SUSE CVE-2020-2240

A cross-site request forgery CSRF vulnerability in Jenkins database Plugin 1.6 and earlier allows attackers to execute arbitrary SQL scripts...

CVE-2022-45889

Planet eStream before 6.72.10.07 allows a remote attacker who is a publisher or admin to obtain access to all records stored in the database, and achieve the ability to execute arbitrary SQL commands, via Search the StatisticsResults.aspx flt parameter...

CVE-2022-45889

Planet eStream

CVE-2022-39362 Metabase vulnerable to arbitrary SQL execution from queryhash

Metabase is data visualization software. Prior to versions 0.44.5, 1.44.5, 0.43.7, 1.43.7, 0.42.6, 1.42.6, 0.41.9, and 1.41.9, unsaved SQL queries are auto-executed, which could pose a possible attack vector. This issue is patched in versions 0.44.5, 1.44.5, 0.43.7, 1.43.7, 0.42.6, 1.42.6, 0.41.9...

Security Bulletin: IBM Sterling Connect:Direct for Microsoft Windows is vulnerable to remote SQL execution due to PostgreSQL (CVE-2022-1552)

Summary There is a vulnerability in PostgreSQL used by IBM Sterling Connect:Direct for Microsoft Windows. IBM Sterling Connect:Direct for Microsoft Windows has addressed the applicable CVE. Vulnerability Details CVEID: CVE-2022-1552 DESCRIPTION: PostgreSQL remote authenticated attacker to bypass...

WUZHI CMS SQL注入漏洞

WUZHI CMS is a PHP and MySQL-based open source content management system CMS from WUZHI. v4.1.0 of WUZHI CMS is vulnerable to SQL injection, which can be exploited to execute arbitrary SQL commands via the $keyValue parameter in /coreframe/app/pay/admin/index.php. parameter in...

WordPress plugin Export any WordPress data to XML/CSV SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection vulnerabili...

postgresql: Autovacuum, REINDEX, and others omit "security restricted operation" sandbox

A flaw was found in PostgreSQL. There is an issue with incomplete efforts to operate safely when a privileged user is maintaining another user's objects. The Autovacuum, REINDEX, CREATE INDEX, REFRESH MATERIALIZED VIEW, CLUSTER, and pgamcheck commands activated relevant protections too late or no...

GHSA-JF9J-HX2J-M9XH CSRF vulnerability in Jenkins Database Plugin

Database Plugin 1.6 and earlier does not require POST requests for the database console, resulting in a cross-site request forgery CSRF vulnerability. This vulnerability allows attackers to execute arbitrary SQL scripts. Database Plugin 1.7 removes the database console...

ED01-CMS SQL注入漏洞

Ed01-Cms is a Cms project in the Udemy course. version 20180505 of ED01-CMS is vulnerable to a SQL injection vulnerability that stems from a lack of validation of externally entered SQL statements in post.php. An attacker could use this vulnerability to execute illegal SQL commands to steal...

Vulnerability fixed in Microsoft Dynamics

A vulnerability has been fixed in Microsoft Dynamics. The vulnerability potentially allows an authenticated user to to execute arbitrary SQL code on the Dynamics database. Microsoft Dynamics: |----------------|------|-------------------------------------| | CVE ID | CVSS | Impact |...

CVE-2020-24770

SQL injection vulnerability in modrules.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the id parameter...

CVE-2021-27464

The ArchiveService.rem service in Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier exposes functions lacking proper authentication. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary SQL statements...

cyrus-sasl: failure to properly escape SQL input allows an attacker to execute arbitrary SQL commands

A flaw was found in the SQL plugin shipped with Cyrus SASL. The vulnerability occurs due to failure to properly escape SQL input and leads to an improper input validation vulnerability. This flaw allows an attacker to execute arbitrary SQL commands and the ability to change the passwords for othe...

CLSA-2022-1646061219 Fixed CVE-2022-24407 in cyrus-sasl

CVE-2022-24407: Fix failure to properly escape SQL input allows an attacker to execute arbitrary SQL commands...

[SECURITY] Fedora 35 Update: phpMyAdmin-5.1.3-1.fc35

phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the Web. Currently it can create and drop databases, create/drop/alter tables, delete/edit/add fields, execute any SQL statement, manage keys on fields, manage privileges,export data into various formats and i...

CVE-2021-41659

SQL injection vulnerability in Sourcecodester Banking System v1 by oretnom23, allows attackers to execute arbitrary SQL commands via the username or password field...

Online Reviewer System SQL注入漏洞

Online Reviewer System is a software application. An Online Reviewer System. A SQL injection vulnerability exists in Online Reviewer System, which originates from the product's password parameter not effectively filtering user input data for special characters. The vulnerability can be exploited ...

CVE-2021-34684

Hitachi Vantara Pentaho Business Analytics through 9.1 allows an unauthenticated user to execute arbitrary SQL queries on any Pentaho data source and thus retrieve data from the related databases, as demonstrated by an api/repos/dashboards/editor URI...

CVE-2021-40842

Proofpoint Insider Threat Management Server contains a SQL injection vulnerability in the Web Console. The vulnerability exists due to improper input validation on the database name parameter required in certain unauthenticated APIs. A malicious URL visited by anyone with network access to the...