hibernate-core: SQL injection vulnerability when both hibernate.use_sql_comments and JPQL String literals are used

A flaw was found in hibernate-core in versions prior to and including 5.4.23.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allow an attacker to access unauthorized...

Vulnerabilities fixed in ClearPass Policy Manager

Vulnerabilities have been fixed in ClearPass Policy Manager. The vulnerabilities allow a malicious party to conduct attacks execute attacks that result in the following categories of damage: Cross-Site Scripting XSS. Remote code execution Administrator/Root rights SQL Injection Increased user...

SourceCodester user area for Library System SQL Injection Vulnerability

SourceCodester user area for Library System is a library management system from SourceCodester, Inc. A SQL injection vulnerability exists in the SourceCodester user area for Library System, which arises from a lack of validation of externally-entered SQL statements in database-based applications...

CVE-2021-26751

NeDi 1.9C allows an authenticated user to perform a SQL Injection in the Monitoring History function on the endpoint /Monitoring-History.php via the det HTTP GET parameter. This allows an attacker to access all the data in the database and obtain access to the NeDi application...

Vulnerabilities fixed in Oracle Communications

Vulnerabilities have been fixed in Oracle Communications. The vulnerabilities allow a malicious party to carry out attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS. Circumvention of security measure SQL Injection Accessing sensitive data Accessing...

PT-2021-1831 · Cisco · Cisco Unified Communications Manager Im & Presence Service +2

Name of the Vulnerable Software and Affected Versions: Cisco Unified Communications Manager IM & Presence Service Unified CM IM&P affected versions not specified Cisco Unified Communications Manager Unified CM affected versions not specified Cisco Unified Communications Manager Session Management...

Cisco Data Center Network Manager SQL注入漏洞

Cisco Data Center Network Manager DCNM is a suite of data center network managers from Cisco that provides multiprotocol management of the network and troubleshooting of switch operating conditions and performance. A SQL injection vulnerability exists in the REST API endpoint of Cisco Data Center...

Sourcecodester Restaurant Reservation System SQL Injection Vulnerability

Sourcecodester Restaurant Reservation System is a Php-based restaurant reservation system by the individual developer of Sourcecodester. A security vulnerability in Restaurant Reservation System 1.0 allows remote, authenticated attackers to execute arbitrary SQL commands via the date parameter in...

Egavilanmedia User Registration & Login System SQL Injection Vulnerability

Egavilanmedia User Registration & Login System is a management platform for user registration and login from Egavilanmedia, USA. A SQL injection vulnerability exists in EGavilanMedia User Registration and Login System With Admin Panel version 1.0, which stems from a lack of validation of external...

SourceCodester Online Library Management System SQL Injection Vulnerability

SourceCodester Online Library Management System is an online library management system from SourceCodester, Inc. in the United States. A SQL injection vulnerability exists in SourceCodester Online Library Management System 1.0, which allows an attacker to bypass user authentication and emulate...

hibernate-core: SQL injection vulnerability when both hibernate.use_sql_comments and JPQL String literals are used

A flaw was found in hibernate-core in versions prior to and including 5.4.23.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allow an attacker to access unauthorized...

hibernate-core: SQL injection vulnerability when both hibernate.use_sql_comments and JPQL String literals are used

A flaw was found in hibernate-core in versions prior to and including 5.4.23.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allow an attacker to access unauthorized...

CVE-2020-28138

SourceCodester Online Clothing Store 1.0 is affected by a SQL Injection via the txtUserName parameter to login.php...

SQL Injection Vulnerability in Taiwan Billionaire Web Design Company's Website Building System

Taiwan Billion Web Design is a web design company. A SQL injection vulnerability exists in the web design system of Taiwan Billion Web Design Company, which can be exploited by attackers to obtain sensitive information from the database...

Vulnerabilities fixed in QNAP QTS

Vulnerabilities have been fixed in QNAP-QTS, Music-Station and Photo-Station. The vulnerabilities allow a malicious person to perform attacks that result in the following categories of damage: Cross-Site Scripting XSS. Remote code execution User Rights SQL Injection Access to system data QNAP has...

Five Fingers CMS suffers from SQL injection vulnerability (CNVD-2020-62401)

Five Fingers CMS is an open source content management system that supports LNAMP architecture. Five Fingers CMS has a SQL injection vulnerability that can be exploited by attackers to obtain sensitive data...

MetInfo SQL Injection Vulnerability (CNVD-2021-05409)

MetInfo using PHP + Mysql architecture, is a very SEO-friendly, full-featured, support for multi-language, responsive display, extremely suitable for business, corporate website construction cms station-building system. MetInfo 7.0.0 beta version has SQL injection vulnerability. Attackers can...

CVE-2020-24623

A potential security vulnerability has been identified in Hewlett Packard Enterprise Universal API Framework. The vulnerability could be remotely exploited to allow SQL injection in HPE Universal API Framework for VMware Esxi v2.5.2 and HPE Universal API Framework for Microsoft Hyper-V VHD...

vulhub

It is an offensive tool for web application security training. The primary target product/service or framework is not explicitly stated, but it appears to be a collection of vulnerable environments based on Docker-Compose. The vulnerability class/vector is not specified, but it likely involves we...

CVE-2020-24315

Vinoj Cardoza WordPress Poll Plugin v36 and lower executes SQL statement passed in via the pollid POST parameter due to a lack of user input escaping. This allows users who craft specific SQL statements to dump the entire targets database...