Lucene search
K

73 matches found

BDU FSTEC
BDU FSTEC
added 2023/08/07 12:0 a.m.7 views

The vulnerability of the web platform used for creating ZKBio Access lVS control and access management systems lies in the lack of measures taken to protect the SQL query structure, allowing attackers to execute arbitrary SQL code.

The vulnerability of the web platform used for creating ZKBio Access lVS access control and management systems is related to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL code remotely...

10CVSS8.2AI score0.00504EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2023/06/05 12:0 a.m.7 views

The vulnerability of the EaseProbe tool for checking functionality/status involves a lack of measures to protect the SQL query structure, allowing attackers to execute arbitrary SQL code.

The vulnerability of the EaseProbe tool for checking functionality/status involves a lack of measures taken to protect the SQL query structure during data processing in MySQL/PostgreSQL databases. Exploiting this vulnerability allows attackers to execute arbitrary SQL code...

8.2CVSS8.4AI score0.00652EPSS
Exploits0References7Affected Software1
OSV
OSV
added 2023/03/03 10:46 p.m.52 views

GHSA-VPX4-7RFP-H545 Unprivileged XWiki Platform users can make arbitrary select queries using DatabaseListProperty and suggest.vm

Impact Any user with edit right can execute arbitrary database select and access data stored in the database. To reproduce: In admin, rights, remove scripting rights for XWikiAllGroup. Create a new user without any special privileges. Create a page "Private.WebHome" with TOKEN42 as content. Go to...

6.5CVSS6.4AI score0.00637EPSS
Exploits1References4
Huntr
Huntr
added 2023/01/15 2:9 p.m.35 views

SQL injection in API authorization check

Description TeamPass /authorize API endpoint is vulnerable to SQL injection in the login field. It is possible to forge an arbitrary Blowfish hash and use it in the query to bypass the password verification check. Using the same query it is possible to define an arbitrary apikey value too: "login...

5CVSS8.2AI score0.08354EPSS
Exploits6
Github Security Blog
Github Security Blog
added 2023/01/13 9:28 p.m.32 views

org.neo4j.procedure:apoc Path Traversal Vulnerability

Impact A Path Traversal Vulnerability found in the apoc.export. procedures of apoc plugins in Neo4j Graph database. The issue allows a malicious actor to potentially break out of the expected directory. The vulnerability is such that files could only be created but not overwritten. For the...

7.1CVSS3.3AI score0.00658EPSS
Exploits0References4Affected Software1
BDU FSTEC
BDU FSTEC
added 2022/03/28 12:0 a.m.8 views

The vulnerability of the SAP S/4HANA software platform and the DMIS Mobile Plug-In import control server lies in the lack of protective measures for the SQL query structure, allowing attackers to execute arbitrary SQL queries.

The vulnerability of the SAP S/4HANA software platform and the DMIS Mobile Plug-In import control server is related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL queries remotely...

9.1CVSS8.1AI score0.02077EPSS
Exploits5References8Affected Software2
BDU FSTEC
BDU FSTEC
added 2022/03/04 12:0 a.m.11 views

The vulnerability of the downloadLogFiles function in the industrial food industry management server application AK-EM 800 allows a hacker to execute arbitrary SQL queries.

The vulnerability of the downloadLogFiles function in the industrial food industry management server application AK-EM 800 relates to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows an attacker to execute arbitrary SQL queries through the...

9.4CVSS6AI score
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2022/01/24 12:0 a.m.21 views

Banking System SQL注入漏洞

Banking System is a simple banking system project by Carlo Montero's personal developer. It is used to manage bank customers' accounts and process basic customer transactions. A security vulnerability exists in Banking System that originates from allowing arbitrary SQL commands to be executed via...

9.8CVSS8.6AI score0.01254EPSS
Exploits1References2
BDU FSTEC
BDU FSTEC
added 2021/10/27 12:0 a.m.5 views

The vulnerability of the information system openSIS, related to the failure to protect the SQL query structure, allows a perpetrator to execute arbitrary SQL queries.

