Lucene search
K

206 matches found

BDU FSTEC
BDU FSTEC
added 2022/10/20 12:0 a.m.12 views

The vulnerability in the virtual learning environment Moodle, related to insufficient cleaning of user data, allows a hacker to execute arbitrary SQL commands.

The vulnerability in the virtual training environment Moodle is related to insufficient cleaning of user data on the “browse list of users” page of the administration site. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL commands by sending a specially created quer...

10CVSS6.7AI score0.0083EPSS
Exploits0References8Affected Software3
CNNVD
CNNVD
added 2022/08/24 12:0 a.m.11 views

Exment SQL注入漏洞

Exment is simple, easy, lightweight and free web database. A security vulnerability exists in Exment PHP8 v5.0.2 and earlier, laravel-admin v3.0.0 and earlier, and exment PHP7 v4.4.2 and earlier, which can be exploited by attackers to execute arbitrary SQL commands...

8.8CVSS6.2AI score0.0119EPSS
Exploits0References5
CNNVD
CNNVD
added 2022/05/03 12:0 a.m.9 views

Fortinet FortiNAC SQL注入漏洞

Fortinet FortiNAC is a network access control solution from Fortinet, Inc. Fortinet FortiNAC versions 8.3.7 through 9.2.2 are vulnerable to SQL injection, a vulnerability that originates when user-provided data is not sufficiently cleaned and can be exploited to send ad-hoc requests to affected...

8.8CVSS8.4AI score0.00761EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2021/12/24 12:0 a.m.7 views

The vulnerability of the Apache DolphinScheduler scheduler platform, related to privilege management errors, allows a malicious actor to execute arbitrary SQL queries.

The vulnerability of the Apache DolphinScheduler scheduler platform is related to privilege management errors. Exploiting this vulnerability allows a remote attacker to execute arbitrary SQL queries...

9CVSS8.1AI score0.01861EPSS
Exploits0References5Affected Software1
CNNVD
CNNVD
added 2021/11/22 12:0 a.m.5 views

Advantech R-SeeNet SQL注入漏洞

Advantech R-SeeNet is an industrial monitoring software from Advantech Taiwan. The software is based on the snmp protocol for monitoring platforms and is available for Linux and Windows platforms.Advantech R-SeeNet is vulnerable to SQL injection, which is caused by insufficient cleaning of...

7.7CVSS6.3AI score0.01144EPSS
Exploits1References5
BDU FSTEC
BDU FSTEC
added 2021/10/27 12:0 a.m.3 views

The vulnerability of the information system openSIS, related to the failure to protect the SQL query structure, allows a perpetrator to execute arbitrary SQL queries.

The vulnerability of the information system openSIS is related to the failure to implement measures to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL queries using the index.php USERNAME parameter...

10CVSS8.2AI score0.02876EPSS
Exploits2References4Affected Software1
CNNVD
CNNVD
added 2021/08/26 12:0 a.m.4 views

DOYO SQL注入漏洞

DOYO doyocms is a PHP-based open source content management system CMS. A SQL injection vulnerability exists in admin.php of DOYO CMS 2.3, which can be exploited by an attacker to execute arbitrary SQL commands via the orders parameter...

8.8CVSS8.5AI score0.00887EPSS
Exploits1References2
BDU FSTEC
BDU FSTEC
added 2021/01/28 12:0 a.m.5 views

The vulnerability of the central/executar_login.php component of the Mk-Auth authentication software allows a hacker to execute arbitrary SQL queries against the database.

The vulnerability of the central/executarlogin.php component of the Mk-Auth authentication software is related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL queries against the database in the target...

9.4CVSS8.2AI score0.01137EPSS
Exploits0References4Affected Software1
CNVD
CNVD
added 2020/11/06 12:0 a.m.3 views

AudimexEE SQL Injection Vulnerability

AudimexEE is a system for audit management from Audimex AG, Germany. The system meets complex audit processes around the company's business, supports customization for use and is deployed platform-independently. A SQL injection vulnerability exists in the Documents component of AudimexEE versions...

8.8CVSS8.5AI score0.00941EPSS
Exploits0References1
OSV
OSV
added 2020/08/13 2:15 p.m.7 views

CVE-2020-15925

A SQL injection vulnerability at a tpf URI in Loway QueueMetrics before 19.10.21 allows remote authenticated attackers to execute arbitrary SQL commands via the TPFXPAR1 parameter...

