Sqlite has an unspecified vulnerability (CNVD-2022-18011)

Sqlite is a lightweight database, a relational database management system that adheres to ACID. SQLite3 versions 3.35.1 and 3.37.0 contain a security vulnerability that can be exploited by attackers to query records and leak subsequent memory bytes beyond the record to obtain sensitive informatio...

CVE-2021-45346

CVE-2021-45346 : SQLite3 (SQLite project) versions 3.35.1 and 3.37.0 are reported to have a memory-leak vulnerability triggered by maliciously crafted SQL queries (via editing the database file). The flaw could allow leaking memory beyond the queried record, potentially exposing sensitive informa...

EulerOS Virtualization 3.0.6.0 : sqlite (EulerOS-SA-2022-1095)

According to the versions of the sqlite packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - DISPUTED A segmentation fault can occur in the sqlite3.exe command-line component of SQLite 3.36.0 via the idxGetTableInfo functi...

CVE-2022-23320

XMPie uStore 12.3.7244.0 allows for administrators to generate reports based on raw SQL queries. Since the application ships with default administrative credentials, an attacker may authenticate into the application and exfiltrate sensitive information from the database...

MartDevelopers Iresturant SQL注入漏洞

MartDevelopers Iresturant is an open source lightweight restaurant Erp from MartDevelopers Kenya. used to integrate social restaurant operations into one system. a SQL injection vulnerability exists in MartDevelopers iResturant v1.0, which stems from adding this when viewing a reservation view...

PT-2022-1611 · Mariadb +10 · Mariadb +11

Name of the Vulnerable Software and Affected Versions: MariaDB affected versions not specified Description: This issue allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this issue. The specific flaw exists within the processi...

PT-2022-1638 · Mariadb +10 · Mariadb +11

Name of the Vulnerable Software and Affected Versions: MariaDB affected versions not specified Description: This issue allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this issue. The specific flaw exists within the processi...

Apache Kylin Input Validation Error Vulnerability

Apache Kylin is an open source distributed analytic data warehouse from the Apache Foundation. The product mainly provides SQL query interface on top of Hadoop/Spark and multi-dimensional analysis OLAP and other functions. Apache kylin has an input validation error vulnerability, which stems from...

Apache Kylin server-side request forgery vulnerability

Apache Kylin is an open source distributed analytic data warehouse from the Apache Foundation. The product mainly provides Hadoop/Spark on top of the SQL query interface and multidimensional analysis OLAP and other functions. Apache kylin has a server-side request forgery vulnerability, which ste...

UBUNTU-CVE-2022-21664

WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. Due to lack of proper sanitization in one of the classes, there's potential for unintended SQL queries to be executed. This has been patched in WordPress version 5.8.3. Older affected...

CVE-2021-44874

Dalmark Systems Systeam 2.22.8 build 1724 is vulnerable to Insecure design on report build via SQL query. The Systeam application is an ERP system that uses a mixed architecture based on SaaS tenant and user management, and on-premise database and web application counterparts. The bi report modul...

CVE-2021-44874

CVE-2021-44874 affects Dalmark Systems Systeam 2.22.8 build 1724. The issue is an insecure design in the BI report module, where the endpoint exposes direct SQL commands via POST data to assemble reports. This allows an authenticated user to submit a SQL prompt to the BI reporting endpoint, enabl...

CVE-2021-3860

JFrog Artifactory before 7.25.4 Enterprise+ deployments only, is vulnerable to Blind SQL Injection by a low privileged authenticated user due to incomplete validation when performing an SQL query...

CVE-2021-3860

JFrog Artifactory before 7.25.4 Enterprise+ deployments only, is vulnerable to Blind SQL Injection by a low privileged authenticated user due to incomplete validation when performing an SQL query...

CVE-2021-3860

JFrog Artifactory before 7.25.4 Enterprise+ deployments only, is vulnerable to Blind SQL Injection by a low privileged authenticated user due to incomplete validation when performing an SQL query...

CVE-2021-3860

JFrog Artifactory before 7.25.4 Enterprise+ deployments only, is vulnerable to Blind SQL Injection by a low privileged authenticated user due to incomplete validation when performing an SQL query...

CVE-2020-18081

The checkuser function of SEMCMS 3.8 was discovered to contain a vulnerability which allows attackers to obtain the password in plaintext through a SQL query...

Design/Logic Flaw

The checkuser function of SEMCMS 3.8 was discovered to contain a vulnerability which allows attackers to obtain the password in plaintext through a SQL query...

CVE-2020-18081

The checkuser function of SEMCMS 3.8 was discovered to contain a vulnerability which allows attackers to obtain the password in plaintext through a SQL query...

CVE-2020-18081

The CVE-2020-18081 entry concerns SEMCMS 3.8, where the checkuser function is vulnerable to an access-control/SQL query flaw that can disclose plaintext passwords. The vulnerability allows an attacker to obtain passwords via a crafted SQL query, with network access and no authentication required ...