PostgreSQL SQL Injection Vulnerability

PostgreSQL is a free object-relational database management system from the PostgreSQL organization. The system supports most of the SQL standards and provides many other features, such as foreign keys, triggers, views, and so on. A SQL injection vulnerability exists in PostgreSQL versions 9.4...

SaltStack Salt MySQL Module SQL Injection Vulnerability

SaltStack Salt is a set of open source tools for managing infrastructure from SaltStack. The tool provides configuration management, remote execution, and more. A SQL injection vulnerability exists in the SaltStack Salt MySQL module. The vulnerability stems from a lack of validation of externally...

Input validation

An issue was discovered in the D-Link Central WiFi Manager CWM100 before v1.03R0100BETA6. Input does not get validated and arbitrary SQL statements can be executed in the database via the /web/Public/Conn.php parameter dbSQL...

Harmis JE Messenger Component SQL Injection Vulnerability in Joomla!

Joomla! is an open source, cross-platform content management system CMS developed by the Open Source Matters team in the United States using PHP and MySQL. Harmis JE Messenger component is used in one of the personal messaging components, which supports incoming and outgoing e-mail and online...

CVE-2019-9204

SQL injection vulnerability in Nagios IM component of Nagios XI before 2.2.7 allows attackers to execute arbitrary SQL commands...

CVE-2017-18362

ConnectWise ManagedITSync integration through 2017 for Kaseya VSA is vulnerable to unauthenticated remote commands that allow full direct access to the Kaseya VSA database. In February 2019, attackers have actively exploited this in the wild to download and execute ransomware payloads on all...

CVE-2019-6244

An issue was discovered in UsualToolCMS 8.0. cmsadmin/asqlbackx.php?t=sql allows CSRF attacks that can execute SQL statements, and consequently execute arbitrary PHP code by writing that code into a .php file...

CVE-2018-16803

In CIMTechniques CIMScan 6.x through 6.2, the SOAP WSDL parser allows attackers to execute SQL code...

Directory Traversal Vulnerability in Changchun Lingzhan Software Company's College Academic Affairs Management System v6.0

Changchun Lingzhan Software Co., Ltd. is a high-tech enterprise specializing in the development and sale of application software for the education industry. A directory traversal vulnerability exists in the Changchun Lingzhan Software Co. An attacker can exploit the vulnerability by traversing th...

youke365 SQL Injection Vulnerability

youke365 is an open source navigation management system. The admin/login.html page in version 1.1.5 of youke365 suffers from a SQL injection vulnerability that can be exploited by remote attackers to execute arbitrary SQL commands...

Wordpress Arigato Autoresponder and Newsletter SQL Injection Vulnerability

WordPress is a blogging platform developed by the WordPress Software Foundation using the PHP language, which supports personal blog sites on PHP and MySQL servers.Arigato Autoresponder and Newsletter is an autoresponder plugin that is used in... A SQL injection vulnerability exists in Wordpress...

Multiple Vulnerabilities in MySQL Smart Reports 'id'

MySQL Smart Reports is a complete solution for generating reports using existing MySQL databases. An attacker can exploit this vulnerability to execute arbitrary SQL commands. A SQL injection and cross-site scripting vulnerability exists in MySQL Smart Reports 'id'. An attacker can exploit this...

MySQL Blob Uploader 'home-filet-edit.php' SQL Injection Vulnerability

MySQL Blob Uploader is a database file upload script. MySQL Blob Uploader 'home-filet-edit.php' suffers from a SQL injection vulnerability that can be exploited by an attacker to execute arbitrary SQL commands...

CVE-2018-10351

A vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow a remote attacker to execute arbitrary SQL statements on vulnerable installations due to a flaw in the formRegistration2 class. Authentication is required to exploit this vulnerability...

CVE-2018-10352

A vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow a remote attacker to execute arbitrary SQL statements on vulnerable installations due to a flaw in the formConfiguration class. Authentication is required to exploit this vulnerability...

ProjectPier PHP Remote File Inclusion Vulnerability

Project Pier is a free open source project management system . A PHP remote file inclusion vulnerability exists in the public/patch/patch.php file in Project Pier 0.8.8 and earlier versions. A remote attacker can exploit this vulnerability to execute arbitrary commands or SQL statements with the...

phpMyAdmin Cross Site Request Forgery

Exploit Title: phpMyAdmin 4.8.0 Drop database 3. Solution: Upgrade to phpMyAdmin 4.8.0-1 or newer. 4. Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10188...

DEBIAN-CVE-2018-10188

phpMyAdmin 4.8.0 before 4.8.0-1 has CSRF, allowing an attacker to execute arbitrary SQL statements, related to js/dboperations.js, js/tbloperations.js, libraries/classes/Operations.php, and sql.php...

CVE-2018-10188

phpMyAdmin 4.8.0 before 4.8.0-1 has CSRF, allowing an attacker to execute arbitrary SQL statements, related to js/dboperations.js, js/tbloperations.js, libraries/classes/Operations.php, and sql.php...

CSRF vulnerability allowing arbitrary SQL execution

PMASA-2018-2 Announcement-ID: PMASA-2018-2 Date: 2018-04-17 Summary CSRF vulnerability allowing arbitrary SQL execution Description By deceiving a user to click on a crafted URL, it is possible for an attacker to execute arbitrary SQL commands. Severity We consider this vulnerability to be...