CVE-2021-41147

CVE-2021-41147 affects Tuleap Open ALM. An attacker with admin rights in a single agile dashboard service can execute arbitrary SQL queries, impacting Community Edition < 11.16.99.173 and Enterprise Edition < 11.16-6 /

Nagios XI SQL Injection Vulnerability (CNVD-2021-90908)

Nagios XI is a commercial monitoring solution built on Nagios Core, including dashboards, web-based configuration, advanced reporting, and rich data visualization.A SQL injection vulnerability exists in the bulk modification feature of Nagios XI versions prior to 5.8.5. An attacker could exploit...

CVE-2021-33177

The Bulk Modifications functionality in Nagios XI versions prior to 5.8.5 is vulnerable to SQL injection. Exploitation requires the malicious actor to be authenticated to the vulnerable system, but once authenticated they would be able to execute arbitrary sql queries...

The vulnerability in the plugin/Audit/Objects/AuditTable.php component of the YouPHPTube website allows attackers to execute arbitrary SQL queries.

The vulnerability of the plugin/Audit/Objects/AuditTable.php component of the YouPHPTube website is related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows an attacker to execute arbitrary SQL queries remotely...

Invigo Automatic Device Management SQL Injection Vulnerability

Invigo Automatic Device Management ADM is a native management tool for cellular operators that enables them to detect, maintain and manage millions of devices cost-effectively and with a high degree of reliability. A SQL injection vulnerability exists in /admin/displayerrors.php in Invigo Automat...

The vulnerability in the vManage web interface of the software-defined Cisco SD-WAN network allows a attacker to execute arbitrary SQL queries.

The vulnerability in the vManage web interface of the Cisco SD-WAN programmatically defined network is related to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL queries remotely...

The vulnerability of the Magento Commerce software platform for developing and managing online stores lies in the lack of measures to protect SQL query structures. This allows attackers to execute arbitrary SQL queries against the database in the target system and gain access to protected information.

The vulnerability of the Magento Commerce development and management software platform lies in the lack of measures to protect SQL query structures. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL queries against the database in the target system by sending a...

The vulnerability of the GLPI system’s request, incident, and computer equipment inventory processes, related to the improper elimination of special elements used in SQL commands, allows a malicious actor to execute arbitrary SQL queries against the database in the target system.

The vulnerability of the GLPI system’s request, incident, and computer equipment inventory management functions is related to the improper elimination of certain elements used in SQL commands. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL queries against the targ...

SQL Injection in untitled-model

All versions of untitled-model re vulnerable to SQL Injection. Query parameters are not properly sanitized allowing attackers to inject SQL statements and execute arbitrary SQL queries. Recommendation No fix is currently available. Consider using an alternative package until a fix is made availab...

SQL Injection in sails-mysql

Versions of sails-mysql prior to 0.10.8 are vulnerable to SQL Injection. The sort keyword is not properly sanitized and may allow attackers to inject SQL statements and execute arbitrary SQL queries Recommendation Upgrade to version 0.10.8 or later...

Hyland OnBase SQL Injection

CVSSv3.1 Score ------------------------------------------------- AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H Vendor ------------------------------------------------- Hyland Software - https://www.hyland.com/en/ and https://www.onbase.com/en/ Product ------------------------------------------------- Hylan...

CVE-2020-3378 Cisco SD-WAN vManage Software SQL Injection Vulnerability

A vulnerability in the web-based management interface for Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to impact the integrity of an affected system by executing arbitrary SQL queries. The vulnerability is due to insufficient validation of user-supplied input. An...

WordPress Chop Slider SQL Injection Vulnerability

WordPress is the WordPress Foundation's set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers.Chop Slider is a jQuery slider plugin used in it. A SQL injection vulnerability exists in the 'id' GET parameter of the...

CVE-2020-11530

A blind SQL injection vulnerability is present in Chop Slider 3, a WordPress plugin. The vulnerability is introduced in the id GET parameter supplied to getscript/index.php, and allows an attacker to execute arbitrary SQL queries in the context of the WP database user...

CVE-2020-11537

A SQL Injection issue was discovered in ONLYOFFICE Document Server 5.5.0. An attacker can execute arbitrary SQL queries via injection to DocID parameter of Websocket API...

Sql injection

A SQL Injection issue was discovered in ONLYOFFICE Document Server 5.5.0. An attacker can execute arbitrary SQL queries via injection to DocID parameter of Websocket API...

CVE-2020-5292

Leantime before versions 2.0.15 and 2.1-beta3 has a SQL Injection vulnerability. The impact is high. Malicious users/attackers can execute arbitrary SQL queries negatively affecting the confidentiality, integrity, and availability of the site. Attackers can exfiltrate data like the users' and...

CVE-2020-5292

Leantime before versions 2.0.15 and 2.1-beta3 has a SQL Injection vulnerability. The impact is high. Malicious users/attackers can execute arbitrary SQL queries negatively affecting the confidentiality, integrity, and availability of the site. Attackers can exfiltrate data like the users' and...

Authentication flaw

An authentication bypass vulnerability is present in the standalone SITS:Vision 9.7.0 component of Tribal SITS in its default configuration, related to unencrypted communications sent by the client each time it is launched. This occurs because the Uniface TLS Driver is not enabled by default. Thi...

Samsung Mobile Device SQL Injection Vulnerability (CNVD-2020-31556)

Android is a free and open source operating system from Google based on the Linux kernel without GNU components. Samsung mobile devices suffer from a SQL injection vulnerability that can be exploited by attackers to execute arbitrary SQL queries with the help of specially crafted SQL statements...