CVE-2024-34032

Delta Electronics DIAEnergie is vulnerable to an SQL injection vulnerability that exists in the GetDIACloudList endpoint. An authenticated attacker can exploit this issue to potentially compromise the system on which DIAEnergie is deployed...

NETGEAR ProSAFE 安全漏洞

NETGEAR ProSAFE is a network management system from NETGEAR. NETGEAR ProSAFE suffers from a SQL injection vulnerability that can be exploited by an attacker to execute arbitrary code...

PT-2024-25656 · Delta Electronics · Diaenergie

Name of the Vulnerable Software and Affected Versions: Delta Electronics DIAEnergie affected versions not specified Description: The issue is an SQL injection vulnerability that exists in the script Handler CFG.ashx. An authenticated attacker can exploit this issue to potentially compromise the...

Voltronic Power ViewPower 安全漏洞

Voltronic Power ViewPower is Voltronic Power's monitoring and management software for solar inverters. Voltronic Power ViewPower Pro suffers from a SQL injection vulnerability that is caused by failing to properly validate a user-supplied string before constructing a SQL query using it. An attack...

PT-2024-25657 · Delta Electronics · Diaenergie

Name of the Vulnerable Software and Affected Versions: Delta Electronics DIAEnergie affected versions not specified Description: The issue is related to an SQL injection vulnerability existing in the "GetDIACloudList" endpoint. An authenticated attacker can exploit this to potentially compromise...

Voltronic Power ViewPower 安全漏洞

Voltronic Power ViewPower is Voltronic Power's monitoring and management software for solar inverters. Voltronic Power ViewPower Pro suffers from a SQL injection vulnerability that is caused by failing to properly validate a user-supplied string before constructing a SQL query using it. An attack...

CVE-2024-33911

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Weblizar School Management Pro.This issue affects School Management Pro: from n/a through 10.3.4...

The vulnerability of the Microsoft ODBC Driver for SQL Server’s dynamic layout library, related to buffer overflow in dynamic memory, allows an attacker to execute arbitrary code.

The vulnerability of the Microsoft ODBC Driver for SQL Server dynamic layout library is related to buffer overflow in dynamic memory. Exploiting this vulnerability can allow an attacker to execute arbitrary code remotely...

PrestaShop SQL注入漏洞

PrestaShop is an open source e-commerce solution from the American company PrestaShop. The solution provides multiple payment methods, short message alerts and product image scaling. A SQL injection vulnerability exists in versions prior to PrestaShop shipup v.3.3.0, which originates from allowin...

The vulnerability of the OLE DB driver for SQL Server on Windows operating systems allows a hacker to execute arbitrary code.

The vulnerability of the OLE DB driver for SQL Server on Windows operating systems exists due to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

The vulnerability of the OLE DB driver for SQL Server on Windows operating systems allows a hacker to execute arbitrary code.

The vulnerability of the OLE DB driver for SQL Server on Windows operating systems exists due to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

The vulnerability of the OLE DB driver for SQL Server on Windows operating systems allows a hacker to execute arbitrary code.

The vulnerability of the OLE DB driver for SQL Server on Windows operating systems exists due to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

pgjdbc: PostgreSQL JDBC Driver allows attacker to inject SQL if using PreferQueryMode=SIMPLE

A flaw was found in the PostgreSQL JDBC Driver. A SQL injection is possible when using the non-default connection property preferQueryMode=simple in combination with application code that has a vulnerable SQL that negates a parameter value...

UBUNTU-CVE-2024-32493

An issue was discovered in Znuny LTS 6.5.1 through 6.5.7 and Znuny 7.0.1 through 7.0.16 where a logged-in agent is able to inject SQL in the draft form ID parameter of an AJAX request...

CVE-2024-4307

SQL injection vulnerability in HubBank affecting version 1.0.2. This vulnerability could allow an attacker to send a specially crafted SQL query to the database through different endpoints /accounts/activities.php?id=1, /accounts/view-deposit.php?id=1, /accounts/viewcards. php?id=1,...

Oracle EMS SQL Manager 安全漏洞

Oracle EMS SQL Manager is a database management tool from Oracle Corporation USA. A security vulnerability exists in Oracle EMS SQL Manager version 3.6.2 that originates from allowing DLL hijacking, which allows users to trigger arbitrary code execution...

VulnCheck KEV: CVE-2020-11530

A blind SQL injection vulnerability is present in Chop Slider 3, a WordPress plugin. The vulnerability is introduced in the id GET parameter supplied to getscript/index.php, and allows an attacker to execute arbitrary SQL queries in the context of the WP database user...

PT-2024-30030 · Bluenet Technology · Bluenet Technology Clinical Browsing System

Name of the Vulnerable Software and Affected Versions: BlueNet Technology Clinical Browsing System version 1.2.1 Description: A critical issue has been found, affecting an unknown part of the file /xds/deleteStudy.php. The manipulation of the documentUniqueId argument leads to SQL injection. It i...

PuneethReddyHC Event Management 安全漏洞

PuneethReddyHC Event Management is an application by Puneeth Reddy H C Individual Developer. Helps users to register for events organized in university festivals with simple logic and security. A security vulnerability exists in PuneethReddyHC Event Management version 1.0, which stems from the...

The vulnerability of the user interface of SolarWinds Platform’s network monitoring and IT infrastructure management software allows a hacker to execute arbitrary code.

The vulnerability of the user interface of SolarWinds software for network monitoring and IT infrastructure management is related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...