The vulnerability of the RunSearch function of the SearchService service in the FactoryTalk AssetCentre software platform allows a perpetrator to execute arbitrary SQL commands.

The vulnerability of the RunSearch function in the SearchService service of the FactoryTalk AssetCentre software platform for centralized asset management involves a lack of measures to protect the SQL query structure. Exploiting this vulnerability could allow an attacker to execute arbitrary SQL...

CVE-2024-23815

A vulnerability has been identified in Desigo CC All versions if access from Installed Clients to Desigo CC server is allowed from networks outside of a highly protected zone, Desigo CC All versions if access from Installed Clients to Desigo CC server is only allowed within highly protected zones...

CVE-2024-23815

A vulnerability has been identified in Desigo CC All versions if access from Installed Clients to Desigo CC server is allowed from networks outside of a highly protected zone, Desigo CC All versions if access from Installed Clients to Desigo CC server is only allowed within highly protected zones...

DB-GPT Arbitrary File Write vulnerability

In eosphoros-ai/db-gpt version v0.6.3 and earlier, the web API POST /api/v1/editor/chart/run allows execution of arbitrary SQL queries without any access control. This vulnerability can be exploited by attackers to perform Arbitrary File Write, enabling them to write arbitrary files to the victim...

WordPress WordPress Awesome Import & Export Plugin - Import & Export WordPress Data plugin <= 4.1.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary SQL Execution/Privilege Escalation vulnerability

WordPress WordPress Awesome Import & Export Plugin - Import & Export WordPress Data plugin = 4.1.1 - Missing Authorization to Authenticated Subscriber+ Arbitrary SQL Execution/Privilege Escalation vulnerability discovered by Trương Hữu Phúc truonghuuphuc in WordPress Plugin WordPress Awesome Impo...

CVE-2020-36084

SQL Injection vulnerability in SourceCodester Responsive E-Learning System 1.0 allows remote attackers to inject sql query in /elearning/deleteteacherstudents.php?id= parameter via id field...

CVE-2022-39362

Metabase is data visualization software. Prior to versions 0.44.5, 1.44.5, 0.43.7, 1.43.7, 0.42.6, 1.42.6, 0.41.9, and 1.41.9, unsaved SQL queries are auto-executed, which could pose a possible attack vector. This issue is patched in versions 0.44.5, 1.44.5, 0.43.7, 1.43.7, 0.42.6, 1.42.6, 0.41.9...

CVE-2024-53007

Bentley Systems ProjectWise Integration Server before 10.00.03.288 allows unintended SQL query execution by an authenticated user via an API call...

CVE-2024-53007

CVE-2024-53007 affects Bentley Systems ProjectWise Integration Server prior to 10.00.03.288. An authenticated user can cause unintended SQL query execution via an API call. The CVSS 3.1 base score is 6.4 (MEDIUM): attack vector LOCAL, privileges required LOW, user interaction NONE, with confident...

PT-2025-2950 · Bentley Systems · Projectwise Integration Server

Name of the Vulnerable Software and Affected Versions: Bentley Systems ProjectWise Integration Server versions prior to 10.00.03.288 Description: The issue allows unintended SQL query execution by an authenticated user via an API call. Recommendations: For versions prior to 10.00.03.288, update t...

CVE-2024-53007

Bentley Systems ProjectWise Integration Server before 10.00.03.288 allows unintended SQL query execution by an authenticated user via an API call...

CVE-2024-53007

Bentley Systems ProjectWise Integration Server before 10.00.03.288 allows unintended SQL query execution by an authenticated user via an API call...

ROS-20250127-01

Vulnerability of striptags function of django.utils.html module of Django web application software platform is related to unrestricted resource allocation as a result of incorrect HTML character escaping. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial ...

WeGIA SQL注入漏洞

WeGIA is a web manager for welfare organizations by the individual developer Nilson Lazarin. A security vulnerability exists in WeGIA versions prior to 3.2.8 that stems from the presence of a SQL injection vulnerability that allows an attacker to execute arbitrary SQL commands, thereby compromisi...

The vulnerability of the software platform for medical visualization and image processing syngo.plaza lies in the lack of protective measures for the SQL query structure, allowing attackers to execute arbitrary SQL code.

The vulnerability of the software platform for medical visualization and image processing in syngo.plaza lies in the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL code to compromise the database...

KB5042749 - Description of the security update for SQL Server 2019 CU28: September 10, 2024

KB5042749 - Description of the security update for SQL Server 2019 CU28: September 10, 2024 Summary Known issues in this update Improvements and fixes included in this update How to obtain and install the update How to obtain or download the latest cumulative update package for Linux More...

KB5042217 - Description of the security update for SQL Server 2017 GDR: September 10, 2024

KB5042217 - Description of the security update for SQL Server 2017 GDR: September 10, 2024 Summary Known issues in this update Improvements and fixes included in this update How to obtain and install the update More information File information Information about protection and security Summary Th...

The vulnerability of the Reports module of the monitoring, analysis, and reporting software ManageEngine Exchange Reporter Plus allows a hacker to execute arbitrary SQL queries against the database.

The vulnerability of the Reports module in the ManageEngine Exchange Reporter Plus software for monitoring, analysis, and report generation is related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL...

Npgsql 安全漏洞

Npgsql is Npgsql open source an open source .NET data provider program for PostgreSQL. A security vulnerability exists in Npgsql that stems from an overflow issue that can be exploited by an attacker to execute arbitrary SQL statements...

GO-2024-2826 Denial of service attack by triggering unbounded memory usage in vitess.io/vitess

When executing a query, the vtgate will go into an endless loop that also keeps consuming memory and eventually will OOM. This causes a denial of service...