SQL Injection

Overview griptape-tools is a Tools for the Griptape framework. Affected versions of this package are vulnerable to SQL Injection through the executequery path in the SQL tool and loader components. An attacker can execute malicious SQL against the connected database by prompt-injecting the LLM to...

SQL Injection

Overview mlflow is a platform to streamline machine learning development, including tracking experiments, packaging code into reproducible runs, and sharing and deploying models. Affected versions of this package are vulnerable to SQL Injection due to unsafe construction of SQL statements in the...

WordPress External Login plugin Information Disclosure Vulnerability

The WordPress External Login plugin is mainly used to integrate WordPress login functionality with an external database system, allowing users to log in to the site directly through an external account. An information disclosure vulnerability exists in the WordPress External Login plugin, which...

EUVD-2021-28928

Malicious code in bioql PyPI...

CVE-2021-24704

In the Orange Form WordPress plugin through 1.0, the processbulkaction function in "admin/orange-form-email.php" performs an unprepared SQL query with an unsanitized parameter $id. Only admin can access the page that invokes the function, but because of lack of CSRF protection, it is actually...

CVE-2021-41931

The Company's Recruitment Management System in id=2 of the parameter from viewvacancy app on-page appears to be vulnerable to SQL injection. The payloads 19424269' or '1309'='1309 and 39476597' or '2917'='2923 were each submitted in the id parameter. These two requests resulted in different...

The vulnerability of the LockDatabaseSettings method in the software for managing and monitoring deleted objects in telemetry and telemechanics systems, allowing a hacker to circumvent security restrictions and gain access to write and read arbitrary files.

The vulnerability of the LockDatabaseSettings method in software for managing and monitoring deleted objects in telemetry and telemechanics systems related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor to bypass security...

WordPress plugin Frontend Dashboard SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection...

The vulnerability of the RecordBrokenApp method in the Ivanti Endpoint Manager software for managing endpoints in information networks allows a hacker to execute arbitrary code.

The vulnerability of the RecordBrokenApp method in the Ivanti Endpoint Manager software for managing endpoints in information networks relates to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using a...

MariaDB CONNECT Storage Engine Stack-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16191.

...

The vulnerability of the REST API interface of the Cisco IoT Field Network Director software, which allows a hacker to access the internal database of the vulnerable device.

The vulnerability of the REST API interface of the Cisco IoT Field Network Director software management tool is related to the lack of security measures for SQL query structures. Exploiting this vulnerability can allow an attacker, operating remotely, to gain access to the internal database of th...

CVE-2019-9846

RockOA 1.8.7 allows remote attackers to obtain sensitive information because the webmain/webmainAction.php publictreestore method constructs a SQL WHERE clause unsafely by using the pidfields and idfields parameters, aka background SQL injection...

CVE-2017-16082

A remote code execution vulnerability was found within the pg module when the remote database or query specifies a specially crafted column name. There are 2 likely scenarios in which one would likely be vulnerable. 1 Executing unsafe, user-supplied sql which contains a malicious column name. 2...

The vulnerability of the NVBUScheduleSet request handler in the software for data archiving and restoration by NetVault Backup allows a perpetrator to execute arbitrary code.

The vulnerability of the NVBUScheduleSet request handler in software for data archiving and restoration by NetVault Backup is related to insufficient protection of the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

phpkit-sql.txt

!/usr/bin/perl Vulnerability found & exploit written by $h4d0wl33t shadowleet Contact: [email protected] Phpkit 1.6.4pl1 Non Public Exploit by $hadowleet, Description: Vulnerability in file pkinc/public/article.php On line 71: $contentid=!$contentid && isset$REQUEST'contentid' &&...