Wazifa System updatesettings.php file SQL injection vulnerability

Wazifa System is a content management system. Wazifa System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter Password in the file /controllers/updatesettings.php. An attacker can use this vulnerability to...

CVE-2025-54119

ADOdb is a PHP database class library that provides abstractions for performing queries and managing databases. In versions 5.22.9 and below, improper escaping of a query parameter may allow an attacker to execute arbitrary SQL statements when the code using ADOdb connects to a sqlite3 database a...

SQL Injection

eKuiper is vulnerable to SQL Injection. The vulnerability is due to failure to sanitize user-controlled table name input in the getLast API, allowing unauthenticated attackers to execute arbitrary SQL statements...

BIT-SQLITE-2025-7458 SQLite integer overflow in key info allocation may lead to information disclosure.

An integer overflow in the sqlite3KeyInfoFromExprList function in SQLite versions 3.39.2 through 3.41.1 allows an attacker with the ability to execute arbitrary SQL statements to cause a denial of service or disclose sensitive information from process memory via a crafted SELECT statement with a...

CVE-2025-7458

An integer overflow in the sqlite3KeyInfoFromExprList function in SQLite versions 3.39.2 through 3.41.1 allows an attacker with the ability to execute arbitrary SQL statements to cause a denial of service or disclose sensitive information from process memory via a crafted SELECT statement with a...

CVE-2025-7458 SQLite integer overflow in key info allocation may lead to information disclosure.

An integer overflow in the sqlite3KeyInfoFromExprList function in SQLite versions 3.39.2 through 3.41.1 allows an attacker with the ability to execute arbitrary SQL statements to cause a denial of service or disclose sensitive information from process memory via a crafted SELECT statement with a...

SQLite -- integer overflow in key info allocation

[email protected] reports: An integer overflow in the sqlite3KeyInfoFromExprList function in SQLite versions 3.39.2 through 3.41.1 allows an attacker with the ability to execute arbitrary SQL statements to cause a denial of service or disclose sensitive information from process memory v...

PT-2025-31202

Name of the Vulnerable Software and Affected Versions SQLite versions 3.39.2 through 3.41.1 Description An integer overflow in the sqlite3KeyInfoFromExprList function allows an attacker with the ability to execute arbitrary SQL statements to cause a denial of service or disclose sensitive...

Local Services Search Engine Management System SQL Injection Vulnerability

Local Services Search Engine Management System is a local services search engine management system. Local Services Search Engine Management System suffers from a SQL injection vulnerability, which originates from the lack of validation of the editid parameter in the file...

BIT-MARIADB-MIN-2022-27387

MariaDB Server v10.7 and below was discovered to contain a global buffer overflow in the component decimalbinsize, which is exploited via specially crafted SQL statements...

BIT-MARIADB-MIN-2022-27384

An issue in the component Itemsubselect::initexprcachetracker of MariaDB Server v10.6 and below was discovered to allow attackers to cause a Denial of Service DoS via specially crafted SQL statements...

BIT-MARIADB-MIN-2022-27381

An issue in the component Field::setdefault of MariaDB Server v10.6 and below was discovered to allow attackers to cause a Denial of Service DoS via specially crafted SQL statements...

BIT-MARIADB-MIN-2022-27380

An issue in the component mydecimal::operator= of MariaDB Server v10.6.3 and below was discovered to allow attackers to cause a Denial of Service DoS via specially crafted SQL statements...

BIT-MARIADB-MIN-2022-27379

An issue in the component Argcomparator::comparerealfixed of MariaDB Server v10.6.2 and below was discovered to allow attackers to cause a Denial of Service DoS via specially crafted SQL statements...

BIT-MARIADB-MIN-2022-27378

An issue in the component Createtmptable::finalize of MariaDB Server v10.7 and below was discovered to allow attackers to cause a Denial of Service DoS via specially crafted SQL statements...

BIT-MARIADB-MIN-2022-27377

MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component Itemfuncin::cleanup, which is exploited via specially crafted SQL statements...

PHPGurukul Small CRM 注入漏洞

Small CRM is a customer relationship management system. Small CRM suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter aremark in the file /admin/manage-tickets.php. An attacker can exploit this vulnerability ...

CVE-2024-57618

An issue in the bindcolexp component of MonetDB Server v11.47.11 allows attackers to cause a Denial of Service DoS via crafted SQL statements...

CVE-2024-57626

An issue in the matjoin2 component of MonetDB Server v11.49.1 allows attackers to cause a Denial of Service DoS via crafted SQL statements...

CVE-2024-57627

An issue in the gccol component of MonetDB Server v11.49.1 allows attackers to cause a Denial of Service DoS via crafted SQL statements...