SUSE CVE-2013-5589

SQL injection vulnerability in cacti/host.php in Cacti 0.8.8b and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter...

SUSE CVE-2015-4342

SQL injection vulnerability in Cacti before 0.8.8d allows remote attackers to execute arbitrary SQL commands via unspecified vectors involving a cdef id...

SUSE CVE-2017-2518

An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "SQLite" component. It allows remote attackers to execute arbitrary code or cause a denial o...

SUSE CVE-2020-10804

In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection vulnerability was found in retrieval of the current username in libraries/classes/Server/Privileges.php and libraries/classes/UserPassword.php. A malicious user with access to the server could create a crafted username, and then...

SUSE CVE-2021-22298

There is a logic vulnerability in Huawei Gauss100 OLTP Product. An attacker with certain permissions could perform specific SQL statement to exploit this vulnerability. Due to insufficient security design, successful exploit can cause service abnormal. Affected product versions include: ManageOne...

SUSE CVE-2022-23305

By design, the JDBCAppender in Log4j 1.2.x accepts an SQL statement as a configuration parameter where the values to be inserted are converters from PatternLayout. The message converter, %m, is likely to always be included. This allows attackers to manipulate the SQL by entering crafted strings...

The vulnerability of the centralized control system for network devices and ports of Advantech iView, related to the lack of measures taken to protect the SQL query structure, allows attackers to execute arbitrary SQL commands.

The vulnerability of the centralized control system for network devices and ports of Advantech iView relates to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL commands remotely...

DataEase SQL注入漏洞

DataEase is an open source data visualization and analysis tool. Used to help users quickly analyze data and gain insight into business trends , so as to achieve business improvement and optimization . A security vulnerability exists in DataEase versions prior to 1.2.0. An attacker exploited the...

Microsoft SQL Server 安全漏洞

Microsoft SQL Server is a large commercial database system from Microsoft that is used on Microsoft Windows systems. A security vulnerability exists in SQL Server. The following products and versions are affected:Microsoft SQL Server 2014 Service Pack 3 for 32-bit Systems CU 4,Microsoft SQL Serve...

WordPress plugin FL3R FeelBox SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A SQL injection vulnerability exists in...

ChiKoi SQL注入漏洞

ChiKoi is an online beverage selling website. A security vulnerability exists in ChiKoi v1.0, which stems from the presence of a SQL injection vulnerability...

WordPress plugin Simple URLs SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

WordPress plugin WP Yelp Review Slider SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection vulnerability exists i...

CVE-2022-4557

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Group Arge Energy and Control Systems Smartpower Web allows SQL Injection.This issue affects Smartpower Web: before 23.01.01...

Grup Arge Energy and Control Systems SmartPower Energy Management System SQL注入漏洞

The Grup Arge Energy and Control Systems SmartPower Energy Management System is a web-based system from Grup Arge Energy and Control Systems developed specifically to improve energy efficiency in organizations. A SQL injection vulnerability exists in Grup Arge Energy and Control Systems SmartPowe...

CVE-2023-23163

Art Gallery Management System Project v1.0 was discovered to contain a SQL injection vulnerability via the editid parameter...

Art Gallery Management System SQL注入漏洞

Art Gallery Management System is an art gallery management system by the individual developer Anuj Kumar. A security vulnerability exists in Art Gallery Management System v1.0, which was discovered to contain a SQL injection vulnerability via the cid parameter of product.php...

Art Gallery Management System SQL注入漏洞

Art Gallery Management System is an art gallery management system by Anuj Kumar, an individual developer. A security vulnerability exists in Art Gallery Management System v1.0, which was discovered to contain a SQL injection vulnerability via the editid parameter...

PT-2023-10256 · Webbuilders · Silverstripe-Kapost-Bridge

Name of the Vulnerable Software and Affected Versions: webbuilders-group silverstripe-kapost-bridge version 0.3.3 Description: A critical issue has been found, affecting the index/getPreview function of the file code/control/KapostService.php. This issue leads to sql injection and can be launched...

PT-2023-14708 · Unknown · Smartpower Web

Name of the Vulnerable Software and Affected Versions: Smartpower Web versions prior to 23.01.01 Description: The issue is related to improper neutralization of special elements used in an SQL command, also known as SQL Injection. This allows for SQL Injection attacks. The estimated number of...