CVE-2024-25517

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the tbTable argument at /WebUtility/MF.aspx...

CVE-2024-25510

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the id parameter at /AddressBook/addresspublicshow.aspx...

CVE-2024-33147

J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sqlfilter parameter in the authRoleList function...

CVE-2024-25509

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the sysfilestorageid parameter at /WorkFlow/wffiledownload.aspx...

CVE-2024-25511

CVE-2024-25511 affects RuvarOA v6.01 and v12.01, where an SQL injection can be triggered via the id parameter in /AddressBook/address_public_new.aspx. The underlying issue is lack of validation of external SQL statements, enabling attackers to execute arbitrary SQL commands and potentially access...

CVE-2024-3457 Netentsec NS-ASG Application Security Gateway config_ISCGroupNoCache.php sql injection

A vulnerability classified as critical has been found in Netentsec NS-ASG Application Security Gateway 6.3. This affects an unknown part of the file /admin/configISCGroupNoCache.php. The manipulation of the argument GroupId leads to sql injection. It is possible to initiate the attack remotely. T...

CVE-2024-30863

CVE-2024-30863 affects netentsec NS-ASG 6.3. The vulnerability is an SQL injection in the /WebPages/history.php endpoint. CVSS 3.1 base score 6.3 (Network, High attack complexity, Low privileges, No user interaction). Impact is integrity loss, with confidentiality/availability not affected per th...

CVE-2024-25891

ChurchCRM 5.5.0 FRBidSheets.php is vulnerable to Blind SQL Injection Time-based via the CurrentFundraiser GET parameter...

CVE-2024-24004

jshERP v3.3 is vulnerable to SQL Injection. The com.jsh.erp.controller.DepotHeadController: com.jsh.erp.utils.BaseResponseInfo findInOutDetail function of jshERP does not filter column and order parameters well enough, and an attacker can construct malicious payload to bypass jshERP's protection...

Sql injection

The WP Editor WordPress plugin before 1.2.7 did not sanitise or validate its setting fields leading to an authenticated admin+ blind SQL injection issue via an arbitrary parameter when making a request to save the settings...

CVE-2023-5709

The WD WidgetTwitter plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 1.0.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

CVE-2023-29047

The CVE-2023-29047 entry concerns Open-Xchange App Suite’s Imageconverter API endpoints, where input validation and sanitization were insufficient, allowing SQL injection. Affected software component: Imageconverter API endpoints (Open-Xchange App Suite). Root cause: inadequate client input valid...

CVE-2023-45381

In the module "Creative Popup" creativepopup up to version 1.6.9 from WebshopWorks for PrestaShop, a guest can perform SQL injection via cpdownloadpopup...

CVE-2023-43794 SQL Injection in nocodb

Nocodb is an open source Airtable alternative. Affected versions of nocodb contain a SQL injection vulnerability, that allows an authenticated attacker with creator access to query the underlying database. By supplying a specially crafted payload to the given an attacker can inject arbitrary SQL...

CVE-2023-45386

In the module extratabspro before version 2.2.8 from MyPresta.eu for PrestaShop, a guest can perform SQL injection via extratabspro::searchcategory, extratabspro::searchproduct and extratabspro::searchmanufacturer.'...

CVE-2023-30154

Multiple improper neutralization of SQL parameters in module AfterMail aftermailpresta for PrestaShop, before version 2.2.1, allows remote attackers to perform SQL injection attacks via idcustomer, idconf, idproduct and token parameters in aftermailajax.php via the 'idproduct' parameter in hooks...

CVE-2015-10126 Easy2Map Photos Plugin sql injection

A vulnerability classified as critical was found in Easy2Map Photos Plugin 1.0.1 on WordPress. This vulnerability affects unknown code. The manipulation leads to sql injection. The attack can be initiated remotely. Upgrading to version 1.1.0 is able to address this issue. The patch is identified ...

Amazon Linux 2 : postgresql (ALASPOSTGRESQL13-2023-004)

The version of postgresql installed on the remote host is prior to 13.11-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2POSTGRESQL13-2023-004 advisory. IN THE EXTENSION SCRIPT, a SQL Injection vulnerability was found in PostgreSQL if it uses @extowner@, @extschema@, or...

CVE-2023-41539

phpjabbers Business Directory Script 3.2 is vulnerable to SQL Injection via the column parameter...

CVE-2023-39652

theme volty tvcmsvideotab up to v4.0.0 was discovered to contain a SQL injection vulnerability via the component TvcmsVideoTabConfirmDeleteModuleFrontController::run...