1174 matches found
Use-After-Free
mariadb is vulnerable to Use-After-Free. The vulnerability exists in Binarystring::freebuffer of sqlstring.h which allows an attacker to cause a crash via specially crafted SQL statements...
GHSA-7FF4-CV53-4CJQ phpMyAdmin SQL injection vulnerability
An issue was discovered in SearchController in phpMyAdmin before 4.9.6 and 5.x before 5.0.3. A SQL injection vulnerability was discovered in how phpMyAdmin processes SQL statements in the search feature. An attacker could use this flaw to inject malicious SQL in to a query...
CVE-2022-22495
IBM i 7.3, 7.4, and 7.5 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 226941...
FreeBSD : MariaDB -- Multiple vulnerabilities (04fecc47-dad2-11ec-8fbd-d4c9ef517024)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 04fecc47-dad2-11ec-8fbd-d4c9ef517024 advisory. The MariaDB project reports: MariaDB fixed 23 vulnerabilities across all supported versions...
Slackware Linux 15.0 / current mariadb Multiple Vulnerabilities (SSA:2022-141-01)
The version of mariadb installed on the remote host is prior to 10.5.16 / 10.6.8. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2022-141-01 advisory. New mariadb packages are available for Slackware 15.0 and -current to fix security issues. Tenable has extracted...
Online Sports Complex Booking System SQL注入漏洞(CNVD-2022-58677)
Online Sports Complex Booking System is an online stadium booking system by Carlo Montero, a personal developer. version 1.0 of Online Sports Complex Booking System is vulnerable to SQL injection, which originates in scbs/classes/ Master.php?f=delete, the id parameter of the post request lacks...
Online Sports Complex Booking System SQL注入漏洞(CNVD-2022-58670)
Online Sports Complex Booking System is an online stadium booking system by Carlo Montero, a personal developer. page=user/manageuser&id= lacks validation of external input SQL statements, which can be exploited to execute illegal SQL commands to steal sensitive database data...
Online Sports Complex Booking System SQL注入漏洞(CNVD-2022-58668)
Online Sports Complex Booking System is an online stadium booking system by Carlo Montero, a personal developer. page=clients/manageclient&id= lacks validation of external input SQL statements, which could be exploited to execute illegal SQL commands to steal sensitive database data...
CVE-2022-27380
A flaw was found in MariaDB. The component, mydecimal::operator=, allows attackers to cause a denial of service DoS via specially crafted SQL statements, affecting availability...
CVE-2022-27377
A flaw was found in the MariaDB Server, where it contains a use-after-free in the component, Itemfuncin::cleanup. This issue is exploited via specially crafted SQL statements, affecting availability...
CVE-2022-27376
A use-after-free flaw was found in Maria DB. The MariaDB Server contains a use-after-free in the component, Itemargs::walkarg, which is exploited via specially crafted SQL statements, affecting availability...
CVE-2022-29603
A SQL Injection vulnerability exists in UniverSIS UniverSIS-API through 1.2.1 via the $select parameter to multiple API endpoints. A remote authenticated attacker could send crafted SQL statements to a vulnerable endpoint such as /api/students/me/messages/ to, for example, retrieve personal...
Sql injection
A SQL Injection vulnerability exists in UniverSIS UniverSIS-API through 1.2.1 via the $select parameter to multiple API endpoints. A remote authenticated attacker could send crafted SQL statements to a vulnerable endpoint such as /api/students/me/messages/ to, for example, retrieve personal...
CVE-2022-29603
A SQL Injection vulnerability exists in UniverSIS UniverSIS-API through 1.2.1 via the $select parameter to multiple API endpoints. A remote authenticated attacker could send crafted SQL statements to a vulnerable endpoint such as /api/students/me/messages/ to, for example, retrieve personal...
Sourcecodester Baby Care System SQL注入漏洞(CNVD-2022-35527)
Sourcecodester Baby Care System is an application of the Sourcecodester community in the United States. Sourcecodester Baby Care System v1.0 contains a SQL injection vulnerability, which originates from the lack of validation of external input SQL statements in the find= parameter of...
Sourcecodester Baby Care System SQL注入漏洞(CNVD-2022-35532)
Sourcecodester Baby Care System is an application of the Sourcecodester community in the United States. Sourcecodester Baby Care System v1.0 contains a SQL injection vulnerability that originates from the lack of validation of external input SQL statements in the setid parameter in...
Sourcecodester Baby Care System SQL注入漏洞(CNVD-2022-35528)
Sourcecodester Baby Care System is an application of the Sourcecodester community in the United States. Sourcecodester Baby Care System v1.0 is vulnerable to SQL injection, which originates from the lack of validation of external input SQL statements in the roleid parameter in /admin/pagerole.php...
Sourcecodester Baby Care System SQL注入漏洞(CNVD-2022-35531)
Sourcecodester Baby Care System is an application of the Sourcecodester community in the United States. Sourcecodester Baby Care System v1.0 contains a SQL injection vulnerability that originates in /admin/inbox.php & action=delete & msgid= where the msgid parameter lacks validation for external...
Sourcecodester Baby Care System SQL注入漏洞(CNVD-2022-35530)
Sourcecodester Baby Care System is an application of the Sourcecodester community in the United States. Sourcecodester Baby Care System v1.0 contains a SQL injection vulnerability that originates in /admin/inbox.php & action=read & msgid= where the msgid parameter lacks validation for external...
MariaDB Server v10.6 and below was discovered to contain an use-after-free in the component my_strcasecmp_8bit which is exploited via specially crafted SQL statements.
...