SQL Injection

Overview magento/project-community-edition is an eCommerce Platform for Growth Community Edition Affected versions of this package are vulnerable to SQL Injection due to improper neutralization of special elements used in an SQL command. An attacker can execute arbitrary code by injecting SQL...

1E Platform SQL Injection Vulnerability

1E Platform is a terminal endpoint management and automation solution from 1E. A security vulnerability exists in 1E Platform versions prior to v8.1.2, prior to v8.4.1, prior to v9.0.1, and prior to v23.7.1 SaaS, which stems from the incorrect neutralization of special elements used in SQL...

CVE-2023-5046

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Biltay Technology Procost allows SQL Injection, Command Line Execution through SQL Injection. This issue affects Procost: before 1390...

CVE-2023-23651

Auth. subscriber+ SQL Injection SQLi vulnerability in MainWP Google Analytics Extension plugin = 4.0.4 versions...

CVE-2023-36420

Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability...

PT-2023-32126 · Unknown · Code-Projects Farmacia

Name of the Vulnerable Software and Affected Versions: codeprojects Farmacia version 1.0 Description: A critical issue was found in the code, affecting an unknown function of the file index.php. The manipulation of the usario/senha argument leads to sql injection. It is possible to launch the...

PT-2023-5983 · Microsoft · Wdac Ole Db Provider For Sql Server +1

Name of the Vulnerable Software and Affected Versions: Microsoft WDAC OLE DB provider for SQL Server affected versions not specified Description: The issue is related to insufficient input validation in the Microsoft WDAC OLE DB provider for SQL Server component, which can be exploited by a remot...

Election Services SQL Injection Vulnerability

Election Services is an application from Election Services, Inc. Election Services Internet Election Service suffers from a security vulnerability that stems from susceptibility to SQL injection attacks, allowing an unauthenticated, remote attacker to read or modify data for any election that...

Microsoft ODBC Driver Security Vulnerability

Microsoft ODBC Driver is a driver from Microsoft. It allows applications to access data in a database management system DBMS using SQL as the standard for accessing data. A security vulnerability exists in Microsoft ODBC Driver. An attacker could exploit the vulnerability to remotely execute code...

HANSUNCMS SQL Injection Vulnerability

HANSUNCMS is a website builder system from China HANSUN Technology HANSUN Company. HANSUNCMS v1.0 version of the existence of security vulnerabilities, the vulnerability stems from the component / ajax / ajaxlogin.ashx found to contain SQL injection vulnerability...

VulnCheck KEV: CVE-2024-46510

ESAFENET CDG v5 was discovered to contain a SQL injection vulnerability via the id parameter in the NavigationAjax interface...

Turna Advertising Administration Panel SQL Injection Vulnerability

Turna Advertising Administration Panel is an advertising administration panel from Turna. Turna Advertising Administration Panel versions prior to 1.1 are vulnerable to a SQL injection vulnerability that stems from the presence of a SQL injection vulnerability...

Online Computer and Laptop Store SQL Injection Vulnerability

Online Computer and Laptop Store is an online computer and laptop store by Carlo Montero Personal Developer. A SQL injection vulnerability exists in Online Computer and Laptop Store version 1.0, which originates from a SQL injection vulnerability in the file products.php...

IDM Sistemas QSige SQL Injection Vulnerability

IDM Sistemas QSige is a communication management system from IDM Sistemas. A security vulnerability exists in IDM Sistemas QSige that stems from the absence of an access control mechanism to verify that a user requesting a resource has sufficient privileges to perform this operation...

The vulnerability in the importexport.php script of the D-Link DAR-8000 router’s software allows a hacker to execute arbitrary commands.

The vulnerability of the importexport.php script in the D-Link DAR-8000 router microprogramming system is related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows an attacker to execute arbitrary commands remotely...

The vulnerability of the /autheditpwd.php script in the D-Link DAR-8000 router microprogramming system, allowing a hacker to execute arbitrary commands.

The vulnerability of the /autheditpwd.php script in the D-Link DAR-8000 router microprogramming system is related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows an attacker to execute arbitrary commands remotely...

PT-2023-29055 · Presto Changeo · Testsitecreator

Name of the Vulnerable Software and Affected Versions: Presto Changeo testsitecreator versions up to 1.1.1 Description: The issue is related to a SQL injection vulnerability. This vulnerability is present in the component disable json.php. Recommendations: For Presto Changeo testsitecreator...

D-Link DAR-7000 SQL Injection Vulnerability

D-Link DAR-7000 is an Internet behavior auditing gateway from China AUO D-Link. A SQL injection vulnerability exists in the D-Link DAR-7000 version 20151231 and earlier versions, which stems from the fact that incorrect manipulation of the parameter id can lead to sql injection...

TTSPlanning SQL Injection Vulnerability

TTSPlanning is a solar power monitoring application from TTSPlanning Japan. TTSPlanning suffers from a SQL injection vulnerability that stems from the fact that manipulation of the parameter uid can lead to sql injection...

CVE-2023-5272

A vulnerability classified as critical has been found in SourceCodester Best Courier Management System 1.0. This affects an unknown part of the file editparcel.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. The exploit has been disclosed to...