PT-2023-15867 · Sciencelogic · Sciencelogic Sl1

Name of the Vulnerable Software and Affected Versions: ScienceLogic SL1 affected versions not specified Description: A SQL injection issue exists in the "ticket template watchers" feature, where unsanitized user-controlled input is passed directly to a SQL query, allowing the injection of arbitra...

PT-2023-15861 · Sciencelogic · Sciencelogic Sl1

Name of the Vulnerable Software and Affected Versions: ScienceLogic SL1 affected versions not specified Description: A SQL injection issue exists in the “reporting job editor” feature of the ScienceLogic SL1. This feature takes unsanitized user-controlled input and passes it directly to a SQL...

PT-2023-15858 · Sciencelogic · Sciencelogic Sl1

Name of the Vulnerable Software and Affected Versions: ScienceLogic SL1 affected versions not specified Description: A SQL injection issue exists in the "json walker" feature, where unsanitized user-controlled input is passed directly to a SQL query, allowing the injection of arbitrary SQL that i...

CVE-2023-38760

SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the role and gender parameters within the /QueryView.php component...

CVE-2023-33993

B1i module of SAP Business One - version 10.0, application allows an authenticated user with deep knowledge to send crafted queries over the network to read or modify the SQL data. On successful exploitation, the attacker can cause high impact on confidentiality, integrity and availability of the...

ChurchCRM SQL Injection Vulnerability

ChurchCRM is an open source CRM system for churches. A security vulnerability exists in ChurchCRM version v.5.0.0 that stems from the presence of a SQL injection vulnerability...

a2 License Portal System SQL Injection Vulnerability

a2 License Portal System is a license portal system from a2 License Portal System, Inc. A SQL injection vulnerability exists in a2 License Portal System versions prior to 1.48, which arises from incorrect neutralization of special elements used in SQL commands...

Oduyo Online Collection Software SQL Injection Vulnerability

Oduyo Online Collection Software is a software from Oduyo, Inc. Oduyo Online Collection Software before 1.0.1 suffers from a SQL injection vulnerability that stems from incorrect neutralization of special elements used in SQL commands...

mAyaNet E-Commerce SQL Injection Vulnerability

mAyaNet E-Commerce is an e-commerce platform from mAyaNet, Inc. A SQL injection vulnerability exists in mAyaNet E-Commerce versions prior to 1.1, which stems from incorrect neutralization of special elements used in SQL commands...

PT-2023-26069 · Unknown · Judging Management System

Name of the Vulnerable Software and Affected Versions: Judging Management System version 1.0 Description: A SQL injection issue was found in the Judging Management System. The vulnerability can be exploited via the id parameter at the "/php-jms/deductScores.php" API endpoint. Recommendations: For...

a2 Camera Trap Tracking System SQL Injection Vulnerability

a2 Camera Trap Tracking System is a camera trap tracking system from a2 Camera Trap Tracking System. A SQL injection vulnerability exists in a2 Camera Trap Tracking System versions prior to 3.1905 that stems from incorrect neutralization of special elements used in SQL commands...

The vulnerability of the framework for creating applications based on the combination of language models (LLMs) like LangChain arises from the lack of protective measures for SQL query structures. This allows attackers to gain unauthorized access to protected information.

The vulnerability of the framework for creating applications based on the combination of language models LLMs like LangChain relates to the lack of measures taken to protect SQL query structures. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain unauthorized...

Vulnerabilities fixed in Siemens products

Siemens has fixed vulnerabilities in Parasolid, Solid Edge, TeamCenter, SoftwareCenter, SIMATIC, SICAM and Ruggedcom products. The vulnerabilities potentially enable a malicious party to execute attacks that could result in the following categories of damage: Denial-of-Service DoS. Manipulation o...

CVE-2023-4199

A vulnerability, which was classified as critical, was found in SourceCodester Inventory Management System 1.0. This affects an unknown part of the file catagorydata.php. The manipulation of the argument columns1data leads to sql injection. It is possible to initiate the attack remotely. The...

Inventory Management System SQL注入漏洞

Inventory Management System is an inventory management system. A SQL injection vulnerability exists in Inventory Management System version 1.0, which originates from a SQL injection via the uppid parameter on the editsell.php page. No details of the vulnerability are available at this time...

CVE-2023-33366

A SQL injection vulnerability exists in Suprema BioStar 2 before 2.9.1, which allows authenticated users to inject arbitrary SQL directives into an SQL statement and execute arbitrary SQL commands...

The vulnerability of the function com.imc.iview.utils.CUtils.checkSQLInjection() in the system for centralized control of network devices and ports of Advantech iView allows a attacker to execute arbitrary SQL commands.

The vulnerability of the com.imc.iview.utils.CUtils.checkSQLInjection function in the system for managing network devices and ports of Advantech iView is related to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute...

The vulnerability of the Analytics Server component of the Oracle Business Intelligence Enterprise Edition software allows a perpetrator to execute arbitrary SQL commands.

The vulnerability of the Analytics Server component of the Oracle Business Intelligence Enterprise Edition software lies in the lack of security measures for SQL query structures. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL commands remotely...

GHSA-WP6C-29R3-JQW9 SQL injection in jeecg-boot

jeecg-boot v3.5.1 was discovered to contain a SQL injection vulnerability via the title parameter at /sys/dict/loadTreeData...

CVE-2023-3984

A vulnerability, which was classified as critical, was found in phpscriptpoint RecipePoint 1.9. This affects an unknown part of the file /recipe-result. The manipulation of the argument text/category/type/difficulty/cuisine/cookingmethod leads to sql injection. It is possible to initiate the atta...