CVE-2020-4985

IBM Planning Analytics Local 2.0 could allow an attacker to obtain sensitive information due to accepting body parameters in a query. IBM X-Force ID: 192642...

The vulnerability of the fw.login.php component of the Artica Web Proxy management system allows a hacker to execute arbitrary code with root privileges.

The vulnerability of the fw.login.php component of the Artica Web Proxy server management system is related to the lack of security measures for the SQL query structure. Exploiting this vulnerability allows a remote attacker to execute arbitrary code with root privileges...

CVE-2021-22859

The users’ data querying function of EIC e-document system does not filter the special characters which resulted in remote attackers can inject SQL syntax and execute arbitrary commands without privilege...

CVE-2021-22134

A document disclosure flaw was found in Elasticsearch versions after 7.6.0 and before 7.11.0 when Document or Field Level Security is used. Get requests do not properly apply security permissions when executing a query against a recently updated document. This affects documents that have been...

CVE-2018-25004

A user authorized to performing a specific type of query may trigger a denial of service by issuing a generic explain command on a find query. This issue affects MongoDB Server v4.0 versions prior to 4.0.6 and MongoDB Server v3.6 versions prior to 3.6.11...

PT-2021-2473

Name of the Vulnerable Software and Affected Versions Accellion FTA versions 9 12 370 and earlier Description The issue is related to a lack of protection against SQL query structure exploitation. This can be exploited by a remote attacker to execute arbitrary SQL code and gain unauthorized acces...

The vulnerability of the WP_Query function (wp-includes/class-wp-query.php) in the WordPress content management system allows a hacker to execute arbitrary SQL commands.

The vulnerability of the WPQuery function wp-includes/class-wp-query.php in the WordPress content management system is related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL commands remotely...

The vulnerability of the KTS web interface “Mayak,” related to the failure to protect the SQL query structure, allows attackers to execute arbitrary SQL commands.

The vulnerability of the KTS “Lighthouse” web interface is related to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL commands using a specially crafted HTTP POST request...

The vulnerability of the Query component in the Oracle PeopleSoft Enterprise PeopleTools business application suite allows a hacker to gain unauthorized access to protected information.

The vulnerability of the Query component in the Oracle PeopleSoft Enterprise PeopleTools business application suite is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker operating remotely to gain unauthorized access to protected information...

SourceCodester Water Billing System SQL Injection Vulnerability

SourceCodester Water Billing System is a water billing system from SourceCodester USA. A SQL injection vulnerability exists in SourceCodester Water Billing System version 1.0, which stems from a failure of the program to properly validate user input, and allows an attacker to perform SQL injectio...

Shenzhen Huazhou Intelligent Manufacturing Technology Co., Ltd. Huazhou Cloud Industrial Internet Platform Exists SQL Injection Vulnerability

Headquartered in Shenzhen, China, Huazhou Intelligence is committed to globalization and technological innovation, and has set up overseas offices and research institutes in Germany, Japan, the United States and other countries. With the Industrial Internet Platform as the core carrier, Huasic...

SQL Injection Vulnerability in School Office OA System of Guangzhou Yingfeng Information Technology Co.

Guangzhou Yingfeng Information Technology Co., Ltd. school office OA system is a comprehensive management platform for schools, a comprehensive information management system for schools, and a digital campus management system. Guangzhou Yingfeng Information Technology Co., Ltd School Office OA...

CVE-2020-15621

This vulnerability allows remote attackers to disclose sensitive information on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajaxmailautoreply.php. When parsing the email parameter, the...

The vulnerability of the dns_query.cgi component of D-Link DIR-825 and TRENDnet TEW-632BRP routers allows a hacker to execute arbitrary commands.

The vulnerability of the dnsquery.cgi component of D-Link DIR-825 and TRENDnet TEW-632BRP routers exists due to the failure to address the special elements used in the operating system commands. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

SQL injection vulnerability exists in us***.php page of Xi'an Bailian Network Technology Co.

Xi'an BaiLian Network Technology Co., Ltd. is the first technology company specializing in bearing industry management software development and bearing industry portal design. SQL injection vulnerability exists in the us.php page of the website building system of Xi'an Bailian Network Technology...

TheJshen contentManagementSystem 1.04 - (id) SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: TheJshen contentManagementSystem 1.04 - 'id' SQL Injection Exploit Author: Cakes Vendor Homepage: https://github.com/thejshen/contentManagementSystem Version: 1.04 Software Link:...

The vulnerability of the /web/Public/Conn.php component of the software controller for centralized control of wireless networks in D-Link Central WiFi Manager CWM(100) allows a intruder to execute arbitrary code.

The vulnerability of the /web/Public/Conn.php component of the software controller for centralized control of D-Link Central WiFi Manager CWM100 relates to the lack of security measures for the SQL query structure. Exploiting this vulnerability allows an attacker operating remotely to execute...

S-CMS School Building System v1.0 SQL Injection Vulnerability in Background aja*** U_s** Parameters

S-CMS is a content management system CMS based on PHP and MySQL. S-CMS School Building System v1.0 has a SQL injection vulnerability in the aja Us parameter in the background, which allows attackers to obtain sensitive information from the database...

Deepwoods Software WebLibrarian SQL Injection Vulnerability

Deepwoods Software WebLibrarian is a book management system plugin for use in WordPress from Deepwoods Software, USA. A SQL injection vulnerability exists in the 'AllBarCodes' function in Deepwoods Software WebLibrarian 3.5.2 and earlier versions. The vulnerability stems from a lack of validation...

SQL Injection Vulnerability in B2C_UQ Cloud Business System

UQ Cloud Business System B2C version is a compact e-commerce system, the platform is developed by PHP7.0+Mysql. B2CUQ Cloud Business System suffers from a SQL injection vulnerability, which can be exploited by attackers to obtain sensitive database information...