CVE-2020-20981

A SQL injection in the /admin/?n=logs&c=index&a=dolist component of Metinfo 7.0 allows attackers to access sensitive database information...

Foxit Reader和Foxit PhantomPDF SQL注入漏洞

Foxit Reader and Foxit PhantomPDF are both PDF document readers from the Chinese company Foxit. A SQL injection vulnerability exists in Foxit Reader and PhantomPDF versions prior to 10.1.4. The vulnerability stems from a lack of validation of externally-entered SQL statements in database-based...

TYPO3 SQL注入漏洞

TYPO3 is a free and open source content management system framework CMS/CMF from the TYPO3 Typo3 association in Switzerland.TYPO3 is vulnerable to a SQL injection vulnerability that stems from a failure to properly encode user input. No detailed vulnerability details are currently available...

UBUNTU-CVE-2013-4717

Multiple SQL injection vulnerabilities in Open Ticket Request System OTRS Help Desk 3.0.x before 3.0.22, 3.1.x before 3.1.18, and 3.2.x before 3.2.9 allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors related to Kernel/Output/HTML/PreferencesCustomQueue.pm,...

rConfig SQL注入漏洞

rConfig is an open source network device configuration management utility. rConfig version 3.9.5 is vulnerable to a SQL injection vulnerability that stems from an unvalidated dbName parameter in ajaxDbInstall.php, which can be exploited by attackers to access sensitive database information...

Care2x2.7 Alpha SQL注入漏洞

Care2x2.7 Alpha is a software application. A hospital information management system. A SQL injection vulnerability exists in Care2x2.7 Alpha that stems from a lack of validation of externally entered SQL statements in database-based applications. An attacker can exploit this vulnerability to...

The vulnerability of the Moodle management system, related to the failure to protect SQL queries, allows attackers to execute arbitrary code.

The vulnerability of the Moodle management system is related to the failure to implement measures to protect SQL queries. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by sending specially crafted SQL queries remotely...

CVE-2021-20028

Improper neutralization of a SQL Command leading to SQL Injection vulnerability impacting end-of-life Secure Remote Access SRA products, specifically the SRA appliances running all 8.x firmware and 9.0.0.9-26sv or earlier...

CVE-2021-37556

A SQL injection vulnerability in reporting export in Centreon before 20.04.14, 20.10.8, and 21.04.2 allows remote authenticated but low-privileged attackers to execute arbitrary SQL commands via the include/reporting/dashboard/csvExport/csvHostGroupLogs.php start and end parameters...

Centreon SQL注入漏洞

Centreon Merethis Centreon is a set of open source system monitoring tools from the French company Centreon . The product mainly provides monitoring of network, system and application resources. A SQL injection vulnerability exists in Centreon versions prior to 20.04.14, 20.10.8, and 21.04.2. An...

WordPress SQL注入漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A SQL injection vulnerability exists in the WordPress plugin Survey Maker prior to version 1.5.6,...

SourceCodester Phone Shop Sales Managements System SQL注入漏洞

SourceCodester Phone Shop Sales Managements System is a PHP project by SourceCodester, Inc. to manage phone store sales transactions. sourcecodester Phone Shop Sales Managements System 1.0 has a SQL injection vulnerability that can be exploited by attackers to cause SQL injection...

whatsns SQL注入漏洞

whatsns is an open source online question and answer system. The system supports cloud storage, image watermark settings, full-text search, on-site behavior monitoring, SMS registration and notification, and other features. A SQL injection vulnerability exists in Whatsns, which originates from th...

Advisto PEEL SHOPPING SQL注入漏洞

PEEL Shopping is a PHP/MySQL architecture of open source e-commerce system. 9.4.0.1 prior version of PEEL Shopping has a SQL injection vulnerability, which can be exploited by attackers to inject malicious SQL queries and obtain sensitive database information...

WordPress SQL注入漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. The platform supports the hosting of personal blog sites on PHP and MySQL servers.WooCommerce Blocks plugin is a WordPress open source application plugin.WooCommerce Blocks feature plugin version...

NavigateCMS SQL注入漏洞

Navigate CMS is a powerful and intuitive content management system. A sql injection vulnerability exists in the childrenorder parameter in structure.php in Navigate CMS 2.9.4 and earlier versions. An attacker can exploit this vulnerability to execute arbitrary sql queries in the backend database...

WordPress SQL注入漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A SQL injection vulnerability exists in WordPress Woocommerce. The vulnerability stems from a lack o...

OESA-2021-1274 python-sqlalchemy security update

SQLAlchemy is an Object Relational Mapper ORM that provides a flexible, high-level interface to SQL databases. It contains a powerful mapping layer that users can choose to work as automatically or as manually, determining relationships based on foreign keys or to bridge the gap between database...

CVE-2021-25213

SQL injection vulnerability in SourceCodester Travel Management System v 1.0 allows remote attackers to execute arbitrary SQL statements, via the catid parameter to subcat.php...

CVE-2021-25202

SQL injection vulnerability in SourceCodester Sales and Inventory System v 1.0 allows remote attackers to execute arbitrary SQL statements, via the id parameter to \ahira\admin\inventory.php...