WordPress plugin WP ERP SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection vulnerabili...

Trend Micro Apex Central SQL注入漏洞

Trend Micro Apex Central is a Web-based console from Trend Micro, Inc. Trend Micro Apex Central suffers from a SQL injection vulnerability that can be exploited by an attacker to submit a specially crafted SQL request to manipulate a database, obtain sensitive information or execute arbitrary cod...

CVE-2023-36663

it-novum openITCOCKPIT aka open IT COCKPIT 4.6.4 before 4.6.5 allows SQL Injection by authenticated users via the sort parameter of the API interface...

PT-2023-24509 · Sourcecodester · Sourcecodester Game Result Matrix System

Name of the Vulnerable Software and Affected Versions: SourceCodester Game Result Matrix System version 1.0 Description: A critical issue was found in the GET Parameter Handler component, specifically affecting the /dipam/athlete-profile.php file. The manipulation of the id argument leads to SQL...

CVE-2023-36371

An issue in the GDKfree component of MonetDB Server v11.45.17 and v11.46.0 allows attackers to cause a Denial of Service DoS via crafted SQL statements...

CVE-2023-36370

An issue in the gccol component of MonetDB Server v11.45.17 and v11.46.0 allows attackers to cause a Denial of Service DoS via crafted SQL statements...

CVE-2023-36369

An issue in the listappend component of MonetDB Server v11.45.17 and v11.46.0 allows attackers to cause a Denial of Service DoS via crafted SQL statements...

CVE-2023-36367

An issue in the BLOBcmp component of MonetDB Server v11.45.17 and v11.46.0 allows attackers to cause a Denial of Service DoS via crafted SQL statements...

The vulnerability of the WDAC OLE DB driver for SQL Server on Windows operating systems allows a hacker to execute arbitrary code.

The vulnerability of the WDAC OLE DB driver for SQL Server on Windows operating systems is related to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

CVE-2023-2805

The SupportCandy WordPress plugin before 3.1.7 does not properly sanitise and escape the agents parameter in the setaddagentleaves AJAX function before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin...

WordPress plugin WP Custom Cursors SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A SQL injection vulnerability exist...

Marksoft Mobile+ SQL注入漏洞

Marksoft is an application from Marksoft Corporation. A SQL injection vulnerability exists in Marksoft Mobile+ version v.7.1.7, Login version 1.4, and API version 20230605, which stems from an improper neutralization of a special element used to cause SQL injection...

CVE-2023-32026

Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability...

The vulnerability of the software for processing and transmitting confidential data in Progress MOVEit Transfer arises from the lack of measures taken to protect the SQL query structure. This allows attackers to execute arbitrary SQL queries against the database.

The vulnerability of the software for processing and transmitting confidential data in Progress MOVEit Transfer is related to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL queries against the database...

The vulnerability of the Elite Technology WEBFAX faxing software lies in the lack of protection for the SQL query structure, allowing attackers to execute arbitrary SQL queries.

The vulnerability of the fax communication software Elite Technology WEBFAX lies in the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL queries remotely...

PT-2023-3448 · Microsoft · Odbc Driver For Sql Server

Name of the Vulnerable Software and Affected Versions: Microsoft ODBC Driver for SQL Server affected versions not specified Description: The issue is related to insufficient input validation in the Microsoft ODBC Driver for SQL Server library, which can allow an attacker to execute arbitrary code...

PrestaShop SQL注入漏洞

PrestaShop is an open source e-commerce solution from PrestaShop, Inc. in the United States. The solution provides multiple payment methods, short message alerts and product image scaling. A SQL injection vulnerability exists in PrestaShop versions prior to 2.4.3, which stems from improper...

PT-2023-5214 · Schweitzer Engineering Laboratories · Sel-5030 Acselerator Quickset

Name of the Vulnerable Software and Affected Versions: Schweitzer Engineering Laboratories SEL-5030 acSELerator QuickSet Software versions through 7.1.3.0 Description: The issue is related to an Improper Neutralization of Special Elements used in an SQL Command, also known as SQL Injection. This...

Microsoft OLE Automation Remote code 安全漏洞

Microsoft OLE Automation Remote code is a software application from Microsoft Corporation USA. An automation software. A security vulnerability exists in Microsoft OLE Automation Remote code, which stems from allowing remote code execution and affects the following products and versions:Microsoft...

bloofoxCMS SQL注入漏洞

bloofoxCMS is bloofox bloofoxCMS individual developers of a Php-based text content management system. A security vulnerability exists in bloofoxCMS version v0.5.2.1, which stems from a tid parameter found to contain an SQL injection vulnerability via...