5734 matches found
CVE-2025-53727
Improper neutralization of special elements used in an sql command 'sql injection' in SQL Server allows an authorized attacker to elevate privileges over a network...
CVE-2025-49758
Improper neutralization of special elements used in an sql command 'sql injection' in SQL Server allows an authorized attacker to elevate privileges over a network...
CVE-2025-47954
Improper neutralization of special elements used in an sql command 'sql injection' in SQL Server allows an authorized attacker to elevate privileges over a network...
CVE-2025-47954
CVE-2025-47954 is a Microsoft SQL Server elevation-of-privilege vulnerability arising from improper neutralization of special elements in SQL commands (SQL injection). It affects SQL Server components where an attacker, leveraging network access and with low privileges, can achieve total privileg...
CVE-2025-49759
CVE-2025-49759 is a Microsoft SQL Server Elevation of Privilege vulnerability arising from improper neutralization of input used in SQL commands (SQL injection) in system procedures. An authenticated attacker could exploit this over a network to elevate privileges within the affected SQL Server d...
CVE-2025-53727 Microsoft SQL Server Elevation of Privilege Vulnerability
...
CVE-2025-53727 Microsoft SQL Server Elevation of Privilege Vulnerability
...
CVE-2025-53727
CVE-2025-53727 is an Elevation of Privilege vulnerability in Microsoft SQL Server tied to improper neutralization of SQL elements (SQL injection). Publicly referenced fixes are included in SQL Server 2017 CU31 (build 14.0.3500.1) per KB5063759 and related security updates, and in SQL Server 2017 ...
CVE-2025-49758
CVE-2025-49758 affects Microsoft SQL Server (e.g., SQL Server 2017 line) and is described as an elevation-of-privilege vulnerability caused by improper neutralization of certain elements in SQL commands (SQL injection) that can be exploited by an authenticated, network-present attacker to gain el...
CVE-2025-55167 WeGIA SQL Injection via id_fichamedica at endpoint `GET/html/funcionario/dependente_remover.php`
WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. Prior to version 3.4.8, a SQL Injection vulnerability was identified in the /html/funcionario/dependenteremover.php endpoint, specifically in the iddependente parameter. This vulnerability...
CVE-2025-8296
SQL injection in Ivanti Avalanche before version 6.4.8.8008 allows a remote authenticated attacker with admin privileges to execute arbitrary SQL queries. In certain conditions, this can also lead to remote code execution...
CVE-2025-8296
Ivanti Avalanche contains a SQL injection vulnerability in versions before 6.4.8.8008. The issue arises from improper validation of user-entered SQL statements, enabling a remote authenticated attacker with admin privileges to execute arbitrary SQL queries and, under certain conditions, achieve r...
CVE-2024-41983
A vulnerability has been identified in SmartClient modules Opcenter QL Home SC All versions = V13.2 = V13.2 = V13.2 V2506. The affected application displays SQL statement in the error messages encountered during the generation of reports using Cockpit tool...
Microsoft SQL Server Elevation of Privilege Vulnerability
Improper neutralization of special elements used in an sql command 'sql injection' in SQL Server allows an authorized attacker to elevate privileges over a network...
Microsoft SQL Server Elevation of Privilege Vulnerability
Improper neutralization of special elements used in an sql command 'sql injection' in SQL Server allows an authorized attacker to elevate privileges over a network...
Microsoft SQL Server Elevation of Privilege Vulnerability
Improper neutralization of special elements used in an sql command 'sql injection' in SQL Server allows an authorized attacker to elevate privileges over a network...
CVE-2025-42949
Due to a missing authorization check in the ABAP Platform, an authenticated user with elevated privileges could bypass authorization restrictions for common transactions by leveraging the SQL Console. This could enable an attacker to access and read the contents of database tables without proper...
GHSA-PWH4-6R3M-J2RF PyLoad vulnerable to SQL Injection via API /json/add_package in add_links parameter
Summary The parameter addlinks in the API /json/addpackage is vulnerable to SQL Injection. SQL injection vulnerabilities can lead to sensitive data leakage. Details - Affected file:https://github.com/pyload/pyload/blob/develop/src/pyload/core/database/filedatabase.pyL271 - Affected code: python...
PT-2025-32773 · Microsoft · Sql Server
Name of the Vulnerable Software and Affected Versions: SQL Server affected versions not specified Description: The software contains an improper neutralization of special elements used in an SQL command, leading to a potential SQL injection issue. This allows an authorized attacker to elevate...
Microsoft SQL Server SQL注入漏洞
Microsoft SQL Server is a large commercial database system from Microsoft Corporation USA that is applied under the Microsoft Windows system. A SQL injection vulnerability exists in Microsoft SQL Server. An attacker can exploit the vulnerability to elevate privileges. The following products and...