41 matches found
CVE-2022-43437
The Download function’s parameter of EasyTest has insufficient validation for user input. A remote attacker authenticated as a general user can inject arbitrary SQL command to access, modify or delete database...
CVE-2022-39056 Changing Information Technology Inc. RAVA certificate validation system - SQL Injection
RAVA certificate validation system has insufficient validation for user input. An unauthenticated remote attacker can inject arbitrary SQL command to access, modify and delete database...
CVE-2021-41965
A SQL injection vulnerability exists in ChurchCRM version 2.0.0 to 4.4.5 that allows an authenticated attacker to issue an arbitrary SQL command to the database through the unsanitized ENtyid, theID and EID fields used when an Edit action on an existing record is being performed...
Sql injection
Improper neutralization of special elements used in an SQL command 'SQL Injection' vulnerability in PHP component in Synology Photo Station before 6.8.14-3500 allows remote authenticated users to execute arbitrary SQL command via unspecified vectors...
EulerOS 2.0 SP8 : postgresql (EulerOS-SA-2020-2156)
According to the versions of the postgresql packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - It was found that PostgreSQL versions before 12.4, before 11.9 and before 10.14 did not properly sanitize the searchpath during logical...
CVE-2020-14349
A flaw was found in PostgreSQL, where it did not properly sanitize the searchpath during logical replication. This flaw allows an authenticated attacker to use this flaw in an attack similar to CVE-2018-1058 to execute an arbitrary SQL command in the user's context for replication. The highest...
CVE-2020-3936 Unisoon UltraLog Express - SQL Injection
UltraLog Express device management interface does not properly filter user inputted string in some specific parameters, attackers can inject arbitrary SQL command...
CVE-2020-3936 Unisoon UltraLog Express - SQL Injection
UltraLog Express device management interface does not properly filter user inputted string in some specific parameters, attackers can inject arbitrary SQL command...
JVN#14776551: Multiple vulnerabilities in WordPress Plugin "wpDataTables Lite"
WordPress Plugin "wpDataTables Lite" provided by TMS-Plugins contains multiple vulnerabilities listed below. Cross-site Scripting CWE-79 - CVE-2019-6011 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N| Base Score: 6.1 CVSS v2| AV:N/AC:H/Au:N/C:N/I:P/A:N|...
CVE-2019-11821
Synology Photo Station is affected by a SQL injection in synophoto_csPhotoDB.php. The issue allows remote execution of arbitrary SQL commands via the type parameter and affects versions prior to 6.8.11-3489 and prior to 6.3-2977. Root cause: lack of validation of externally supplied SQL statement...
Sql injection
joyplus-cms 1.6.0 allows Remote Code Execution because of an Arbitrary SQL command execution issue in manager/index.php involving use of a "/!select/" substring in place of a select substring...
CVE-2018-12039
Joyplus-CMS version 1.6.0 is affected by a Remote Code Execution vulnerability in manager/index.php caused by an Arbitrary SQL command execution issue that relies on using a "/!select/" substring in place of a select substring. This is documented across multiple sources (NVD/Red Hat/CNVD) and ind...
JVN#70490316: DBD::PgPP vulnerable to SQL injection
DBD::PgPP is a pure-Perl client interface for the PostgreSQL database. DBD::PgPP contains a SQL injection vulnerability. Impact If DBD::PgPP is used in a program, a remote attacker may execute an arbitrary SQL command. Solution Update the software Update to the latest version according to the...
CVE-2010-4639
CVE-2010-4639 corresponds to a SQL injection vulnerability in the MySource Matrix product, specifically in index.php where the id parameter can be manipulated to execute arbitrary SQL commands remotely. The entry has a CVSS v2 base score of 7.5 (HIGH) with network attack vector, low complexity, a...
Sql injection
SQL injection vulnerability in admin/index.php in Dragan Mitic Apoll 0.7 beta and 0.7.5 allows remote attackers to execute arbitrary SQL command via the pass parameter...
CVE-2008-6270
SQL injection vulnerability in admin/index.php in Dragan Mitic Apoll 0.7 beta and 0.7.5 allows remote attackers to execute arbitrary SQL command via the user parameter...
Sql injection
SQL injection vulnerability in admin/index.php in Dragan Mitic Apoll 0.7 beta and 0.7.5 allows remote attackers to execute arbitrary SQL command via the user parameter...
CVE-2008-6270
SQL injection vulnerability in admin/index.php in Dragan Mitic Apoll 0.7 beta and 0.7.5 allows remote attackers to execute arbitrary SQL command via the user parameter...
Multiple Vulnerabilities: LedgerSMB < 1.2.15
Multiple vulnerabilities: LedgerSMB Synopsis: Two vulnerabilities announced in LedgerSMB for versions prior to 1.2.15 Status: Corrected in version 1.2.15 and later vendor fix available. Impact: Resource exhaustion on server, arbitrary SQL command execution. Other software affected: SQL-Ledger, al...
Sql injection
Multiple SQL injection vulnerabilities in RI Blog 1.1 allow remote attackers to execute arbitrary SQL command via the 1 username or 2 password fields...