CVE-2021-21935

A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this vulnerability at ‘hostaltfilter2’ parameter. This can be done as any authenticated user or through cross-site request forgery...

CVE-2021-43155

Projectsworlds Online Book Store PHP v1.0 is vulnerable to SQL injection via the "bookisbn" parameter in cart.php...

Projectworlds Hospital Management System SQL注入漏洞

Projectworlds Hospital Management System is a hospital management system from Projectworlds Austria. v1.0 of Projectworlds Hospital Management System is vulnerable to SQL injection, which can be exploited by attackers to Execute illegal SQL commands to steal sensitive database data...

Projectworlds Hospital Management System SQL注入漏洞

Projectworlds Hospital Management System is a hospital management system from Projectworlds Austria.Projectworlds Hospital Management System is vulnerable to SQL injection, which can be exploited by attackers to execute illegal SQL commands to steal sensitive database data...

CVE-2021-45255

The email parameter from ajax.php of Video Sharing Website 1.0 appears to be vulnerable to SQL injection attacks. A payload injects a SQL sub-query that calls MySQL's loadfile function with a UNC file path that references a URL on an external domain. The application interacted with that domain,...

postgresql: server processes unencrypted bytes from man-in-the-middle

It was found that a PostgreSQL server could accept plain text data during the establishment of an SSL connection. When a user is requesting a certificate based authentication, an active Person in the Middle could use this flaw in order to inject arbitrary SQL commands...

WordPress SQL注入漏洞

WordPress is the WordPress Foundation's set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.The WordPress WP Visitor Statistics plugin has a SQL injection vulnerability in versions prior to 4.8. The...

Jfrog JFrog Artifactory SQL注入漏洞

Jfrog JFrog Artifactory is an open source, general-purpose Artifact repository manager from Israel's JFrog Jfrog that supports clustered and high-availability Docker registries and provides an end-to-end solution for automating artifacts used to track artifacts from development to production. JFr...

The vulnerability of the prod_filter parameter in the “device_list” component of the monitoring software for Advantech R-SeeNet routers allows a perpetrator to carry out cross-site scripting attacks.

The vulnerability of the prodfilter parameter in the “devicelist” component of the Advantech R-SeeNet monitoring software relates to the improper handling of the prodfilter parameter. Exploiting this vulnerability allows a remote attacker to perform cross-site scripting attacks by sending special...

CVE-2020-18081

The checkuser function of SEMCMS 3.8 was discovered to contain a vulnerability which allows attackers to obtain the password in plaintext through a SQL query...

Tcman Gim SQL注入漏洞

Tcman Gim is a facility management software from Tcman Spain designed for use on mobile devices. TCMAN GIM suffers from a SQL injection vulnerability that can be exploited via the "/PC/WebService.asmx" page...

postgresql: server processes unencrypted bytes from man-in-the-middle

It was found that a PostgreSQL server could accept plain text data during the establishment of an SSL connection. When a user is requesting a certificate based authentication, an active Person in the Middle could use this flaw in order to inject arbitrary SQL commands...

Tuleap SQL注入漏洞

Enalean Tuleap is a set of open source software development and project management tools from the French company Enalean. The tool provides enterprise application lifecycle management, as well as project tracking, source code management and team collaboration.Enalean Tuleap is vulnerable to SQL...

ThinkPHP SQL注入漏洞

ThinkPHP is a set of PHP-based, open source, lightweight Web application development framework from China Top Think Information Technology. thinkPHP has SQL injection vulnerability, there is no detailed vulnerability details provided...

PT-2021-5674 · Microsoft · Defender For Iot

Name of the Vulnerable Software and Affected Versions: Microsoft Defender for IoT affected versions not specified Description: The issue is related to incorrect code generation management in Microsoft Defender for IoT, allowing a remote attacker to execute arbitrary code using a specially crafted...

ZZCMS SQL注入漏洞

ZZCMS is a content management system CMS from the Zzcms team in China. zzcms is vulnerable to SQL injection, which allows an attacker to use the id parameter in admin/bad.php with a lack of validation for external input SQL statements. An attacker can use the vulnerability to execute illegal SQL...

The vulnerability of the ArcGIS Server server, related to the lack of measures taken to protect the SQL query structure, allows attackers to execute arbitrary SQL queries.

The vulnerability of the ArcGIS Server server is related to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL queries remotely...

CVE-2021-41063

SQL injection vulnerability was discovered in Aanderaa GeoView Webservice prior to version 2.1.3 that could allow an unauthenticated attackers to execute arbitrary commands...

Fortinet FortiWLM SQL注入漏洞

Fortinet FortiWLM is a wireless manager from Fortinet, Inc. An SQL injection vulnerability exists in Fortinet FortiWLM versions 8.6.1 and below, which can be exploited by attackers to contaminate database data and extract sensitive information via crafted HTTP requests to be sent to alarms and...

The vulnerability of the surname_filter parameter in the user_list.php script of the Advantech R-SeeNet monitoring software allows a hacker to disclose protected information.

The vulnerability of the surnamefilter parameter in the userlist.php script of the Advantech R-SeeNet monitoring software relates to the lack of protection for the SQL query structure. Exploiting this vulnerability allows a malicious actor to disclose sensitive information through a specially...