CVE-2022-34871

This vulnerability allows remote attackers to escalate privileges on affected installations of Centreon. Authentication is required to exploit this vulnerability. The specific flaw exists within the configuration of poller resources. The issue results from the lack of proper validation of a...

Santesoft Sante PACS Server SQL注入漏洞

Santesoft Sante PACS Server is a DICOM 3.0 compliant PACS server, Modality Worklist server, HTTP Web server for DICOM files, and CD/DVD burning and printing server from Santesoft Cyprus. Used to store, archive, manage, view and burn medical images. A SQL injection vulnerability exists in Santesof...

mariadb: server crash in component arg_comparator::compare_real_fixed

A flaw was found in MariaDB. The component, Argcomparator::comparerealfixed, allows attackers to cause a denial of service DoS via specially crafted SQL statements, affecting availability...

CVE-2022-34950

Pharmacy Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at editproduct.php...

Online Tours And Travels Management System SQL注入漏洞

Online Tours And Travels Management System is an online travel management system by Carlo Montero, an individual developer. A security vulnerability exists in Online Tours And Travels Management System v1.0, which can be exploited by an attacker to perform SQL injection using the pname parameter ...

Pharmacy Management System SQL注入漏洞

Pharmacy Management System MPMS is a multilingual pharmacy management system from the personal developer Mayuri K. A SQL injection vulnerability exists in Pharmacy Management System v1.0, which stems from the getOrderReport.php startDate parameter in getOrderReport.php lacks validation for extern...

The vulnerability of the editbrand.php implementation allows a hacker to execute arbitrary commands. This vulnerability exists in the Garage Management System optimization tool.

The vulnerability of the editbrand.php implementation, a tool for optimizing the garage management system process, relates to the lack of protective measures for the SQL query structure during the processing of the id parameter. Exploiting this vulnerability allows an attacker, operating remotely...

mariadb: server crash at my_decimal::operator=

A flaw was found in MariaDB. The component, mydecimal::operator=, allows attackers to cause a denial of service DoS via specially crafted SQL statements, affecting availability...

mariadb: server crash in create_tmp_table::finalize

A flaw was found in MariaDB. The component, Createtmptable::finalize, allows attackers to cause a denial of service DoS via specially crafted SQL statements, affecting availability...

mariadb: assertion failure in sql/item_cmpfunc.cc

A flaw was found in the MariaDB Server. It contains a segmentation fault via the component, sql/itemcmpfunc.cc, affecting availability...

Synology CardDAV Server SQL注入漏洞

Synology CardDAV Server is a contact management package from Synology China. It allows you to synchronize and access the address book on Synology NAS. A SQL injection vulnerability exists in Synology CardDAV Server versions prior to 6.0.10-0153, which stems from improper elimination of special...

The vulnerability of the SonicWall Analytics On-Prem global network firewall management system’s analytical service allows attackers to execute arbitrary SQL commands in the application database by failing to protect the SQL query structure.

The vulnerability of the SonicWall Analytics On-Prem global network management system’s analytical service is related to the failure to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL commands in the application database remotely...

CVE-2022-36161

Orange Station 1.0 was discovered to contain a SQL injection vulnerability via the username parameter...

Communilink CLink Office SQL注入漏洞

Communilink CLink Office is a control panel for unified management of email and anti-spam filters from Communilink, Hong Kong, China. A security vulnerability exists in CommuniLink CLink Office version v2.0. The vulnerability is exploited by attackers to conduct SQL injection attacks via the...

WordPress plugin WP Visitor Statistics SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection vulnerabili...

Garage Management System SQL注入漏洞

SourceCodester Garage Management System Cms-Website is a garage management system by mayurik personal developer. It can help you manage all your vehicles, cars and motorcycles. A security vulnerability exists in Garage Management System 1.0 that stems from This issue affects some unknown processi...

CVE-2017-20134

A vulnerability, which was classified as critical, has been found in Itech Freelancer Script 5.13. Affected by this issue is some unknown functionality of the file /category.php. The manipulation of the argument sk leads to sql injection. The attack may be launched remotely. The exploit has been...

CVE-2017-20131

A vulnerability was found in Itech News Portal 6.28. It has been classified as critical. Affected is an unknown function of the file /news-portal-script/information.php. The manipulation of the argument inf leads to sql injection. It is possible to launch the attack remotely. The exploit has been...

CVE-2021-39018

IBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could disclose sensitive information in a SQL error message that could aid in further attacks against the system. IBM X-Force ID: 213726...

Piwigo SQL注入漏洞

Piwigo is a Web-based open source photo gallery software. The software includes features such as image management, image categorization and permission management. A security vulnerability exists in Piwigo v12.2.0 and earlier versions. The vulnerability stems from the fact that an attacker can use...