8.8CVSS7.6AI score0.01096EPSS
Exploits0References1
CNVD
CNVD
added 2020/07/30 12:0 a.m.3 views

Gambio GX SQL Injection Vulnerability

Gambio GX is a suite of e-commerce platforms from Gambio Germany. A SQL injection vulnerability exists in the admin/mobile.php file in Gambio GX versions prior to 4.0.1.0. The vulnerability stems from a lack of validation of externally entered SQL statements in database-based applications. An...

4.9CVSS8.1AI score0.014EPSS
Exploits1References1
BDU FSTEC
BDU FSTEC
added 2020/07/21 12:0 a.m.5 views

The vulnerability of the SiTex-Gosuslu development platform’s component, related to insufficient validation of input data, allows for arbitrary queries to be executed against the database.

The vulnerability of the SiTex development platform’s service component is related to insufficient validation of input data. Exploiting this vulnerability could allow a malicious actor to execute arbitrary requests to the database using a specially created POST request...

10CVSS5.8AI score
Exploits0Affected Software1
BDU FSTEC
BDU FSTEC
added 2020/07/21 12:0 a.m.7 views

The vulnerability in the vManage web interface of the software-defined Cisco SD-WAN network allows a attacker to execute arbitrary SQL queries.

The vulnerability in the vManage web interface of the Cisco SD-WAN software exists due to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL queries remotely...

5.5CVSS6.3AI score0.00993EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2020/07/17 12:0 a.m.7 views

The vulnerability of the web interface of the content management software in the Prime Collaboration Provisioning network allows a hacker to execute arbitrary SQL queries.

The vulnerability in the web interface for managing content in the Prime Collaboration Provisioning network involves a lack of measures to protect the SQL query structure. Exploiting this vulnerability allows an attacker to execute arbitrary SQL queries remotely...

8.7CVSS7.2AI score0.00944EPSS
Exploits0References2
CNVD
CNVD
added 2020/06/19 12:0 a.m.5 views

Mitsubishi Electric MC Works64 and MC Works32 Code Injection Vulnerability

The Mitsubishi Electric MC Works64 and MC Works32 are both data acquisition and monitoring systems SCADA from Mitsubishi Electric Japan. A code injection vulnerability exists in Mitsubishi Electric MC Works64 version 4.02C 10.95.208.31 and earlier versions, and MC Works32 version 3.00A 9.50.255.0...

9.1CVSS8.4AI score0.03029EPSS
Exploits0References1
CNVD
CNVD
added 2020/05/08 12:0 a.m.1 views

Easy B2C Mall System d***.php file exists arbitrary SQL statement execution vulnerability

Easy B2C mall system is a mall system based on open source framework development. Easy B2C mall system d.php file exists arbitrary SQL statement execution vulnerability. An attacker can exploit the vulnerability to execute arbitrary SQL statements within the file...

8.1AI score
Exploits0
NVD
NVD
added 2020/03/17 3:15 p.m.11 views

CVE-2019-20495

cPanel before 82.0.18 allows attackers to read an arbitrary database via MySQL dump streaming SEC-531...

6.5CVSS6.4AI score0.0099EPSS
Exploits0References1
OSV
OSV
added 2020/03/17 3:15 p.m.5 views

CVE-2019-20495

cPanel before 82.0.18 allows attackers to read an arbitrary database via MySQL dump streaming SEC-531...

6.5CVSS6.7AI score0.0099EPSS
Exploits0References1
OSV
OSV
added 2020/03/10 1:15 p.m.0 views

CVE-2018-14502

controllers/quizzes.php in the Kiboko Chained Quiz plugin before 1.0.9 for WordPress allows remote unauthenticated users to execute arbitrary SQL commands via the 'answer' and 'answers' parameters...

9.8CVSS6.1AI score
Exploits0References2
CNVD
CNVD
added 2019/12/16 12:0 a.m.2 views

Octeth Oempro SQL Injection Vulnerability

Octeth Oempro is a suite of email marketing software from Octeth USA. An SQL injection vulnerability exists in the 'CampaignID' parameter of Campaign.Get in Octeth Oempro version 4.7. The vulnerability stems from a lack of validation of externally entered SQL statements in database-based...

9.8CVSS8.2AI score0.05762EPSS
Exploits5References1
Rows per page
Query Builder