The vulnerability of the information system openSIS is related to the failure to implement measures to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL queries using the username parameter...

10CVSS8.2AI score0.03604EPSS
Exploits1References5Affected Software1
BDU FSTEC
BDU FSTEC
added 2021/09/17 12:0 a.m.9 views

The vulnerability of the export report function implementation in Centreon software for IT infrastructure monitoring allows a hacker to execute arbitrary SQL commands.

The vulnerability of the software’s reporting export function for IT infrastructure monitoring in Centreon relates to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL commands using the script...

8.5CVSS8.1AI score0.29424EPSS
Exploits1References4Affected Software1
NVD
NVD
added 2021/07/26 6:15 p.m.19 views

CVE-2021-37473

In NavigateCMS version 2.9.4 and below, function in product.php is vulnerable to sql injection on parameter products-order through a post request, which results in arbitrary sql query execution in the backend database...

9.8CVSS0.02162EPSS
Exploits1References3
NVD
NVD
added 2021/07/26 6:15 p.m.20 views

CVE-2021-37476

In NavigateCMS version 2.9.4 and below, function in product.php is vulnerable to sql injection on parameter id through a post request, which results in arbitrary sql query execution in the backend database...

9.8CVSS0.02162EPSS
Exploits1References3
NVD
NVD
added 2021/07/26 6:15 p.m.17 views

CVE-2021-37478

In NavigateCMS version 2.9.4 and below, function block is vulnerable to sql injection on parameter block-order, which results in arbitrary sql query execution in the backend database...

9.8CVSS0.02162EPSS
Exploits1References3
OSV
OSV
added 2021/07/26 6:15 p.m.5 views

CVE-2021-37478

In NavigateCMS version 2.9.4 and below, function block is vulnerable to sql injection on parameter block-order, which results in arbitrary sql query execution in the backend database...

9.8CVSS6AI score0.02162EPSS
Exploits1References3
OSV
OSV
added 2021/07/26 6:15 p.m.6 views

CVE-2021-37477

In NavigateCMS version 2.9.4 and below, function in structure.php is vulnerable to sql injection on parameter childrenorder, which results in arbitrary sql query execution in the backend database...

9.8CVSS6AI score0.02162EPSS
Exploits1References3
NVD
NVD
added 2021/07/26 6:15 p.m.18 views

CVE-2021-37475

In NavigateCMS version 2.9.4 and below, function in templates.php is vulnerable to sql injection on parameter template-properties-order, which results in arbitrary sql query execution in the backend database...

9.8CVSS0.02483EPSS
Exploits1References3
Prion
Prion
added 2021/07/26 6:15 p.m.12 views

Sql injection

In NavigateCMS version 2.9.4 and below, function in product.php is vulnerable to sql injection on parameter id through a post request, which results in arbitrary sql query execution in the backend database...

7.5CVSS9.5AI score0.02162EPSS
Exploits1References3Affected Software1
Prion
Prion
added 2021/07/26 6:15 p.m.14 views

Sql injection

In NavigateCMS version 2.9.4 and below, function in structure.php is vulnerable to sql injection on parameter childrenorder, which results in arbitrary sql query execution in the backend database...

7.5CVSS9.5AI score0.02162EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2021/07/26 5:17 p.m.23 views

CVE-2021-37477

In NavigateCMS version 2.9.4 and below, function in structure.php is vulnerable to sql injection on parameter childrenorder, which results in arbitrary sql query execution in the backend database...

9.8AI score0.02162EPSS
Exploits1References3
Cvelist
Cvelist
added 2021/07/26 5:15 p.m.22 views

CVE-2021-37475

In NavigateCMS version 2.9.4 and below, function in templates.php is vulnerable to sql injection on parameter template-properties-order, which results in arbitrary sql query execution in the backend database...

9.8AI score0.02483EPSS
Exploits1References3
Rows per page
Query Builder