318 matches found
CVE-2022-23510 SQl injection in cube-js
cube-js is a headless business intelligence platform. In version 0.31.23 all authenticated Cube clients could bypass SQL row-level security and run arbitrary SQL via the newly introduced /v1/sql-runner endpoint. This issue has been resolved in version 0.31.24. Users are advised to either upgrade ...
Sql injection
Billing System Project v1.0 was discovered to contain a SQL injection vulnerability via the endDate parameter at getOrderReport.php...
CVE-2022-44378
Automotive Shop Management System v1.0 is vulnerable to SQL via /asms/classes/Master.php?f=deletemechanic...
CVE-2022-44378
The CVE-2022-44378 entry pertains to Automotive Shop Management System v1.0 and describes an SQL injection vulnerability exploitable via /asms/classes/Master.php?f=delete_mechanic. Connected sources consistently identify a lack of input validation in the Master.php endpoint, enabling attackers to...
PT-2022-27201 · Unknown · Automotive Shop Management System
Name of the Vulnerable Software and Affected Versions: Automotive Shop Management System version 1.0 Description: The issue concerns a SQL vulnerability in the Automotive Shop Management System. The vulnerability can be exploited via the /asms/classes/Master.php?f=delete mechanic API endpoint...
CVE-2022-44378
Automotive Shop Management System v1.0 is vulnerable to SQL via /asms/classes/Master.php?f=deletemechanic...
CVE-2022-44378
Automotive Shop Management System v1.0 is vulnerable to SQL via /asms/classes/Master.php?f=deletemechanic...
CVE-2021-38732
SEMCMS SHOP v 1.1 is vulnerable to SQL via AntMessage.php...
Design/Logic Flaw
SEMCMS SHOP v 1.1 is vulnerable to SQL via AntMessage.php...
Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
...
Online Notice Board 2022 SQL injection Vulnerability
Title: ONLINE-NOTICE-BOARD-2022 SQLi Author: nu11secur1ty Vendor: https://www.sourcecodester.com/users/razormist Software: https://www.sourcecodester.com/php/14317/online-notice-board-system.html Reference:...
PT-2022-5984 · Centreon · Centreon
Name of the Vulnerable Software and Affected Versions: Centreon affected versions not specified Description: The issue is related to the lack of protection for the SQL query structure in Centreon, a software for monitoring IT infrastructure. This could allow a remote attacker to execute arbitrary...
CVE-2022-34953
Pharmacy Management System v1.0 was discovered to contain a SQL injection vulnerability via the startDate parameter at getOrderReport.php...
CVE-2022-34006
An issue was discovered in TitanFTP aka Titan FTP NextGen before 1.2.1050. When installing, Microsoft SQL Express 2019 installs by default with an SQL instance running as SYSTEM with BUILTIN\Users as sysadmin, thus enabling unprivileged Windows users to execute commands locally as NT...
Sourcecodester Baby Care System SQL注入漏洞(CNVD-2022-35531)
Sourcecodester Baby Care System is an application of the Sourcecodester community in the United States. Sourcecodester Baby Care System v1.0 contains a SQL injection vulnerability that originates in /admin/inbox.php & action=delete & msgid= where the msgid parameter lacks validation for external...
Mageia: Security Advisory (MGASA-2022-0111)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
RHEL 8 : cyrus-sasl (RHSA-2022:0730)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:0730 advisory. The cyrus-sasl packages contain the Cyrus implementation of Simple Authentication and Security Layer SASL. SASL is a method for adding authentication...
SUSE SLES11 Security Update : cyrus-sasl (SUSE-SU-2022:14894-1)
The remote SUSE Linux SLES11 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2022:14894-1 advisory. - In Cyrus SASL 2.1.17 through 2.1.27 before 2.1.28, plugins/sql.c does not escape the password for a SQL INSERT or UPDATE statement. CVE-2022-24407...
USN-5301-2: Cyrus SASL vulnerability
USN-5301-1 fixed a vulnerability in Cyrus. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: It was discovered that the Cyrus SASL SQL plugin incorrectly handled SQL input. A remote attacker could use this issue to execute arbitrar...
Design/Logic Flaw
XMPie uStore 12.3.7244.0 allows for administrators to generate reports based on raw SQL queries. Since the application ships with default administrative credentials, an attacker may authenticate into the application and exfiltrate sensitive information from the database...