of externally entered SQL statements in database-based...

Victor CMS SQL注入漏洞

Victor CMS is an open source content management system from the individual developers of Victor Alagwu in Nigeria. victor CMS has a SQL injection vulnerability in v1.0, which stems from the lack of validation of externally entered SQL statements in database-based applications. An attacker could...

Victor CMS SQL注入漏洞

Victor CMS is an open source content management system from the individual developers of Victor Alagwu in Nigeria. victor CMS has a SQL injection vulnerability in v1.0, which stems from the lack of validation of externally entered SQL statements in database-based applications. An attacker could...

Online Motorcycle (Bike) Rental System SQL注入漏洞

Online Motorcycle Bike Rental System is an online motorcycle bike rental system by the individual developer Carlo Montero. A security vulnerability in Online Motorcycle Bike Rental System 1.0 could allow an attacker to perform a time-based SQL blind injection via the login portal...

CVE-2021-46427

An SQL Injection vulnerability exists in Sourcecodester Simple Chatbot Application 1.0 via the message parameter in Master.php...

showdoc SQL注入漏洞

showdoc is open source a great tool for IT teams to share documents online. A SQL injection vulnerability exists in showdoc versions prior to 2.10.3, which stems from a lack of validation of the uid parameter of showdoc against externally entered SQL statements. An attacker can exploit this...

JeecgBoot SQL注入漏洞

JeecgBoot is a Java low-code platform for enterprise Web applications in China. A SQL injection vulnerability exists in JeecgBoot version 3.0, which stems from a lack of validation of externally entered SQL statements in database-based applications. An attacker can exploit this vulnerability to...

CVE-2021-4088

SQL injection vulnerability in Data Loss Protection DLP ePO extension 11.8.x prior to 11.8.100, 11.7.x prior to 11.7.101, and 11.6.401 allows a remote authenticated attacker to inject unfiltered SQL into the DLP part of the ePO database. This could lead to remote code execution on the ePO server...

Online Payment Hub SQL注入漏洞

Online Payment Hub is an online payment hub for Carlo Montero personal developers. The Online Payment Hub is vulnerable to SQL injection due to a lack of filtering and escaping of SQL data in Login.php, which could be exploited to execute arbitrary SQL commands via the username parameter...