Lucene search
K

206 matches found

BDU FSTEC
BDU FSTEC
added 2025/06/18 12:0 a.m.5 views

The vulnerability of the Chamilo LMS electronic learning and content management system lies in the lack of measures to neutralize special elements used within the operating system, allowing attackers to execute arbitrary SQL queries.

The vulnerability of the Chamilo LMS, a system for electronic teaching and content management, lies in the lack of measures taken to neutralize special elements used in the operating system. Exploiting this vulnerability could allow a malicious actor to execute arbitrary SQL queries remotely...

8.7CVSS6AI score0.02657EPSS
Exploits1References4Affected Software1
RedhatCVE
RedhatCVE
added 2025/05/23 6:21 a.m.3 views

CVE-2024-33266

SQL Injection vulnerability in Helloshop deliveryorderautoupdate v.2.8.1 and before allows an attacker to run arbitrary SQL commands via the DeliveryorderautoupdateOrdersModuleFrontController::initContent function...

9.8CVSS8.3AI score0.00669EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:53 p.m.3 views

CVE-2021-37476

In NavigateCMS version 2.9.4 and below, function in product.php is vulnerable to sql injection on parameter id through a post request, which results in arbitrary sql query execution in the backend database...

9.8CVSS7.5AI score0.02162EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 5:39 a.m.5 views

CVE-2010-4721

SQL injection vulnerability in news.php in Immo Makler allows remote attackers to execute arbitrary SQL commands via the id parameter...

7.5CVSS8.8AI score0.02141EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:50 a.m.6 views

CVE-2019-20495

cPanel before 82.0.18 allows attackers to read an arbitrary database via MySQL dump streaming SEC-531...

6.5CVSS6.9AI score0.0099EPSS
Exploits0References1
Packet Storm News
Packet Storm News
added 2025/05/09 12:0 a.m.1 views

Cryptanalysis of a Lattice-Based PIR Scheme for Arbitrary Database Sizes

Private Information Retrieval PIR schemes enable users to securely retrieve files from a server without disclosing the content of their queries, thereby preserving their privacy. In 2008, Melchor and Gaborit proposed a PIR scheme that achieves a balance between communication overhead and...

7AI score
Exploits0
CNVD
CNVD
added 2025/04/03 12:0 a.m.3 views

WeGIA SQL Injection Vulnerability (CNVD-2025-22280)

WeGIA is a web manager for welfare organizations. WeGIA suffers from a SQL injection vulnerability that stems from a lack of validation of query parameters against externally entered SQL statements. An attacker can exploit this vulnerability to execute illegal SQL commands to steal sensitive...

9.8CVSS8.3AI score0.00586EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/03/20 12:0 a.m.4 views

Vanna 跨站请求伪造漏洞

Vanna is a personalized AI SQL agent from Vanna. Vanna suffers from a cross-site request forgery vulnerability. An attacker exploiting this vulnerability could run arbitrary SQL commands...

6.5CVSS7AI score0.00232EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2025/02/26 12:0 a.m.7 views

The vulnerability of the WP Sessions Time Monitoring full-automatic content management system plugin allows attackers to execute arbitrary SQL queries.

The vulnerability of the WP Sessions Time Monitoring full-automatic content management system for WordPress exists due to the lack of security measures taken to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL queries remotely...

9.3CVSS5.9AI score0.0106EPSS
Exploits1References4Affected Software1
BDU FSTEC
BDU FSTEC
added 2024/12/25 12:0 a.m.6 views

The vulnerability of the Multi-Factor Authentication component of the pgAdmin database management tool allows a malicious individual to gain unauthorized access to the application and execute arbitrary SQL code.

The vulnerability of the Multi-Factor Authentication component of the pgAdmin database management tool exists due to incorrect implementation of multi-factor authentication. Exploiting this vulnerability can allow an attacker to gain unauthorized access to the application and execute arbitrary SQ...

