CVE-2020-2240

A cross-site request forgery CSRF vulnerability in Jenkins database Plugin 1.6 and earlier allows attackers to execute arbitrary SQL scripts...

CVE-2020-20295

An issue was found in CMSWing project version 1.3.8. Because the updateAction function does not check the detail parameter, malicious parameters can execute arbitrary SQL commands...

CVE-2010-1950

SQL injection vulnerability in the Online News Paper Manager comjnewspaper component 1.0 for Joomla!, when magicquotesgpc is disabled, allows remote attackers to execute arbitrary SQL commands via the dateinfo parameter to index.php. NOTE: the provenance of this information is unknown; the detail...

CVE-2013-5121

SQL injection vulnerability in PHPFox before 3.6.0 build6 allows remote attackers to execute arbitrary SQL commands via the searchsortby parameter to user/browse/view/...

PT-2025-20843 · Siemens · Desigo Cc

Name of the Vulnerable Software and Affected Versions: Desigo CC All versions if access from Installed Clients to Desigo CC server is allowed from networks outside of a highly protected zone Desigo CC All versions if access from Installed Clients to Desigo CC server is only allowed within highly...

postgresql:15 security update

An update is available for postgresql, postgres-decoderbufs, module.pgrepack, module.pgaudit, module.postgresql, pgaudit, pgrepack, module.postgres-decoderbufs. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

RLSA-2024:6001 Important: postgresql:15 security update

PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: PostgreSQL relation replacement during pgdump executes arbitrary SQL CVE-2024-7348 postgresql: PostgreSQL pgstatsext and pgstatsextexprs lack authorization checks CVE-2024-4317 For more detail...

ROS-20250505-04

The vulnerability of the Zabbix universal monitoring system is related to insufficient cleansing of user data passed via the "groupBy" parameter in include/classes/api/CApiService.php. Exploitation of the vulnerability could allow a remote attacker to execute arbitrary SQL queries in the database...

SQL injection in ADOdb PostgreSQL driver pg_insert_id() method

Improper escaping of a query parameter may allow an attacker to execute arbitrary SQL statements when the code using ADOdb connects to a PostgreSQL database and calls pginsertid with user-supplied data. Note that the indicated Severity corresponds to a worst-case usage scenario...

CVE-2025-45021

A SQL Injection vulnerability was identified in the admin/edit-directory.php file of the PHPGurukul Directory Management System v2.0. Attackers can exploit this vulnerability via the email parameter in a POST request to execute arbitrary SQL commands...

PT-2025-37309

Name of the Vulnerable Software and Affected Versions Chamilo versions prior to 1.11.30 Description Chamilo is a learning management system with an OS Command Injection issue in the /main/cron/lang/check parse lang.php file. Exploitation may allow a remote attacker to execute arbitrary SQL querie...

CVE-2025-22953

A SQL injection vulnerability exists in Epicor HCM 2021 1.9, with patches available: 5.16.0.1033/HCM2022, 5.17.0.1146/HCM2023, and 5.18.0.573/HCM2024. The injection is specifically in the filter parameter of the JsonFetcher.svc endpoint. An attacker can exploit this vulnerability by injecting...

CVE-2024-10901

In eosphoros-ai/db-gpt version v0.6.0, the web API POST /api/v1/editor/chart/run allows execution of arbitrary SQL queries without any access control. This vulnerability can be exploited by attackers to perform Arbitrary File Write, enabling them to write arbitrary files to the victim's file...

CVE-2024-10835

In eosphoros-ai/db-gpt version v0.6.0, the web API POST /api/v1/editor/sql/run allows execution of arbitrary SQL queries without any access control. This vulnerability can be exploited by attackers to perform Arbitrary File Write using DuckDB SQL, enabling them to write arbitrary files to the...

CVE-2024-10901

In eosphoros-ai/db-gpt version v0.6.0, the web API POST /api/v1/editor/chart/run allows execution of arbitrary SQL queries without any access control. This vulnerability can be exploited by attackers to perform Arbitrary File Write, enabling them to write arbitrary files to the victim's file...

CVE-2024-10835

In eosphoros-ai/db-gpt version v0.6.0, the web API POST /api/v1/editor/sql/run allows execution of arbitrary SQL queries without any access control. This vulnerability can be exploited by attackers to perform Arbitrary File Write using DuckDB SQL, enabling them to write arbitrary files to the...

CVE-2024-10901

CVE-2024-10901 affects eosphoros-ai/db-gpt. In v0.6.0 (and earlier per OSV entry), the web API POST /api/v1/editor/chart/run allows executing arbitrary SQL without access controls, enabling Arbitrary File Write and potentially Remote Code Execution by writing files such as init .py into Python’s ...

CVE-2024-10835

CVE-2024-10835 affects eosphoros-ai/db-gpt v0.6.0. The web API endpoint POST /api/v1/editor/sql/run allows executing arbitrary SQL without access control, enabling Arbitrary File Write via DuckDB SQL and potentially Remote Code Execution (RCE). Affected component: DB-GPT web API handler for edito...

WordPress Awesome Import & Export plugin license issue vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. An authorization issue...

MENNEKES Ladesäule Smart SQL注入漏洞

MENNEKES Ladesäule Smart is a smart charging post from MENNEKES. A SQL injection vulnerability exists in MENNEKES Ladesäule Smart versions prior to 2.15, which stems from an insufficient value neutralization and could lead to the execution of arbitrary SQL commands...