140 matches found
CVE-2025-10399
A weakness has been identified in Korzh EasyQuery up to 7.4.0. This issue affects some unknown processing of the file /api/easyquery/models/nwind/fetch of the component Query Builder UI. This manipulation causes sql injection. The attack may be initiated remotely. The exploit has been made...
CVE-2025-10399 Korzh EasyQuery Query Builder UI fetch sql injection
A weakness has been identified in Korzh EasyQuery up to 7.4.0. This issue affects some unknown processing of the file /api/easyquery/models/nwind/fetch of the component Query Builder UI. This manipulation causes sql injection. The attack may be initiated remotely. The exploit has been made...
CVE-2025-10399
CVE-2025-10399 concerns Korzh EasyQuery (up to version 7.4.0). The vulnerability arises from improper handling in the Query Builder UI component, specifically the file path /api/easyquery/models/nwind/fetch, enabling SQL injection. The issue can be triggered remotely and has been publicly exposed...
CVE-2025-10399 Korzh EasyQuery Query Builder UI fetch sql injection
A weakness has been identified in Korzh EasyQuery up to 7.4.0. This issue affects some unknown processing of the file /api/easyquery/models/nwind/fetch of the component Query Builder UI. This manipulation causes sql injection. The attack may be initiated remotely. The exploit has been made...
Korzh EasyQuery SQL注入漏洞
Korzh EasyQuery is a query builder software from Korzh. A SQL injection vulnerability exists in Korzh EasyQuery 7.4.0 and earlier versions, which stems from improper handling of files/api/easyquery/models/nwind/fetch in the Query Builder UI component, which can lead to SQL injection attacks...
PT-2025-37412
Name of the Vulnerable Software and Affected Versions: Korzh EasyQuery versions through 7.4.0 Description: A weakness exists in Korzh EasyQuery due to SQL injection. The issue affects unknown processing of the /api/easyquery/models/nwind/fetch API endpoint within the Query Builder UI component...
Linux Distros Unpatched Vulnerability : CVE-2023-45024
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Best Practical Request Tracker RT 5 before 5.0.5 allows Information Disclosure via a transaction search in the transaction query builder. CVE-2023-45024 Note th...
CVE-2022-40824
B.C. Institute of Technology CodeIgniter =3.1.13 is vulnerable to SQL Injection via system\database\DBquerybuilder.php orwhere function. Note: Multiple third parties have disputed this as not a valid vulnerability...
CVE-2025-32120
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in edanzer Easy Query – WP Query Builder easy-query allows Blind SQL Injection.This issue affects Easy Query – WP Query Builder: from n/a through = 2.0.4...
CVE-2025-32120
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in edanzer Easy Query – WP Query Builder easy-query allows Blind SQL Injection.This issue affects Easy Query – WP Query Builder: from n/a through = 2.0.4...
WordPress plugin Easy Query – WP Query Builder SQL注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. WordPress plugin Ea...
MAL-2024-2511 Malicious code in influx-query-builder (npm)
--- -= Per source details. Do not edit below this line.=-...
laravel framework Unexpected database bindings via requests
This is a follow-up to the security advisory https://github.com/laravel/framework/security/advisories/GHSA-3p32-j457-pg5x which addresses a few additional edge cases. If a request is crafted where a field that is normally a non-array value is an array, and that input is not validated or cast to i...
GHSA-27QR-636M-WXG2 codeigniter/framework SQL injection in ODBC database driver
CodeIgniter 3.1.0 addressed a critical security issue within the ODBC database driver. This update includes crucial fixes to mitigate a SQL injection vulnerability, preventing potential exploitation by attackers. It is noteworthy that these fixes render the query builder and escape functions...
BIT-CODEIGNITER-2022-40827
B.C. Institute of Technology CodeIgniter =3.1.13 is vulnerable to SQL Injection via system\database\DBquerybuilder.php where function...
CVE-2023-47128
Piccolo ORM (Python) before 1.1.1 is vulnerable to SQL injection via named transaction savepoints. The root cause is building and executing SAVEPOINT commands with user-supplied input using f-strings, which can lead to arbitrary read/modify operations and even server compromise per the descriptio...
CVE-2023-45024
Best Practical Request Tracker RT 5 before 5.0.5 allows Information Disclosure via a transaction search in the transaction query builder...
DEBIAN-CVE-2023-45024
Best Practical Request Tracker RT 5 before 5.0.5 allows Information Disclosure via a transaction search in the transaction query builder...
CVE-2023-45024
Best Practical Request Tracker RT 5 before 5.0.5 allows Information Disclosure via a transaction search in the transaction query builder...
Information disclosure
Best Practical Request Tracker RT 5 before 5.0.5 allows Information Disclosure via a transaction search in the transaction query builder...