PYSEC-2021-109

Django 3.1.x before 3.1.13 and 3.2.x before 3.2.5 allows QuerySet.orderby SQL injection if orderby is untrusted input from a client of a web application...

CVE-2020-4902

IBM Datacap Taskmaster Capture IBM Datacap Navigator 9.1.7 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 191045...

Accellion Kiteworks SQL注入漏洞

Accellion kiteworks is a next-generation mobile file sharing and collaboration platform that improves enterprise productivity and security. A SQL injection vulnerability exists in Accellion Kiteworks versions prior to 7.4.0. An attacker could exploit the vulnerability to obtain sensitive database...

The vulnerability of the plus/ajax_street.php component of the 74cms CMS system, related to the lack of protection for SQL query structures, allows attackers to execute arbitrary SQL queries.

The vulnerability of the plus/ajaxstreet.php component of the 74cms CMS system is related to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL queries via the parameter x...

The vulnerability of the app/admin/custom-fields/filter-result.php web application for managing IP addresses in phpipam allows a violator to execute arbitrary SQL queries.

The vulnerability of the app/admin/custom-fields/filter-result.php web application for managing IP addresses in phpipam relates to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL queries remotely...

The vulnerability of the plus/ajax_street.php component of the 74cms CMS system, related to the lack of protection for SQL query structures, allows attackers to execute arbitrary SQL queries.

The vulnerability of the plus/ajaxstreet.php component of the 74cms CMS system is related to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL queries via the key parameter...

The vulnerability of the app/admin/custom-fields/edit.php web application for managing IP addresses in phpipam allows a hacker to execute arbitrary SQL queries.

The vulnerability of the “app/admin/custom-fields/edit.php” web application for managing IP addresses in phpipam relates to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL queries remotely...

White Shark System SQL注入漏洞

White Shark System WSS is a browser-based collaboration platform that integrates Project Management, Task Management, Work Management and Work Log Management. Project Management", "Task Management", "Work Management" and "Work Log Management". A SQL injection vulnerability exists in White Shark...

primion Technology AG Secure 8 SQL注入漏洞

primion Technology AG Secure 8 is an access control solution from the Spanish company primion Technology AG. It is designed to control the access of people and vehicles to various locations. Secure 8 suffers from an SQL injection vulnerability that stems from Secure 8 Evalos not properly validati...

The vulnerability in the web interface of the Cisco Unified Communications Manager IM & Presence Service allows a perpetrator to execute arbitrary SQL commands and gain unauthorized access to modify data.

The vulnerability of the Cisco Unified Communications Manager IM & Presence Service Unified CM IM&P web interface management interface is related to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows an attacker to execute arbitrary SQL commands an...

WordPress SQL注入漏洞

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.Yes/No Chart is a plugin for WordPress. Yes/No Chart WordPress plugin version prior to 1.0.12 suffers from a SQL injection...

CVE-2021-23230

A SQL Injection vulnerability in the OPCUA interface of Gallagher Command Centre allows a remote unprivileged Command Centre Operator to modify Command Centre databases undetected. This issue affects: Gallagher Command Centre 8.40 versions prior to 8.40.1888 MR3; 8.30 versions prior to 8.30.1359...

Trace Financial CRESTBridge SQL注入漏洞

CRESTBridge is a resilient, feature-rich interface for Trace Financial.Trace Financial CRESTBridge is vulnerable to SQL injection, which can be exploited by attackers to execute illegal SQL commands...

Esri Arcgis Server SQL注入漏洞

Esri Arcgis Server is the United States Esri company's a Web-oriented can be used to provide geographic location services, enterprise-class software platform. A SQL injection vulnerability exists in ArcGIS Server version 10.8.1 and earlier versions, which can be exploited by attackers to obtain...

WordPress 插件 SQL注入漏洞

WordPress Plugin is an open source application plugin for WordPress. Bello - Directory & Listing WordPress theme prior to version 1.6.0 suffers from a SQL injection vulnerability that stems from the theme not cleaning up critical parameters, resulting in their use in SQL injection statements...

Synology Photo Station SQL注入漏洞

Synology Photo Station is a solution for sharing pictures, videos and blogs over the Internet from Synology Inc. of Taiwan, China. A SQL injection vulnerability exists in Synology Photo Station before 6.8.14-3500, which can be exploited by an attacker to execute arbitrary SQL commands via...

Synology Media Server SQL注入漏洞

Synology Media Server is a media server. A SQL injection vulnerability exists in the cgi component of Synology Media Server before 1.8.1-2876, which can be exploited by an attacker to execute arbitrary SQL commands via an unspecified vector...

In4Velocity In4Suite ERP SQL注入漏洞

In4Velocity In4Suite ERP is an enterprise resource program from In4Velocity India. It is ERP software built for the real estate and construction industry that provides complete visibility of business information and helps streamline processes, improve efficiency, manage complexity and increase...

COVID19 Testing Management System SQL注入漏洞

COVID19 Testing Management System is a COVID19 Testing Management System. A SQL injection vulnerability exists in COVID19 Testing Management System version 1.0, which is exploited via the admin panel...

IBM Security Guardium SQL注入漏洞

IBM Security Guardium is a product of IBM IBM in the U.S. etc. IBM Security Guardium is a suite of platforms that provide data protection capabilities. github rd is a software application. github ic etc. are open source products. github ic is a software application. IBM Security Guardium suffers...