SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection. When relying on --safe for execution of an untrusted CLI script, does not properly implement the azProhibitedFunctions protection mechanism, and instead allows UDF functions such as WRITEFILE. Remediation Upgrade sqlite3 ...

WordPress plugin Dokan SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A SQL injection vulnerability exist...

Canteen Management System SQL注入漏洞

Canteen Management System is a cafeteria management system by Mayuri K. Individual developer. A security vulnerability exists in Canteen Management System that stems from an incorrect manipulation of the parameter customerid resulting in sql injection...

The vulnerability of the OLE DB driver for SQL Server on the Windows operating system allows a hacker to execute arbitrary code.

The vulnerability of the OLE DB driver for SQL Server on the Windows operating system exists due to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

CVE-2022-33875

An improper neutralization of special elements used in an SQL Command 'SQL Injection' vulnerability in Fortinet FortiADC version 7.1.0, version 7.0.0 through 7.0.2 and version 6.2.4 and below allows an authenticated attacker to execute unauthorized code or commands via specifically crafted HTTP...

CVE-2022-44347

Sanitization Management System v1.0 is vulnerable to SQL Injection via /php-sms/admin/?page=inquiries/viewinquiry&id=...

Rukovoditel SQL注入漏洞

Rukovoditel is a set of Web-based open source project management software from the Rukovoditel team. The software features project management, customer relationship management, and more. Rukovoditel v3.2.1 version of a security vulnerability , the vulnerability stems from through the headingfield...

PT-2022-27467 · Unknown · Church Management System

Name of the Vulnerable Software and Affected Versions: Church Management System version 1.0 Description: The issue is related to a SQL injection vulnerability. This vulnerability can be exploited via the id parameter at the "/admin/edit members.php" API endpoint. Recommendations: For Church...

PT-2022-24016 · Owncast · Owncast

Name of the Vulnerable Software and Affected Versions: owncast versions prior to 0.0.13 Description: The issue is related to SQL Injection in the GitHub repository owncast/owncast. Recommendations: For versions prior to 0.0.13, update to version 0.0.13 or later to resolve the issue...

CVE-2022-3865

The WP User Merger WordPress plugin before 1.5.3 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as admin...

CVE-2022-3849

The WP User Merger WordPress plugin before 1.5.3 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as admin...

OpenDaylight SQL注入漏洞

OpenDaylight ODL is an open source SDN controller from OpenDaylight Open Source. A security vulnerability exists in versions of OpenDaylight ODL prior to 0.16.5, which originates in its aaa-idm-store-h2/src/main/java/org/opendaylight/aaa/datastore/h2/RoleStore.java component in the /auth/ v1/role...

Automotive Shop Management System SQL注入漏洞

Automotive Shop Management System is an automotive shop management system by Carlo Montero Personal Developer. A security vulnerability exists in Automotive Shop Management System v1.0, which was discovered to contain a SQL injection vulnerability via the id parameter in...

Vulnerability fixed in IBM DB2

A vulnerability has been fixed in IBM DB2. This vulnerability allows a malicious party to perform a denial-of-service DoS cause by using the db2expln tool and entering an incorrect SQL statement into it. IBM has made an update available to fix the vulnerability. fix. For more information, see:...

CVE-2022-44117

Boa 0.94.14rc21 is vulnerable to SQL Injection via username. NOTE: the is disputed by multiple third parties because Boa does not ship with any support for SQL...

JIZHICMS SQL注入漏洞

Extreme Networks Technology JIZHICMS Extreme CMS is an open source content management system CMS from China's Extreme Networks Technology. A security vulnerability exists in JIZHICMS v2.3.3, which can be exploited by an attacker to perform SQL injection via the...

PT-2022-27113 · Boa · Boa

Name of the Vulnerable Software and Affected Versions: Boa version 0.94.14rc21 Description: The issue concerns SQL Injection via the username variable. However, it is noted that this vulnerability is disputed by multiple third parties because Boa does not ship with any support for SQL...

CVE-2022-43212

Billing System Project v1.0 was discovered to contain a SQL injection vulnerability via the orderId parameter at fetchOrderData.php...

Billing System Project SQL注入漏洞

Billing System Project is a billing system project by Mayuri K. Individual developer. Billing System Project v1.0 suffers from a SQL injection vulnerability that stems from a lack of validation of the orderId parameter in printOrder.php against an externally entered SQL statement. An attacker cou...

The vulnerability of the Field::set_default component in the MariaDB database, which allows a hacker to trigger a service failure.

The vulnerability of the Field::setdefault component in the MariaDB database management system is related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor to trigger a service failure through a specially crafted SQL query...