CVE-2022-0258

pimcore is vulnerable to Improper Neutralization of Special Elements used in an SQL Command...

CVE-2022-0224

dolibarr is vulnerable to Improper Neutralization of Special Elements used in an SQL Command...

UBUNTU-CVE-2022-0224

dolibarr is vulnerable to Improper Neutralization of Special Elements used in an SQL Command...

CVE-2021-43971

A SQL injection vulnerability in /mobile/SelectUsers.jsp in SysAid ITIL 20.4.74 b10 allows a remote authenticated attacker to execute arbitrary SQL commands via the filterText parameter...

The vulnerability of the makeSafe function in the Attendance Management System allows a violator to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the makeSafe function in the Attendance Management System’s software lies in the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to compromise the confidentiality, integrity, and accessibility of the protected...

WordPress plugin Events Made Easy SQL注入漏洞

WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. A SQL injection vulnerability exists in the WordPress plugin Events Made Easy. The vulnerability stems from the program not properly filtering and...

WordPress plugin SQL注入漏洞

WordPress is a blogging platform developed by the Wordpress Foundation using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers.The WordPress Download Monitor Plugin has a SQL injection vulnerability in versions prior to 4.4.5, which stems from the use...

CVE-2021-44161

Changing MOTP Mobile One Time Password system’s specific function parameter has insufficient validation for user input. A attacker in local area network can perform SQL injection attack to read, modify or delete backend database without authentication...

The vulnerability of the “description_filter” parameter in the group_list component of the Advantech R-SeeNet monitoring software for routers, related to incorrect validation of input data, allows a hacker to execute arbitrary SQL queries.

The vulnerability of the “descriptionfilter” parameter in the grouplist component of the Advantech R-SeeNet monitoring software for routers is related to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL...

CVE-2021-21935

A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this vulnerability at ‘hostaltfilter2’ parameter. This can be done as any authenticated user or through cross-site request forgery...

Projectworlds Hospital Management System SQL注入漏洞

Projectworlds Hospital Management System is a hospital management system from Projectworlds Austria. v1.0 of Projectworlds Hospital Management System is vulnerable to SQL injection, which can be exploited by attackers to Execute illegal SQL commands to steal sensitive database data...

Projectworlds Hospital Management System SQL注入漏洞

Projectworlds Hospital Management System is a hospital management system from Projectworlds Austria.Projectworlds Hospital Management System is vulnerable to SQL injection, which can be exploited by attackers to execute illegal SQL commands to steal sensitive database data...

postgresql: server processes unencrypted bytes from man-in-the-middle

It was found that a PostgreSQL server could accept plain text data during the establishment of an SSL connection. When a user is requesting a certificate based authentication, an active Person in the Middle could use this flaw in order to inject arbitrary SQL commands...

Jfrog JFrog Artifactory SQL注入漏洞

Jfrog JFrog Artifactory is an open source, general-purpose Artifact repository manager from Israel's JFrog Jfrog that supports clustered and high-availability Docker registries and provides an end-to-end solution for automating artifacts used to track artifacts from development to production. JFr...

The vulnerability of the prod_filter parameter in the “device_list” component of the monitoring software for Advantech R-SeeNet routers allows a perpetrator to carry out cross-site scripting attacks.

The vulnerability of the prodfilter parameter in the “devicelist” component of the Advantech R-SeeNet monitoring software relates to the improper handling of the prodfilter parameter. Exploiting this vulnerability allows a remote attacker to perform cross-site scripting attacks by sending special...

CVE-2020-18081

The checkuser function of SEMCMS 3.8 was discovered to contain a vulnerability which allows attackers to obtain the password in plaintext through a SQL query...

Tcman Gim SQL注入漏洞

Tcman Gim is a facility management software from Tcman Spain designed for use on mobile devices. TCMAN GIM suffers from a SQL injection vulnerability that can be exploited via the "/PC/WebService.asmx" page...

postgresql: server processes unencrypted bytes from man-in-the-middle

It was found that a PostgreSQL server could accept plain text data during the establishment of an SSL connection. When a user is requesting a certificate based authentication, an active Person in the Middle could use this flaw in order to inject arbitrary SQL commands...

ThinkPHP SQL注入漏洞

ThinkPHP is a set of PHP-based, open source, lightweight Web application development framework from China Top Think Information Technology. thinkPHP has SQL injection vulnerability, there is no detailed vulnerability details provided...

Tuleap SQL注入漏洞

Enalean Tuleap is a set of open source software development and project management tools from the French company Enalean. The tool provides enterprise application lifecycle management, as well as project tracking, source code management and team collaboration.Enalean Tuleap is vulnerable to SQL...