PT-2023-31315 · Apache · Apache Superset

Name of the Vulnerable Software and Affected Versions: Apache Superset versions prior to 2.1.2 Apache Superset versions 3.0.0 through 3.0.1 Description: A where in JINJA macro allows users to specify a quote, which combined with a carefully crafted statement would allow for SQL injection in Apach...

WordPress Theme Porto SQL Injection Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A SQL injection vulnerability exists in...

WordPress Plugin Master Slider SQL Injection Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection vulnerability exists i...

CVE-2023-6898

A vulnerability classified as critical has been found in SourceCodester Best Courier Management System 1.0. Affected is an unknown function of the file manageuser.php. The manipulation of the argument id leads to sql injection. The exploit has been disclosed to the public and may be used. The...

WebITR SQL Injection Vulnerability

WebITR is an online time and attendance system. A SQL injection vulnerability exists in Kaifa Technology WebITR version 21023, which stems from insufficient validation of user input and can be exploited by remote attackers to inject arbitrary SQL commands to read a database...

Dell PowerProtect Data Domain SQL Injection Vulnerability

Dell PowerProtect Data Domain Dell PowerProtect DD is a suite of hardware appliances for data protection, backup, storage, and deduplication from Dell, USA. A SQL injection vulnerability exists in Dell PowerProtect Data Domain, which stems from the inclusion of a SQL injection vulnerability...

Nagios XI Security Vulnerability

Nagios XI is a suite of IT infrastructure monitoring solutions from the US-based Nagios. The solution supports monitoring and alerting of applications, services, operating systems and more. A security vulnerability exists in Nagios XI versions prior to 5.11.3, which stems from the presence of a S...

SchedMD Slurm Security Vulnerability

SchedMD Slurm is an open source and highly scalable cluster management and job scheduling system for large and small Linux clusters from SchedMD. A security vulnerability exists in SchedMD Slurm that stems from an SQL injection against the SlurmDBD database...

RockOA Security Breach

RockOA Xinhuo is an open source office OA system. RockOA 2.3.3 before the version of a security vulnerability , the vulnerability stems from the vulnerability to SQL injection attacks...

PT-2023-31414 · Schedmd · Schedmd Slurm

Name of the Vulnerable Software and Affected Versions: SchedMD Slurm versions 23.11.x through 23.11.0 Description: An issue was discovered in SchedMD Slurm, allowing SQL Injection against the SlurmDBD database. Recommendations: For SchedMD Slurm versions 23.11.x through 23.11.0, update to version...

PT-2023-27701 · Unknown · Common Services Soliberte

Name of the Vulnerable Software and Affected Versions: Common Services soliberte versions prior to 4.3.03 Description: The issue allows attackers to obtain sensitive information via the lat and lng parameters in the functions/point list.php file. This is a SQL Injection vulnerability, which means...

Online Tours & Travels Management System SQL Injection Vulnerability

Online Tours & Travels Management System is an online tours management system by Mayuri K. Individual developer. A SQL injection vulnerability exists in SourceCodester Online Tours & Travels Management System version 1.0, which stems from a problem with the prepare function in emailsetup.php, whi...

Hanbiro SQL Injection Vulnerability

Hanbiro is an application from Hanbiro Inc. A security vulnerability exists in Hanbiro groupware versions prior to V3.8.79 through V3.8.81.1 that stems from the presence of a SQL injection vulnerability...

PHPGurukul Nipah virus Testing Management System SQL Injection Vulnerability

PHPGurukul Nipah Virus Testing Management System is an online virus diagnostic platform from PHPGurukul Inc. An injection vulnerability exists in version 1.0 of the PHPGurukul Nipah Virus Testing Management System, which originates from a SQL injection vulnerability in the file...

Zultys MX Series Security Vulnerability

Zultys MX Series is a series of IP phones from Zultys USA. A security vulnerability exists in Zultys MX Series that stems from susceptibility to SQL injection attacks...

The vulnerability of the “search.cgi” file of the License Plate Verifier software allows a violator to execute arbitrary SQL queries.

The vulnerability of the “search.cgi” file of the License Plate Verifier software exists due to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor operating remotely to execute arbitrary SQL queries...

The vulnerability of the Tyk application programming interface, related to the lack of security measures for SQL query structures, allows attackers to execute arbitrary SQL queries.

The vulnerability of the Tyk cloud firewall’s application programming interface is related to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL queries remotely...

PrestaShop SQL注入漏洞

PrestaShop is an open source e-commerce solution from PrestaShop, Inc. in the United States. The solution provides a variety of payment methods, short message alerts and product image scaling and other features. PrestaShop suffers from a SQL injection vulnerability that stems from the module havi...

CVE-2023-5108

The Easy Newsletter Signups WordPress plugin through 1.0.4 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin...

VulnCheck KEV: CVE-2023-30625

rudder-server is part of RudderStack, an open source Customer Data Platform CDP. Versions of rudder-server prior to 1.3.0-rc.1 are vulnerable to SQL injection. This issue may lead to Remote Code Execution RCE due to the rudder role in PostgresSQL having superuser permissions by default...