CVE-2022-21234

An SQL injection vulnerability exists in the EchoAssets.aspx functionality of Lansweeper lansweeper 9.1.20.2. A specially-crafted HTTP request can cause SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability...

McAfee Agent SQL注入漏洞

Mcafee McAfee Agent MA is a client component from Mcafee that provides secure communication between ePolicy Orchestrator antivirus management platform and the managed products.A SQL injection vulnerability exists in versions prior to McAfee Agent 5.7.6, which stems from the application Lack of...

PT-2022-2397 · Apache · Apache Superset

Name of the Vulnerable Software and Affected Versions: Apache Superset versions prior to 1.4.2 Description: The issue is related to a lack of validation of XML object sequences, which can be exploited by a remote attacker to conduct SQL injection attacks. This can occur in chart data requests. Th...

UBUNTU-CVE-2022-27379

An issue in the component Argcomparator::comparerealfixed of MariaDB Server v10.6.2 and below was discovered to allow attackers to cause a Denial of Service DoS via specially crafted SQL statements...

CVE-2022-27472

SQL injection vulnerability in Topics Counting feature of Roothub 2.6.0 allows unauthorized attackers to execute arbitrary SQL commands via the "s" parameter remotely...

MariaDB SQL注入漏洞

MariaDB is a free and open source database management system from the MariaDB Foundation and a forked version of MySQL with the Maria storage engine. A security vulnerability exists in MariaDB Server v10.7 and lower, which can be exploited by an attacker to cause a denial of service DoS via a...

CSZ CMS SQL注入漏洞

CSZ CMS is a PHP-based open source content management system CMS. CSZ CMS version 1.2.2 is vulnerable to SQL injection, which stems from the lack of validation of external input SQL statements in cszcmsadminUserseditUser, and can be used by attackers to execute illegal SQL commands to obtain...

Atom.CMS SQL注入漏洞

CMS is a content management system from The Digital Craft individual developers in the U.S. A SQL injection vulnerability exists in Atom.CMS version 2.0, which stems from a lack of validation of external input SQL statements in Atom.CMSadminajaxpages.php, and could be exploited by attackers to...

MariaDB SQL注入漏洞

MariaDB is a free and open source database management system from the MariaDB Mariadb Foundation and a forked version of MySQL with the Maria storage engine. A security vulnerability exists in MariaDB Server v10.6 and lower that allows an attacker to cause a denial of service DoS via a specially...

Pimcore SQL注入漏洞

Pimcore is an open source Web content management platform for creating and managing Web applications from Austrian company Pimcore. The platform integrates Web content management, e-commerce framework and product information management applications. pimcore has a SQL injection vulnerability, whic...

ZZCMS SQL注入漏洞

ZZCMS is a content management system CMS from the Zzcms team in China. zzCMS2021 is vulnerable to SQL injection, which stems from a lack of filtering of SQL data in admanage.php. An attacker could use this vulnerability to send malicious SQL commands...

Car Rental System SQL注入漏洞

Car Rental System is a car rental system by individual developer AMEY THAKUR in India. car Rental System v1.0 is vulnerable to SQL injection, which originates from the lack of SQL data filtering for the id parameter in /CarRental/booking.php, and can be exploited by attackers to execute illegal S...

cyrus-sasl: failure to properly escape SQL input allows an attacker to execute arbitrary SQL commands

A flaw was found in the SQL plugin shipped with Cyrus SASL. The vulnerability occurs due to failure to properly escape SQL input and leads to an improper input validation vulnerability. This flaw allows an attacker to execute arbitrary SQL commands and the ability to change the passwords for othe...

The vulnerability of the PuppetDB database management system lies in the lack of protective measures for SQL query structures. This allows attackers to gain access to confidential data, compromise its integrity, and cause service failures.

The vulnerability of the PuppetDB database management system is related to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to gain access to confidential data, compromise its integrity, and cause service interruptions...

CVE-2022-27123

Employee Performance Evaluation v1.0 was discovered to contain a SQL injection vulnerability via the email parameter...

CVE-2022-28115

Online Sports Complex Booking v1.0 was discovered to contain a SQL injection vulnerability via the id parameter...

MingSoft MCMS SQL注入漏洞

MingSoft MCMS is a complete open source J2ee system from MingSoft, a Chinese company. mingsoft MCMS has a SQL injection vulnerability, which originates from the lack of filtering and escaping of SQL data in the categoryId parameter of /cms/content/list, and can be used by attackers to execute...

Online Student Admission System SQL注入漏洞

Online Student Admission System is an online student admission system. It is used to computerize all pre- and post-admission activities of an institution. Online Student Admission v1.0 has a security vulnerability that allows an attacker to perform SQL injection via the txtapplicationID parameter...

SourceCodester Employee Performance Evaluation System SQL注入漏洞

SourceCodester Employee Performance Evaluation is a Php-based site builder for employee performance management from SourceCodester. sourceCodester Employee Performance Evaluation SQL injection vulnerability, which can be exploited by attackers to perform SQL injection via email parameters...

The vulnerability of the formatting function of the SQL parser for Python, Sqlparse, allows a hacker to cause a service failure.

The vulnerability of the SQL parser’s formatting module for Python Sqlparse is related to the incorrect handling of multiple occurrences of the "\r\n" character in SQL comments. Exploiting this vulnerability allows an attacker to cause service failures remotely...