The vulnerability of the information system openSIS, related to the failure to protect the SQL query structure, allows a perpetrator to execute arbitrary SQL queries.

The vulnerability of the information system openSIS is related to the failure to implement measures to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL queries using the username parameter...

CVE-2021-41147

Tuleap Open ALM is a libre and open source tool for end to end traceability of application and system developments. Prior to version 11.16.99.173 of Community Edition and versions 11.16-6 and 11.15-8 of Enterprise Edition, an attacker with admin rights in one agile dashboard service can execute...

CVE-2021-37478

In NavigateCMS version 2.9.4 and below, function block is vulnerable to sql injection on parameter block-order, which results in arbitrary sql query execution in the backend database...

CVE-2021-37478

In NavigateCMS version 2.9.4 and below, function block is vulnerable to sql injection on parameter block-order, which results in arbitrary sql query execution in the backend database...

Sql injection

In NavigateCMS version 2.9.4 and below, function in product.php is vulnerable to sql injection on parameter id through a post request, which results in arbitrary sql query execution in the backend database...

CVE-2021-37477

In NavigateCMS version 2.9.4 and below, function in structure.php is vulnerable to sql injection on parameter childrenorder, which results in arbitrary sql query execution in the backend database...

CVE-2021-37475

In NavigateCMS version 2.9.4 and below, function in templates.php is vulnerable to sql injection on parameter template-properties-order, which results in arbitrary sql query execution in the backend database...

ECTouch SQL注入漏洞

ECTouch is an application. An open source mobile mall system to create an enterprise exclusive mobile mall. ECTouch suffers from a SQL injection vulnerability, which originates from the SQL injection vulnerability in ECTouch v2 generated through the integralmin parameter in index.php. An attacker...

The vulnerability of the app/admin/custom-fields/order.php web application for managing IP addresses in phpipam allows a hacker to execute arbitrary SQL queries.

The vulnerability of the app/admin/custom-fields/order.php web application for managing IP addresses in phpipam relates to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows an attacker operating remotely to execute arbitrary SQL queries...

The vulnerability of the plus/ajax_street.php component of the 74cms CMS system, related to the lack of protection for SQL query structures, allows attackers to execute arbitrary SQL queries.

The vulnerability of the plus/ajaxstreet.php component of the 74cms CMS system is related to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL queries via the parameter x...

Devolutions Server SQL注入漏洞

Devolutions Server is an application from Devolutions Canada. It provides a full-featured shared account and password management solution. A SQL injection vulnerability exists in Devolutions Server versions prior to 2021.1and Devolutions Server LTS versions prior to 2020.3.18, which can be...

CVE-2021-28938

Siren Federate before 6.8.14-10.3.9, 6.9.x through 7.6.x before 7.6.2-20.2, 7.7.x through 7.9.x before 7.9.3-21.6, 7.10.x before 7.10.2-22.2, and 7.11.x before 7.11.2-23.0 can leak user information across thread contexts. This occurs in opportunistic circumstances when there is concurrent query...

CVE-2021-28938

Siren Federate contains a cross-context information leak vulnerability affecting multiple versions: 6.8.14-10.3.9, 6.9.x–7.6.x, 7.7.x–7.9.x, 7.10.x–7.11.x, and 7.11.x. In concurrent query execution by a low-privilege and a high-privilege user, the former may run with the latter's privileges, leak...

CVE-2021-28938

Siren Federate before 6.8.14-10.3.9, 6.9.x through 7.6.x before 7.6.2-20.2, 7.7.x through 7.9.x before 7.9.3-21.6, 7.10.x before 7.10.2-22.2, and 7.11.x before 7.11.2-23.0 can leak user information across thread contexts. This occurs in opportunistic circumstances when there is concurrent query...

The vulnerabilities of the “/submit.php” and “/infusions/downloads/downloads.php” components of the PHP-Fusion CMS system allow attackers to execute arbitrary SQL queries.

The vulnerability of the “/submit.php” and “/infusions/downloads/downloads.php” components of the PHP-Fusion CMS system is related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows an attacker to execute arbitrary SQL queries remotely...

CVE-2021-22134

A flaw was found in elasticsearch. Get requests do not properly apply security permissions when executing a query against a recently updated document. This affects documents that have been updated and not yet refreshed in the index. This could result in the search disclosing the existence of...

Silver Peak SD-WAN Bugs Allow for Network Takeover

Silver Peak’s Unity Orchestrator, a software-defined WAN SD-WAN management platform, suffers from three remote code-execution security bugs that can be chained together to allow network takeover by unauthenticated attackers. SD-WAN is a cloud-based networking approach used by enterprises and...

PT-2020-13356 · Aerospike · Aerospike Community Edition

Name of the Vulnerable Software and Affected Versions: Aerospike Community Edition version 4.9.0.5 Description: The issue allows for unauthenticated submission and execution of user-defined functions UDFs, written in Lua, as part of a database query. Although it attempts to restrict code executio...

Jifty :: DBI SQL Injection Vulnerability

Jifty :: DBI is an object-relational persistence framework. A SQL injection vulnerability exists in Jifty :: DBI versions prior to 0.68, which can be exploited by an attacker to execute illegal SQL commands...

Palo Alto Networks Zingbox Inspector SQL Injection Vulnerability

The Palo Alto Networks Zingbox Inspector is a locally deployed appliance in a Zingbox IoT Command Center IoT control center solution from Palo Alto Networks, USA. A SQL injection vulnerability exists in the management interface in Palo Alto Networks Zingbox Inspector version 1.288 and earlier. Th...