1174 matches found
Sql injection
SQL injection vulnerability in PHPGurukul Student Record System 4.0 allows remote attackers to execute arbitrary SQL statements, via the sid parameter to edit-sub.php...
Sql injection
SQL injection vulnerability in PHPGurukul Student Record System v 4.0 allows remote attackers to execute arbitrary SQL statements, via the id parameter to edit-std.php...
Sql injection
SQL injection vulnerability in PHPGurukul Student Record System 4.0 allows remote attackers to execute arbitrary SQL statements, via the cid parameter to edit-course.php...
CVE-2021-26764
SQL injection vulnerability in PHPGurukul Student Record System v 4.0 allows remote attackers to execute arbitrary SQL statements, via the id parameter to edit-std.php...
CVE-2021-26762
SQL injection vulnerability in PHPGurukul Student Record System 4.0 allows remote attackers to execute arbitrary SQL statements, via the cid parameter to edit-course.php...
Security update for sqlite3 (important)
openSUSE Security Update: Security update for sqlite3 Announcement ID: openSUSE-SU-2021:1058-1 Rating: important References: 1157818 1158812 1158958 1158959 1158960 1159491 1159715 1159847 1159850 1160309 1160438 1160439 1164719 1172091 1172115 1172234 1172236 1172240 1173641 928700 928701...
CVE-2021-29730
IBM InfoSphere Information Server 11.7 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 201164...
PT-2021-7496 · Mariadb +10 · Mariadb Server +10
Name of the Vulnerable Software and Affected Versions: MariaDB Server versions prior to 10.6 Description: The issue is related to the component Item subselect::init expr cache tracker in MariaDB Server, which fails to protect the SQL query structure. This allows a remote attacker to cause a Denia...
Amazon Linux 2 : postgresql (ALAS-2021-1665)
The version of postgresql installed on the remote host is prior to 9.2.24-6. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2021-1665 advisory. A flaw was discovered in postgresql where arbitrary SQL statements can be executed given a suitable SECURITY DEFINER...
WordPress side buttons plugin SQL injection vulnerability
WordPress is a set of blogging platforms developed using the PHP language by the WordPress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A SQL injection vulnerability exists in the WordPress side buttons plugin prior to version 3.1.5. The...
WordPress Video Embed plugin SQL Injection Vulnerability
WordPress is a set of blogging platforms developed using the PHP language by the Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress Plugin is an application plugin for WordPress. A SQL injection vulnerability exists in WordPress Vide...
emlog SQL Injection Vulnerability
emlog is a powerful blog and CMS builder based on PHP and MySQL. A SQL injection vulnerability exists in emlog version 6.0.0-stable. An attacker can exploit this vulnerability to execute arbitrary SQL statements and query sensitive server data via admin/navbar.php?action=addpage...
CVE-2020-4990
IBM Security Guardium 11.2 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 192710...
Sql injection
In Progress MOVEit Transfer before 2021.0 13.0, a SQL injection vulnerability has been found in the MOVEit Transfer web app that could allow an authenticated attacker to gain unauthorized access to MOVEit Transfer's database. Depending on the database engine being used MySQL, Microsoft SQL Server...
CVE-2021-31827
In Progress MOVEit Transfer before 2021.0 13.0, a SQL injection vulnerability has been found in the MOVEit Transfer web app that could allow an authenticated attacker to gain unauthorized access to MOVEit Transfer's database. Depending on the database engine being used MySQL, Microsoft SQL Server...
ERPNext 12.18.0 / 13.0.0 SQL Injection Vulnerability
Authenticated SQL injection in ERPNext 13.0.0/12.18.0 Overview Advisory version: 1.0 Advisory status: Public Advisory URL: https://trovent.io/security-advisory-2103-01 Affected product: ERPNext Tested versions: 12.18.0 and 13.0.0 beta Vendor: Frappé Technologies https://frappe.io Credits: Trovent...
SQL Injection
storage-jdbc-hikaricp-plugin is vulnerable to SQL injection. The wildcard query cases when using H2/MySQL/TiDB allows an attacker to inject and execute arbitrary SQL statements...
TikiWiki Project SQL Injection (CVE-2004-1925)
An SQL injection vulnerability exists in TikiWiki Project. Successful exploitation of this vulnerability could result in the execution of arbitrary SQL statements on the affected system...
CVE-2021-30459
A SQL Injection issue in the SQL Panel in Jazzband Django Debug Toolbar before 1.11.1, 2.x before 2.2.1, and 3.x before 3.2.1 allows attackers to execute SQL statements by changing the rawsql input field of the SQL explain, analyze, or select form...
Sql injection
A SQL Injection issue in the SQL Panel in Jazzband Django Debug Toolbar before 1.11.1, 2.x before 2.2.1, and 3.x before 3.2.1 allows attackers to execute SQL statements by changing the rawsql input field of the SQL explain, analyze, or select form...