BIT-MARIADB-MIN-2022-24052

MariaDB CONNECT Storage Engine Heap-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the...

BIT-MARIADB-MIN-2022-24051

MariaDB CONNECT Storage Engine Format String Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL...

BIT-MARIADB-MIN-2022-24050

MariaDB CONNECT Storage Engine Use-After-Free Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL...

SQL Injection

github.com/navidrome/navidrome is vulnerable to SQL injection. The vulnerability is due to improper input validation of the role parameter in the /api/artist API endpoint, allowing attackers to inject arbitrary SQL queries...

CVE-2024-11430

The SQL Chart Builder plugin for WordPress is vulnerable to SQL Injection via the 'arg1' arg of the 'gvnschart2' shortcode in all versions up to, and including, 2.3.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This mak...

CVE-2023-26454

Requests to fetch image metadata could be abused to include SQL queries that would be executed unchecked. Exploiting this vulnerability requires at least access to adjacent networks of the imageconverter service, which is not exposed to public networks by default. Arbitrary SQL statements could b...

CVE-2023-37372

A vulnerability has been identified in RUGGEDCOM CROSSBOW All versions V5.4. The affected applications is vulnerable to SQL injection. This could allow an unauthenticated remote attackers to execute arbitrary SQL queries on the server database...

CVE-2022-23320

XMPie uStore 12.3.7244.0 allows for administrators to generate reports based on raw SQL queries. Since the application ships with default administrative credentials, an attacker may authenticate into the application and exfiltrate sensitive information from the database...

CVE-2020-11530

A blind SQL injection vulnerability is present in Chop Slider 3, a WordPress plugin. The vulnerability is introduced in the id GET parameter supplied to getscript/index.php, and allows an attacker to execute arbitrary SQL queries in the context of the WP database user...

CVE-2019-19127

An authentication bypass vulnerability is present in the standalone SITS:Vision 9.7.0 component of Tribal SITS in its default configuration, related to unencrypted communications sent by the client each time it is launched. This occurs because the Uniface TLS Driver is not enabled by default. Thi...

CVE-2003-0751

SQL injection vulnerability in passdone.php for PY-Membres 4.2 and earlier allows remote attackers to execute arbitrary SQL queries via the email parameter...

CVE-2002-2168

SQL injection vulnerability in Thorsten Korner 123tkShop before 0.3.1 allows remote attackers to execute arbitrary SQL queries via various programs including functiondescribeitem1.inc.php...

SQL Injection

seaweedfs is vulnerable to SQL injection. The vulnerability is due to improper input sanitization due to unsanitized user input being directly embedded into SQL queries in /abstractsql/abstractsqlstore.go...

CVE-2024-23815

A vulnerability has been identified in Desigo CC All versions if access from Installed Clients to Desigo CC server is allowed from networks outside of a highly protected zone, Desigo CC All versions if access from Installed Clients to Desigo CC server is only allowed within highly protected zones...

CVE-2024-23815

The CVE-2024-23815 entry concerns Siemens Desigo CC. Affected: Desigo CC server (all versions) where Installed Clients can reach the server from networks outside a highly protected zone, or only within highly protected zones. Issue: the server fails to authenticate certain client requests, allowi...

ROS-20250505-05

The vulnerability of the Zabbix universal monitoring system is related to insufficient cleansing of user data passed via the "groupBy" parameter in include/classes/api/CApiService.php. Exploitation of the vulnerability could allow a remote attacker to execute arbitrary SQL queries in the database...

The vulnerability of the LockSmtpSettings method in the software for managing and monitoring remote devices in telemetry and telemechanics systems allows a perpetrator to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the LockSmtpSettings method in the software for managing and monitoring remote devices in telemetry and telemechanics systems is related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor to compromise the...

The vulnerability of the GetActiveConnectionVariables method in the software for managing and monitoring remote objects in telemetry and telemechanics systems allows a perpetrator to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the GetActiveConnectionVariables method in software for managing and monitoring remote objects in telemetry and telemechanics systems is related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor to compromis...

WordPress plugin Frontend Dashboard SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection...

SAP NetWeaver Buffer Overflow Vulnerability

SAP NetWeaver is the German SAP SAP company's set of service-oriented integrated application platform. SAP NetWeaver suffers from a buffer overflow vulnerability that stems from improper handling of memory addresses, which could allow an attacker to execute certain forms of SQL queries. An attack...