Sql injection

SQL injection in School Management System 1.0 allows remote attackers to modify or delete data, causing persistent changes to the application's content or behavior by using malicious SQL queries...

SQL Injection

jeecg-boot-base-core is vulnerable to sql injection. The vulnerability exists because the filterContent function of SqlInjectionUtil.java does not properly replace the value parameter, allowing an attacker to inject and execute malicious SQL queries...

WordPress My wpdb plugin cross-site request forgery vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...

The vulnerability of the Create_tmp_table::finalize component of the MariaDB database, which allows a hacker to trigger a service failure.

The vulnerability of the Createtmptable::finalize component in the MariaDB database lies in the lack of protective measures for SQL query structures. Exploiting this vulnerability allows a malicious actor to trigger service failures through a specially crafted SQL query...

Regular Expression Denial Of Service (ReDoS)

snowflake-connector-python is vulnerable to regular expression denial of service. The vulnerability is due to the getfiletransfertype function in cursor.py which does not properly validate the SQL queries, allowing an attacker to crash the application by providing a malicious input...

Information Disclosure

OpenCart is vulnerable to information disclosure. The vulnerability exists in multiple functions of backup.php, allowing an attacker to obtain database information or read server files by injecting and executing malicious SQL queries...

SQL Injection

github.com/ibax-io/go-ibax is vulnerable to SQL injection. The vulnerability exists in the GetRowsInfo function of database.go due to improper argument handling of the database queries which allows an attacker to inject and execute arbitrary SQL queries...

SQL Injection

github.com/ibax-io/go-ibax is vulnerable to SQL injection. The vulnerability exists in the GetRowsInfo function of database.go due to improper argument handling of the database queries which allows an attacker to inject and execute arbitrary SQL queries...

CVE-2021-36206

All versions of CEVAS prior to 1.01.46 do not sufficiently validate user-controllable input and could allow a user to bypass authentication and retrieve data with specially crafted SQL queries...

Authentication flaw

All versions of CEVAS prior to 1.01.46 do not sufficiently validate user-controllable input and could allow a user to bypass authentication and retrieve data with specially crafted SQL queries...

CVE-2021-36206 CEVAS

All versions of CEVAS prior to 1.01.46 do not sufficiently validate user-controllable input and could allow a user to bypass authentication and retrieve data with specially crafted SQL queries...

Sql injection

The affected product DIAEnergie versions prior to v1.9.01.002 is vulnerable to a SQL injection that exists in CheckIoTHubNameExisted. A low-privileged authenticated attacker could exploit this issue to inject arbitrary SQL queries...

CVE-2022-41133 Delta Electronics DIAEnergie

The affected product DIAEnergie versions prior to v1.9.01.002 is vulnerable to a SQL injection that exists in GetDIAElinemessagesettingsListParameters. A low-privileged authenticated attacker could exploit this issue to inject arbitrary SQL queries...

CVE-2022-39362

Metabase is data visualization software. Prior to versions 0.44.5, 1.44.5, 0.43.7, 1.43.7, 0.42.6, 1.42.6, 0.41.9, and 1.41.9, unsaved SQL queries are auto-executed, which could pose a possible attack vector. This issue is patched in versions 0.44.5, 1.44.5, 0.43.7, 1.43.7, 0.42.6, 1.42.6, 0.41.9...

CVE-2022-39362 Metabase vulnerable to arbitrary SQL execution from queryhash

Metabase is data visualization software. Prior to versions 0.44.5, 1.44.5, 0.43.7, 1.43.7, 0.42.6, 1.42.6, 0.41.9, and 1.41.9, unsaved SQL queries are auto-executed, which could pose a possible attack vector. This issue is patched in versions 0.44.5, 1.44.5, 0.43.7, 1.43.7, 0.42.6, 1.42.6, 0.41.9...

CVE-2022-39361 Metabase vulnerable to Remote Code Execution via H2

Metabase is data visualization software. Prior to versions 0.44.5, 1.44.5, 0.43.7, 1.43.7, 0.42.6, 1.42.6, 0.41.9, and 1.41.9, H2 Sample Database could allow Remote Code Execution RCE, which can be abused by users able to write SQL queries on H2 databases. This issue is patched in versions 0.44.5...

CVE-2022-39362 Metabase vulnerable to arbitrary SQL execution from queryhash

Metabase is data visualization software. Prior to versions 0.44.5, 1.44.5, 0.43.7, 1.43.7, 0.42.6, 1.42.6, 0.41.9, and 1.41.9, unsaved SQL queries are auto-executed, which could pose a possible attack vector. This issue is patched in versions 0.44.5, 1.44.5, 0.43.7, 1.43.7, 0.42.6, 1.42.6, 0.41.9...

CVE-2022-39303

Ree6 is a moderation bot. This vulnerability allows manipulation of SQL queries. This issue has been patched in version 1.7.0 by using Javas PreparedStatements, which allow object setting without the risk of SQL injection. There are currently no known workarounds...

The vulnerability of software for centralized device management in the Zyxel Cloud network lies in the lack of protective measures for SQL query structures, allowing attackers to gain unauthorized access to protected information.

The vulnerability of the software for centralized device management in the Zyxel Cloud network is related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows an attacker to gain unauthorized access to protected information through MySQL queries lik...

Centreon Poller Broker SQL Injection Privilege Escalation Vulnerability

This vulnerability allows remote attackers to escalate privileges on affected installations of Centreon. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of requests to modify poller broker configuration. The issue results from the lack of...