The vulnerability of the function com.imc.iview.utils.CUtils.checkSQLInjection() in the system for centralized control of network devices and ports of Advantech iView allows a attacker to execute arbitrary SQL commands.

The vulnerability of the com.imc.iview.utils.CUtils.checkSQLInjection function in the system for managing network devices and ports of Advantech iView is related to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute...

The vulnerability of the Analytics Server component of the Oracle Business Intelligence Enterprise Edition software allows a perpetrator to execute arbitrary SQL commands.

The vulnerability of the Analytics Server component of the Oracle Business Intelligence Enterprise Edition software lies in the lack of security measures for SQL query structures. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL commands remotely...

GHSA-WP6C-29R3-JQW9 SQL injection in jeecg-boot

jeecg-boot v3.5.1 was discovered to contain a SQL injection vulnerability via the title parameter at /sys/dict/loadTreeData...

CVE-2023-3984

A vulnerability, which was classified as critical, was found in phpscriptpoint RecipePoint 1.9. This affects an unknown part of the file /recipe-result. The manipulation of the argument text/category/type/difficulty/cuisine/cookingmethod leads to sql injection. It is possible to initiate the atta...

Jeecg-Boot SQL注入漏洞

Jeecg-Boot is a low-code platform based on a code generator from the JeecgBoot community. A security vulnerability exists in Jeecg-Boot version 3.5.1, which stems from a SQL injection vulnerability in the parameter title...

The vulnerability of the SonicWall Analytics analytical service and the SonicWall Global Management System (GMS) global network firewall management system lies in the lack of protection for the SQL query structure, which allows attackers to exploit the protected information.

The vulnerability of the SonicWall Analytics analytical service and the SonicWall Global Management System GMS global network firewall management system is related to the lack of protection for the SQL query structure. Exploiting this vulnerability can allow a malicious actor to disclose protecte...

CVE-2022-46898

An issue was discovered in Vocera Report Server and Voice Server 5.x through 5.8. There is Path Traversal via the "restore SQL data" filename. The Vocera Report Console contains a websocket function that allows for the restoration of the database from a ZIP archive that expects a SQL import file...

PT-2023-26602 · Unknown · Campcodes Beauty Salon Management System

Name of the Vulnerable Software and Affected Versions: Campcodes Beauty Salon Management System version 1.0 Description: A critical issue has been found in the system, affecting the /admin/about-us.php file. The manipulation of the pagedes argument leads to SQL injection. This issue can be...

Campcodes Beauty Salon Management System SQL注入漏洞

Campcodes Beauty Salon Management System is a beauty salon management system from Campcodes, Inc. Campcodes Beauty Salon Management System suffers from a SQL injection vulnerability that stems from the operation of the pagedes parameter of unknown code in the file /admin/about-us.php that can lea...

PT-2023-26604 · Unknown · Campcodes Beauty Salon Management System

Name of the Vulnerable Software and Affected Versions: Campcodes Beauty Salon Management System version 1.0 Description: A critical vulnerability has been found in the system. The issue is related to an unknown function of the file /admin/del service.php, where the manipulation of the editid...

DedeBIZ SQL注入漏洞

DedeBIZ is a content management system from China Muyun Intelligent Technology DedeBIZ company. A SQL injection vulnerability exists in DedeBIZ version 6.2.10, which stems from a SQL injection vulnerability in the parameter sqlquery...

Lost and Found Information System SQL注入漏洞

Lost and Found Information System is a lost and found information system by oretnom23 individual developer. A SQL injection vulnerability exists in SourceCodester Lost and Found Information System version 1.0, which stems from a SQL injection vulnerability in the parameter id...

PT-2023-26188 · Unknown · Weaver E-Cology

Name of the Vulnerable Software and Affected Versions: Weaver e-cology versions prior to 10.58.0 Description: A critical issue affects the HTTP POST Request Handler component of Weaver e-cology, specifically the file filelFileDownloadForOutDoc.class. The manipulation of the fileid argument with t...

Esri ArcGIS Insights Desktop SQL注入漏洞

Esri ArcGIS Insights Desktop is a data analysis workbench from Environmental Systems Research Institute Esri, Inc. A SQL injection vulnerability exists in Esri ArcGIS Insights Desktop version 2022.1 Windows, Mac that originates from a vulnerability that allows a locally-authorized attacker to...

Esri ArcGIS Insights Desktop SQL注入漏洞

Esri ArcGIS Insights Desktop is a data analysis workbench from Environmental Systems Research Institute Esri, Inc. A SQL injection vulnerability exists in Esri ArcGIS Insights Desktop version 2022.1 ArcGIS Enterprise that originates from a vulnerability that could allow a remotely-authorized...

PT-2023-20345 · Esri · Esri Arcgis Insights Desktop

Name of the Vulnerable Software and Affected Versions: Esri ArcGIS Insights Desktop for Mac and Windows version 2022.1 Description: The issue allows a local, authorized attacker to execute arbitrary SQL commands against the back-end database. The effort required to generate the crafted input...

Locke-Bot SQL注入漏洞

Locke-Bot is a custom discord bot developed for LOCKE by HKing2802 Personal Developer. A security vulnerability exists in Locke-Bot version 2.0.2, which stems from an SQL injection vulnerability that allows remote attackers to run arbitrary SQL commands via a crafted string...

PT-2023-4170 · Taphome · Taphome

Name of the Vulnerable Software and Affected Versions: TapHome versions prior to 2023.2 Description: The issue is related to weaknesses in the authentication procedure of the TapHome system, allowing a remote attacker to bypass authentication and gain full access to the device. A hidden API in...

PT-2023-24477

Name of the Vulnerable Software and Affected Versions Zekiweb versions prior to 2 Description The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL Injection attacks. Recommendations For versions prior...

The vulnerability of the monitoring system for critical equipment, StruxureWare Data Center Expert, arises from the lack of measures taken to protect the SQL query structure. This allows attackers to modify or delete any content they desire.

The vulnerability of the StruxureWare Data Center Expert monitoring system relates to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor to modify or delete any content at will...