The vulnerability of the php-scrm/login.php component of the Simple Customer Relationship Management System web application, which allows a hacker to execute arbitrary SQL queries against the database.

The vulnerability of the php-scrm/login.php component in the Simple Customer Relationship Management System web application is related to the lack of security measures for the SQL query structure. Exploiting this vulnerability allows an attacker to execute arbitrary SQL queries against the databa...

PT-2024-20066 · Gambio · Gambio

Name of the Vulnerable Software and Affected Versions: Gambio versions 4.9.2.0 and earlier Description: The issue allows attackers to run arbitrary SQL commands via a crafted GET request using the modifiersattribute parameter. This enables attackers to potentially extract or modify sensitive data...

The vulnerability of the Ivanti Endpoint Manager software for managing endpoints in information networks lies in the lack of protective measures for SQL query structures, allowing attackers to execute arbitrary SQL queries against the database.

The vulnerability of the Ivanti Endpoint Manager software for managing endpoints in information networks relates to the lack of security measures regarding SQL query structures. Exploiting this vulnerability allows attackers to execute arbitrary SQL queries against the database...

Vulnerability of the edd_ajax_download_search() function (/includes/ajax-functions.php) of the Easy Digital Downloads plugin in the WordPress content management system, allowing a hacker to execute arbitrary SQL queries

The vulnerability of the eddajaxdownloadsearch function /includes/ajax-functions.php in the Easy Digital Downloads plugin of the WordPress content management system is related to the lack of protection for the SQL query structure when processing the “s” parameter. Exploiting this vulnerability...

Admin Tools Application Cross-Site Request Forgery Vulnerability

Admin Tools Application is an open source advanced management tool for XWiki from the XWiki Foundation. A cross-site request forgery vulnerability exists in Admin Tools Application versions prior to 4.5.1, which stems from a vulnerability that allows arbitrary database queries to be performed on...

PT-2023-8619 · Xwiki · Xwiki Admin Tools Application

Name of the Vulnerable Software and Affected Versions: XWiki Admin Tools Application versions prior to 4.5.1 Description: A cross-site request forgery issue in the query on XWiki tool allows executing arbitrary database queries on the database of the XWiki installation. This could be used to dama...

Sql injection

A SQL Injection vulnerability has been identified in the MiVoice Office 400 SMB Controller through 1.2.5.23 which could allow a malicious actor to access sensitive information and execute arbitrary database and management operations...

Mitel MiVoice Office 400 SMB Controller SQL Injection Vulnerability

The Mitel MiVoice Office 400 SMB Controller is an SMB controller from Mitel Canada. A security vulnerability exists in Mitel MiVoice Office 400 SMB Controller version 1.2.5.23, which originated from a vulnerability that could allow a malicious attacker to access sensitive information and perform...

CVE-2022-48601

A SQL injection vulnerability exists in the “network print report” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database...

TDengine 输入验证错误漏洞

TDengine is an open source, high performance, cloud-native time series database from TDengine. An input validation error vulnerability exists in versions prior to TDengine 3.0.7.1, which stems from the database crashing on a UDF nested query resulting in a denial of service, allowing an attacker ...

Unprivileged XWiki Platform users can make arbitrary select queries using DatabaseListProperty and suggest.vm

Impact Any user with edit right can execute arbitrary database select and access data stored in the database. To reproduce: In admin, rights, remove scripting rights for XWikiAllGroup. Create a new user without any special privileges. Create a page "Private.WebHome" with TOKEN42 as content. Go to...

CVE-2023-26473

XWiki Platform is a generic wiki platform. Starting in version 1.3-rc-1, any user with edit right can execute arbitrary database select and access data stored in the database. The problem has been patched in XWiki 13.10.11, 14.4.7, and 14.10. There is no workaround for this vulnerability other th...

CVE-2023-26473 XWiki Platform allows unprivileged users to make arbitrary select queries using DatabaseListProperty and suggest.vm

XWiki Platform is a generic wiki platform. Starting in version 1.3-rc-1, any user with edit right can execute arbitrary database select and access data stored in the database. The problem has been patched in XWiki 13.10.11, 14.4.7, and 14.10. There is no workaround for this vulnerability other th...

SUSE CVE-2015-3727

WebKit in Apple Safari before 6.2.7, 7.x before 7.1.7, and 8.x before 8.0.7, as used in Apple iOS before 8.4 and other products, does not properly restrict rename operations on WebSQL tables, which allows remote attackers to access an arbitrary web site's database via a crafted web site...

CVE-2021-36503

SQL injection vulnerability in native-php-cms 1.0 allows remote attackers to run arbitrary SQL commands via the cat parameter to /list.php file...

PbootCMS SQL注入漏洞

PbootCMS is an open source enterprise building content management system CMS using PHP language developed by PbootCMS individual developers. A security vulnerability exists in PbootCMS version 3.0.5. An attacker can exploit the vulnerability to execute arbitrary SQL commands via a specially craft...

CVE-2022-1578

The My wpdb WordPress plugin before 2.5 is missing CSRF check when running SQL queries, which could allow attacker to make a logged in admin run arbitrary SQL query via a CSRF attack...

The vulnerability of the `include/chart_generator.php` script of the Pandora Console component, a monitoring and management system for IT environments in the Pandora FMS framework. This script allows attackers to bypass security restrictions and execute arbitrary SQL code.

The vulnerability of the include/chartgenerator.php implementation of the Pandora Console component in the Pandora FMS monitoring and management system is related to the lack of measures taken to protect the SQL query structure during the processing of the sessionid parameter. Exploiting this...

The vulnerability in the virtual learning environment Moodle, related to insufficient cleaning of user data, allows a hacker to execute arbitrary SQL commands.

The vulnerability in the virtual training environment Moodle is related to insufficient cleaning of user data on the “browse list of users” page of the administration site. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL commands by sending a specially created quer...

Exment SQL注入漏洞

Exment is simple, easy, lightweight and free web database. A security vulnerability exists in Exment PHP8 v5.0.2 and earlier, laravel-admin v3.0.0 and earlier, and exment PHP7 v4.4.2 and earlier, which can be exploited by attackers to execute arbitrary SQL commands...