CVE-2023-25684

IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 247597...

Sql injection

IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 247597...

CBL Mariner 2.0 Security Update: mariadb (CVE-2022-27376)

The version of mariadb installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2022-27376 advisory. - MariaDB Server v10.6.5 and below was discovered to contain an use-after-free in the component...

CBL Mariner 2.0 Security Update: mariadb (CVE-2022-27377)

The version of mariadb installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2022-27377 advisory. - MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component...

HackerOne: SQL Injection in CVE Discovery Search

Unsanitized user-controlled inputs in the CVE Discovery Search allowed for SQL injection, which could lead to the disclosure of data in the Analytics Database, including report, team, and asset data...

SUSE CVE-2008-3963

MySQL 5.0 before 5.0.66, 5.1 before 5.1.26, and 6.0 before 6.0.6 does not properly handle a b'' b single-quote single-quote token, aka an empty bit-string literal, which allows remote attackers to cause a denial of service daemon crash by using this token in a SQL statement...

SUSE CVE-2022-27379

An issue in the component Argcomparator::comparerealfixed of MariaDB Server v10.6.2 and below was discovered to allow attackers to cause a Denial of Service DoS via specially crafted SQL statements...

SUSE CVE-2022-27387

MariaDB Server v10.7 and below was discovered to contain a global buffer overflow in the component decimalbinsize, which is exploited via specially crafted SQL statements...

WordPress HTML Forms plugin SQL Injection Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection vulnerabili...

WordPress OWM Weather plugin SQL Injection Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection vulnerabili...

CVE-2022-45931

A SQL injection issue was discovered in the AAA package of OpenDaylight. The aaa-idm-store-h2/src/main/java/org/opendaylight/aaa/datastore/h2/UserStore.java deleteUser function is affected when the API interface /auth/v1/users/ is used. This may allow a malicious user to execute arbitrary sql...

CVE-2022-45932

A SQL injection issue was discovered in the AAA package of OpenDaylight. The aaa-idm-store-h2/src/main/java/org/opendaylight/aaa/datastore/h2/RoleStore.java deleteRole function is affected when the API interface /auth/v1/roles/ is used. This may allow a malicious user to execute arbitrary sql...

CVE-2022-45930

A SQL injection issue was discovered in the AAA package of OpenDaylight. The aaa-idm-store-h2/src/main/java/org/opendaylight/aaa/datastore/h2/DomainStore.java deleteDomain function is affected for the /auth/v1/domains/ API interface. This may allow a malicious user to execute arbitrary sql...

SQL Injection

silverstripe/framework is vulnerable to SQL Injection. The vulnerability exists in the getManipulatedData function in GridFieldSortableHeader.php where an attacker with cms access could execute an arbitrary sql statements...

IBM DB2 Denial of Service Vulnerability (CNVD-2022-78139)

IBM DB2 is a relational database management system from International Business Machines IBM of the United States. The system is implemented in UNIX, Linux, IBMi, z/OS, and Windows server versions.A denial-of-service vulnerability exists in IBM DB2 versions 9.7, 10.1, 10.5, 11.1, and 11.5. An...

EulerOS 2.0 SP3 : mariadb (EulerOS-SA-2022-2624)

According to the versions of the mariadb packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - MariaDB Server v10.6 and below was discovered to contain an use-after-free in the component mystrcasecmp8bit, which is exploited via specially...

CVE-2022-3395 WP All Export Pro < 1.7.9 - Authenticated SQLi

The WP All Export Pro WordPress plugin before 1.7.9 uses the contents of the ccsql POST parameter directly as a database query, allowing users which has been given permission to run exports to execute arbitrary SQL statements, leading to a SQL Injection vulnerability. By default only users with t...

Huawei EulerOS: Security Advisory for mariadb (EulerOS-SA-2022-2573)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Wedding Planner package_detail.php SQL Injection Vulnerability

Wedding Planner is a wedding planner program. Designed to provide users with an easy way to plan their wedding through a web application while using real data. Wedding Planner v1.0 suffers from a SQL injection vulnerability that stems from a lack of validation of the id parameter in...

Sql injection

The Ketchup Restaurant Reservations WordPress plugin through 1.0.0 does not validate and escape some reservation parameters before using them in SQL statements, which could allow unauthenticated attackers to perform SQL Injection attacks...