PT-2024-5500 · Umi Cms · Umi Cms

Name of the Vulnerable Software and Affected Versions: UMI CMS affected versions not specified Description: The issue is related to a lack of protection against SQL query structure exploitation in UMI CMS, a multi-site content management system. This could allow a remote attacker to execute...

The vulnerability of the network management system for monitoring and managing industrial networks in SINEC NMS lies in the lack of measures to protect the SQL query structure. This allows attackers to execute arbitrary SQL queries against the server’s database.

The vulnerability of the network management system for monitoring and managing industrial networks in SINEC NMS relates to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL queries against the server’s...

CVE-2024-24811 Products.SQLAlchemyDA vulnerable to unauthenticated arbitrary SQL query execution

SQLAlchemyDA is a generic database adapter for ZSQL methods. A vulnerability found in versions prior to 2.2 allows unauthenticated execution of arbitrary SQL statements on the database to which the SQLAlchemyDA instance is connected. All users are affected. The problem has been patched in version...

The vulnerability of the /admin/ file of the Admin Login component of the Engineers Online Portal allows a malicious user to execute arbitrary SQL queries.

The vulnerability of the /admin/ file of the Admin Login component of the Engineers Online Portal is related to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL queries remotely...

The vulnerability of the General/vehicle/checkup/delete.php component of the Tongda OA automation tool allows a hacker to execute arbitrary SQL code.

The vulnerability of the General/vehicle/checkup/delete.php component of the Tongda OA automation tool for business processes is related to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL code remotely...

The vulnerability of the editrole.php component in the D-Link DAR-7000 router microprogramming system allows a hacker to execute arbitrary SQL code.

The vulnerability of the editrole.php component in the D-Link DAR-7000 router microprogramming system is related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows a remote attacker to execute arbitrary SQL code...

The vulnerability of the web platform used for creating ZKBio Access lVS control and access management systems lies in the lack of measures taken to protect the SQL query structure, allowing attackers to execute arbitrary SQL code.

The vulnerability of the web platform used for creating ZKBio Access lVS access control and management systems is related to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL code remotely...

The vulnerability of the watu_exams function (controllers/exam.php) in the Watu Quiz plugin of the WordPress content management system allows a hacker to execute arbitrary SQL queries.

The vulnerability of the watuexams function controllers/exam.php in the Watu Quiz plugin of the WordPress content management system is related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL queries...

The vulnerability of the EaseProbe tool for checking functionality/status involves a lack of measures to protect the SQL query structure, allowing attackers to execute arbitrary SQL code.

The vulnerability of the EaseProbe tool for checking functionality/status involves a lack of measures taken to protect the SQL query structure during data processing in MySQL/PostgreSQL databases. Exploiting this vulnerability allows attackers to execute arbitrary SQL code...

CVE-2023-30558 Multiple SQL injections in sql/data_dictionary.py table_list method in Archery - GHSL-2022-105

Archery is an open source SQL audit platform. The Archery project contains multiple SQL injection vulnerabilities, that may allow an attacker to query the connected databases. User input coming from the dbname in the sql/datadictionary.py tablelist endpoint is passed to the methods that follow in...

CVE-2023-30552 SQL injection in sql/instance.py endpoint in Archery - GHSL-2022-101

Archery is an open source SQL audit platform. The Archery project contains multiple SQL injection vulnerabilities, that may allow an attacker to query the connected databases. Affected versions are subject to SQL injection in the sql/instance.py endpoint's describe method. In several cases, user...

WEBY 1.2.5 Cross Site Request Forgery

==================================================================================================================================== | Title : WEBY v.1.2.5 CSRF Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 108.0.132-bit | | Vendor :...

PT-2022-24930 · Metabase · Metabase

Name of the Vulnerable Software and Affected Versions: Metabase versions prior to 0.44.5, 1.44.5, 0.43.7, 1.43.7, 0.42.6, 1.42.6, 0.41.9, and 1.41.9 Description: The issue concerns the automatic execution of unsaved SQL queries, which could pose a possible attack vector. Metabase has addressed th...

The vulnerability of the /student/bookdetails.php component of the Library Management System allows a malicious user to execute arbitrary SQL queries.

The vulnerability of the /student/bookdetails.php component of the Library Management System relates to the possibility of executing commands. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL queries remotely...

KB5014351 - Description of the security update for SQL Server 2016 SP2 CU17: June 14, 2022

KB5014351 - Description of the security update for SQL Server 2016 SP2 CU17: June 14, 2022 Summary How to obtain and install the update More information File information Information about protection and security Summary An authenticated attacker could affect SQL Server memory when executing a...

The vulnerability in the web interface of the Cisco Unified Communications Manager IM & Presence Service allows a perpetrator to execute arbitrary SQL queries.

The vulnerability of the Web interface for managing the Cisco Unified Communications Manager IM & Presence Service Unified CM IM&P is related to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL queries...

Delta Electronics DIAEnergie SQL注入漏洞

Delta Electronics DIAEnergie is an industrial energy management system for monitoring and analyzing energy consumption in real time, calculating energy consumption and load characteristics, optimizing equipment performance, improving production processes and maximizing energy efficiency. Delta...

The vulnerability of the SAP S/4HANA software platform and the DMIS Mobile Plug-In import control server lies in the lack of protective measures for the SQL query structure, allowing attackers to execute arbitrary SQL queries.

The vulnerability of the SAP S/4HANA software platform and the DMIS Mobile Plug-In import control server is related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL queries remotely...

The vulnerability of the downloadLogFiles function in the industrial food industry management server application AK-EM 800 allows a hacker to execute arbitrary SQL queries.

The vulnerability of the downloadLogFiles function in the industrial food industry management server application AK-EM 800 relates to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows an attacker to execute arbitrary SQL queries through the...

Banking System SQL注入漏洞

Banking System is a simple banking system project by Carlo Montero's personal developer. It is used to manage bank customers' accounts and process basic customer transactions. A security vulnerability exists in Banking System that originates from allowing arbitrary SQL commands to be executed via...