PT-2024-2986 · Grafana +1 · Grafana +1

Name of the Vulnerable Software and Affected Versions: Pandora FMS versions 700 through 776 Description: The issue is related to an SQL Injection vulnerability, which allows for improper neutralization of special elements used in an SQL command. This vulnerability affects the Grafana module,...

PT-2023-15866 · Sciencelogic · Sciencelogic Sl1

Name of the Vulnerable Software and Affected Versions: ScienceLogic SL1 affected versions not specified Description: A SQL injection issue exists in the "ticket watchers email" feature, where unsanitized user-controlled input is passed directly to a SQL query, allowing the injection of arbitrary...

CVE-2023-26034 ZoneMinder SQL Injection

ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 are affected by a SQL Injection vulnerability. The blind SQL Injection vulnerability is present within the...

SUSE CVE-2020-2240

A cross-site request forgery CSRF vulnerability in Jenkins database Plugin 1.6 and earlier allows attackers to execute arbitrary SQL scripts...

CVE-2022-45889

Planet eStream before 6.72.10.07 allows a remote attacker who is a publisher or admin to obtain access to all records stored in the database, and achieve the ability to execute arbitrary SQL commands, via Search the StatisticsResults.aspx flt parameter...

The vulnerability of the MTA email message checking module and the file checksum search module of the FortiSandbox threat detection and removal system allows a perpetrator to execute arbitrary SQL code.

The vulnerability of the MTA email message checking module and the file checksum search module of the FortiSandbox threat detection and removal system is related to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute...

CVE-2022-39362 Metabase vulnerable to arbitrary SQL execution from queryhash

Metabase is data visualization software. Prior to versions 0.44.5, 1.44.5, 0.43.7, 1.43.7, 0.42.6, 1.42.6, 0.41.9, and 1.41.9, unsaved SQL queries are auto-executed, which could pose a possible attack vector. This issue is patched in versions 0.44.5, 1.44.5, 0.43.7, 1.43.7, 0.42.6, 1.42.6, 0.41.9...

WUZHI CMS SQL注入漏洞

WUZHI CMS is a PHP and MySQL-based open source content management system CMS from WUZHI. v4.1.0 of WUZHI CMS is vulnerable to SQL injection, which can be exploited to execute arbitrary SQL commands via the $keyValue parameter in /coreframe/app/pay/admin/index.php. parameter in...

postgresql: Autovacuum, REINDEX, and others omit "security restricted operation" sandbox

A flaw was found in PostgreSQL. There is an issue with incomplete efforts to operate safely when a privileged user is maintaining another user's objects. The Autovacuum, REINDEX, CREATE INDEX, REFRESH MATERIALIZED VIEW, CLUSTER, and pgamcheck commands activated relevant protections too late or no...

ED01-CMS SQL注入漏洞

Ed01-Cms is a Cms project in the Udemy course. version 20180505 of ED01-CMS is vulnerable to a SQL injection vulnerability that stems from a lack of validation of externally entered SQL statements in post.php. An attacker could use this vulnerability to execute illegal SQL commands to steal...

Vulnerability fixed in Microsoft Dynamics

A vulnerability has been fixed in Microsoft Dynamics. The vulnerability potentially allows an authenticated user to to execute arbitrary SQL code on the Dynamics database. Microsoft Dynamics: |----------------|------|-------------------------------------| | CVE ID | CVSS | Impact |...

The vulnerability of the SyliusGridBundle e-commerce platform for Symfony applications, related to the lack of protection for SQL query structures, allows attackers to execute arbitrary SQL queries.

The vulnerability of the SyliusGridBundle e-commerce platform for Symfony applications is related to the lack of protective measures for SQL query structures. Exploiting this vulnerability allows an attacker to execute arbitrary SQL queries remotely...

cyrus-sasl: failure to properly escape SQL input allows an attacker to execute arbitrary SQL commands

A flaw was found in the SQL plugin shipped with Cyrus SASL. The vulnerability occurs due to failure to properly escape SQL input and leads to an improper input validation vulnerability. This flaw allows an attacker to execute arbitrary SQL commands and the ability to change the passwords for othe...

CLSA-2022-1646061219 Fixed CVE-2022-24407 in cyrus-sasl

CVE-2022-24407: Fix failure to properly escape SQL input allows an attacker to execute arbitrary SQL commands...

CVE-2021-41659

SQL injection vulnerability in Sourcecodester Banking System v1 by oretnom23, allows attackers to execute arbitrary SQL commands via the username or password field...

Online Reviewer System SQL注入漏洞

Online Reviewer System is a software application. An Online Reviewer System. A SQL injection vulnerability exists in Online Reviewer System, which originates from the product's password parameter not effectively filtering user input data for special characters. The vulnerability can be exploited ...

The vulnerability of the information system openSIS, related to the failure to protect the SQL query structure, allows a perpetrator to execute arbitrary SQL queries.

The vulnerability of the information system openSIS is related to the failure to implement measures to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL queries using the NamesList.php parameter...

The vulnerability of the information system openSIS, related to the failure to protect the SQL query structure, allows a perpetrator to execute arbitrary SQL queries.

The vulnerability of the information system openSIS is related to the failure to implement measures to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL queries using the ResetUserInfo.php passwordstnid parameter...

CVE-2021-40842

Proofpoint Insider Threat Management Server contains a SQL injection vulnerability in the Web Console. The vulnerability exists due to improper input validation on the database name parameter required in certain unauthenticated APIs. A malicious URL visited by anyone with network access to the...

The vulnerability of the software for selling tickets at theme parks, the Theme Park Ticketing System, arises from the lack of measures taken to protect the SQL query structure. This allows a hacker to execute arbitrary SQL code.

The vulnerability of the software for selling tickets at theme parks, the Theme Park Ticketing System, is related to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL code by executing the viewuser.php...