206 matches found
The vulnerability of the Chamilo LMS electronic learning and content management system lies in the lack of measures to neutralize special elements used within the operating system, allowing attackers to execute arbitrary SQL queries.
The vulnerability of the Chamilo LMS, a system for electronic teaching and content management, lies in the lack of measures taken to neutralize special elements used in the operating system. Exploiting this vulnerability could allow a malicious actor to execute arbitrary SQL queries remotely...
CVE-2024-33266
SQL Injection vulnerability in Helloshop deliveryorderautoupdate v.2.8.1 and before allows an attacker to run arbitrary SQL commands via the DeliveryorderautoupdateOrdersModuleFrontController::initContent function...
CVE-2021-37476
In NavigateCMS version 2.9.4 and below, function in product.php is vulnerable to sql injection on parameter id through a post request, which results in arbitrary sql query execution in the backend database...
CVE-2010-4721
SQL injection vulnerability in news.php in Immo Makler allows remote attackers to execute arbitrary SQL commands via the id parameter...
CVE-2019-20495
cPanel before 82.0.18 allows attackers to read an arbitrary database via MySQL dump streaming SEC-531...
Cryptanalysis of a Lattice-Based PIR Scheme for Arbitrary Database Sizes
Private Information Retrieval PIR schemes enable users to securely retrieve files from a server without disclosing the content of their queries, thereby preserving their privacy. In 2008, Melchor and Gaborit proposed a PIR scheme that achieves a balance between communication overhead and...
WeGIA SQL Injection Vulnerability (CNVD-2025-22280)
WeGIA is a web manager for welfare organizations. WeGIA suffers from a SQL injection vulnerability that stems from a lack of validation of query parameters against externally entered SQL statements. An attacker can exploit this vulnerability to execute illegal SQL commands to steal sensitive...
Vanna 跨站请求伪造漏洞
Vanna is a personalized AI SQL agent from Vanna. Vanna suffers from a cross-site request forgery vulnerability. An attacker exploiting this vulnerability could run arbitrary SQL commands...
The vulnerability of the WP Sessions Time Monitoring full-automatic content management system plugin allows attackers to execute arbitrary SQL queries.
The vulnerability of the WP Sessions Time Monitoring full-automatic content management system for WordPress exists due to the lack of security measures taken to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL queries remotely...
The vulnerability of the Multi-Factor Authentication component of the pgAdmin database management tool allows a malicious individual to gain unauthorized access to the application and execute arbitrary SQL code.
The vulnerability of the Multi-Factor Authentication component of the pgAdmin database management tool exists due to incorrect implementation of multi-factor authentication. Exploiting this vulnerability can allow an attacker to gain unauthorized access to the application and execute arbitrary SQ...
PT-2024-9375 · Ivanti · Ivanti Cloud Services Appliance
Name of the Vulnerable Software and Affected Versions: Ivanti Cloud Services Appliance versions prior to 5.0.3 Description: The issue is related to a lack of protection against SQL query structure exploitation in the admin web console of Ivanti Cloud Services Appliance. This allows a remote...
PT-2024-7743 · Cisco · Cisco Nexus Dashboard Fabric Controller
Name of the Vulnerable Software and Affected Versions: Cisco Nexus Dashboard Fabric Controller NDFC affected versions not specified Description: A vulnerability in the REST API endpoint and web-based management interface of Cisco Nexus Dashboard Fabric Controller NDFC could allow an authenticated...
CVE-2024-35286
A vulnerability in NuPoint Messenger NPM of Mitel MiCollab through 9.8.0.33 allows an unauthenticated attacker to conduct a SQL injection attack due to insufficient sanitization of user input. A successful exploit could allow an attacker to access sensitive information and execute arbitrary...
CVE-2024-30157
A vulnerability in the Suite Applications Services component of Mitel MiCollab through 9.7.1.110 could allow an authenticated attacker with administrative privileges to conduct a SQL Injection attack due to insufficient validation of user input. A successful exploit could allow an attacker to...
CVE-2024-35286
A vulnerability in NuPoint Messenger NPM of Mitel MiCollab through 9.8.0.33 allows an unauthenticated attacker to conduct a SQL injection attack due to insufficient sanitization of user input. A successful exploit could allow an attacker to access sensitive information and execute arbitrary...
CVE-2024-42784
A SQL injection vulnerability in "/music/controller.php?page=viewmusic" in Kashipara Music Management System v1.0 allows an attacker to execute arbitrary SQL commands via the "id" parameter...
WordPress plugin Music Store security vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
Complete Web-Based School Management System 安全漏洞
Campcodes Complete Web-Based School Management System is a Web-based school management system from Campcodes, Inc. A security vulnerability exists in Complete Web-Based School Management System version 1.0. An attacker can exploit this vulnerability to execute arbitrary SQL commands via the index...
Campcodes Complete Web-Based School Management System 安全漏洞
Campcodes Complete Web-Based School Management System is a Web-based school management system from Campcodes, Inc. A security vulnerability exists in Complete Web-Based School Management System version 1.0. An attacker can exploit this vulnerability to execute arbitrary SQL commands via the name...
The vulnerability of the Advantech WebAccess remote monitoring software lies in the lack of security measures for SQL query structures, allowing attackers to execute arbitrary SQL queries against the database.
The vulnerability of the Advantech WebAccess remote monitoring software lies in the lack of security measures for SQL query structures. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL queries against the database remotely...