7.4CVSS7.6AI score0.00629EPSS
Exploits0References7Affected Software4
Positive Technologies
Positive Technologies
added 2024/12/10 12:0 a.m.3 views

PT-2024-9375 · Ivanti · Ivanti Cloud Services Appliance

Name of the Vulnerable Software and Affected Versions: Ivanti Cloud Services Appliance versions prior to 5.0.3 Description: The issue is related to a lack of protection against SQL query structure exploitation in the admin web console of Ivanti Cloud Services Appliance. This allows a remote...

10CVSS9.5AI score0.23598EPSS
Exploits0References14
Positive Technologies
Positive Technologies
added 2024/11/06 12:0 a.m.7 views

PT-2024-7743 · Cisco · Cisco Nexus Dashboard Fabric Controller

Name of the Vulnerable Software and Affected Versions: Cisco Nexus Dashboard Fabric Controller NDFC affected versions not specified Description: A vulnerability in the REST API endpoint and web-based management interface of Cisco Nexus Dashboard Fabric Controller NDFC could allow an authenticated...

9CVSS8.3AI score0.00772EPSS
Exploits0References14
NVD
NVD
added 2024/10/21 9:15 p.m.29 views

CVE-2024-35286

A vulnerability in NuPoint Messenger NPM of Mitel MiCollab through 9.8.0.33 allows an unauthenticated attacker to conduct a SQL injection attack due to insufficient sanitization of user input. A successful exploit could allow an attacker to access sensitive information and execute arbitrary...

9.8CVSS0.65559EPSS
Exploits0References1
OSV
OSV
added 2024/10/21 9:15 p.m.4 views

CVE-2024-30157

A vulnerability in the Suite Applications Services component of Mitel MiCollab through 9.7.1.110 could allow an authenticated attacker with administrative privileges to conduct a SQL Injection attack due to insufficient validation of user input. A successful exploit could allow an attacker to...

7.2CVSS6AI score0.00403EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/10/21 12:0 a.m.18 views

CVE-2024-35286

A vulnerability in NuPoint Messenger NPM of Mitel MiCollab through 9.8.0.33 allows an unauthenticated attacker to conduct a SQL injection attack due to insufficient sanitization of user input. A successful exploit could allow an attacker to access sensitive information and execute arbitrary...

9.8AI score0.65559EPSS
Exploits0References1
OSV
OSV
added 2024/08/21 6:15 p.m.4 views

CVE-2024-42784

A SQL injection vulnerability in "/music/controller.php?page=viewmusic" in Kashipara Music Management System v1.0 allows an attacker to execute arbitrary SQL commands via the "id" parameter...

9.8CVSS6.1AI score0.00608EPSS
Exploits1References2
CNNVD
CNNVD
added 2024/06/07 12:0 a.m.4 views

WordPress plugin Music Store security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

6.5CVSS7.8AI score0.00519EPSS
Exploits0References5
CNNVD
CNNVD
added 2024/05/28 12:0 a.m.5 views

Complete Web-Based School Management System 安全漏洞

Campcodes Complete Web-Based School Management System is a Web-based school management system from Campcodes, Inc. A security vulnerability exists in Complete Web-Based School Management System version 1.0. An attacker can exploit this vulnerability to execute arbitrary SQL commands via the index...

6.5CVSS8AI score0.00426EPSS
Exploits1References2
CNNVD
CNNVD
added 2024/05/23 12:0 a.m.2 views

Campcodes Complete Web-Based School Management System 安全漏洞

Campcodes Complete Web-Based School Management System is a Web-based school management system from Campcodes, Inc. A security vulnerability exists in Complete Web-Based School Management System version 1.0. An attacker can exploit this vulnerability to execute arbitrary SQL commands via the name...

9.8CVSS8AI score0.0051EPSS
Exploits1References2
BDU FSTEC
BDU FSTEC
added 2024/03/26 12:0 a.m.4 views

The vulnerability of the Advantech WebAccess remote monitoring software lies in the lack of security measures for SQL query structures, allowing attackers to execute arbitrary SQL queries against the database.

The vulnerability of the Advantech WebAccess remote monitoring software lies in the lack of security measures for SQL query structures. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL queries against the database remotely...

6.4CVSS6AI score0.003EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder