SQL Injection

github.com/flyteorg/flyteadmin is vulnerable to SQL Injection. The vulnerability exists because the custom sql statements are not properly handled which allows an attacker to inject and execute arbitrary sql queries...

Flyte Admin SQL Injection in List Filters

Impact List endpoints on Flyte Admin has a SQL vulnerability where a malicious user can send a REST requests with custom SQL statements as list filters. Workarounds The attacker needs to have access to the flyteadmin installation typically either behind a VPN or authentication. References...

GHSA-R847-6W6H-R8G4 Flyte Admin SQL Injection in List Filters

Impact List endpoints on Flyte Admin has a SQL vulnerability where a malicious user can send a REST requests with custom SQL statements as list filters. Workarounds The attacker needs to have access to the flyteadmin installation typically either behind a VPN or authentication. References...

Sql injection

An issue was discovered in /fcgi/scrutfcgi.fcgi in Plixer Scrutinizer before 19.3.1. The csvExportReport endpoint action generateCSV is vulnerable to SQL injection through the sorting parameter, allowing an unauthenticated user to execute arbitrary SQL statements in the context of the application...

CVE-2023-29245

A SQL Injection vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in certain fields used in the Asset Intelligence functionality of our IDS, may allow an unauthenticated attacker to execute arbitrary SQL statements on the DBMS used by the web application by sendi...

Sql injection

A SQL Injection vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in certain fields used in the Asset Intelligence functionality of our IDS, may allow an unauthenticated attacker to execute arbitrary SQL statements on the DBMS used by the web application by sendi...

ScienceLogic SL1 SQL Injection Vulnerability (CNVD-2023-66427)

ScienceLogic SL1 is an application from ScienceLogic, Inc. Connect your real estate together to automate multidirectional data flow and workflow. A SQL injection vulnerability exists in ScienceLogic SL1 11.1.2 and earlier versions, which stems from a lack of validation of externally entered SQL...

ScienceLogic SL1 SQL Injection Vulnerability (CNVD-2023-66416)

ScienceLogic SL1 is an application from ScienceLogic, Inc. Connect your real estate together to automate multidirectional data flow and workflow. A SQL injection vulnerability exists in ScienceLogic SL1 11.1.2 and earlier versions, which stems from a lack of validation of externally entered SQL...

WordPress plugin MultiParcels Shipping For WooCommerce SQL Injection Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A SQL injection vulnerability exists in the...

CVE-2023-26217

The Data Exchange Add-on component of TIBCO Software Inc.'s TIBCO EBX Add-ons contains an easily exploitable vulnerability that allows a low privileged user with import permissions and network access to the EBX server to execute arbitrary SQL statements on the affected system. Affected releases a...

Design/Logic Flaw

The Data Exchange Add-on component of TIBCO Software Inc.'s TIBCO EBX Add-ons contains an easily exploitable vulnerability that allows a low privileged user with import permissions and network access to the EBX server to execute arbitrary SQL statements on the affected system. Affected releases a...

CVE-2023-26217 TIBCO EBX Add-ons SQL Injection Vulnerability

The Data Exchange Add-on component of TIBCO Software Inc.'s TIBCO EBX Add-ons contains an easily exploitable vulnerability that allows a low privileged user with import permissions and network access to the EBX server to execute arbitrary SQL statements on the affected system. Affected releases a...

CVE-2023-26217 TIBCO EBX Add-ons SQL Injection Vulnerability

The Data Exchange Add-on component of TIBCO Software Inc.'s TIBCO EBX Add-ons contains an easily exploitable vulnerability that allows a low privileged user with import permissions and network access to the EBX server to execute arbitrary SQL statements on the affected system. Affected releases a...

TIBCO Security Advisory: July 18, 2023 - TIBCO EBX Add-ons -CVE-2023-26217

TIBCO EBX Add-ons SQL Injection Vulnerability Original release date: July 18, 2023 Last revised:--- CVE-2023-26217 Source: TIBCO SoftwareInc. Products Affected TIBCO EBX Add-ons versions 4.5.17 and below TIBCO EBX Add-ons versions 5.6.2 and below TIBCO EBX Add-ons version 6.1.0 The following...

CVE-2023-36370

An issue in the gccol component of MonetDB Server v11.45.17 and v11.46.0 allows attackers to cause a Denial of Service DoS via crafted SQL statements...

CVE-2023-36362

An issue in the relsequences component of MonetDB Server v11.45.17 and v11.46.0 allows attackers to cause a Denial of Service DoS via crafted SQL statements...

CVE-2023-36364

An issue in the reldeps component of MonetDB Server v11.45.17 and v11.46.0 allows attackers to cause a Denial of Service DoS via crafted SQL statements...

CVE-2023-36365

An issue in the sqltranscopykey component of MonetDB Server v11.45.17 and v11.46.0 allows attackers to cause a Denial of Service DoS via crafted SQL statements...

CVE-2023-36368

An issue in the csbindubat component of MonetDB Server v11.45.17 and v11.46.0 allows attackers to cause a Denial of Service DoS via crafted SQL statements...

CVE-2023-36363

An issue in the nssdatabaselookup component of MonetDB Server v11.45.17 and v11.46.0 allows attackers to cause a Denial of Service DoS via crafted SQL statements...