204 matches found
PostgreSQL SQL Injection Vulnerability
PostgreSQL is a free object-relational database management system from the PostgreSQL organization. The system supports most of the SQL standards and provides many other features, such as foreign keys, triggers, views, and so on. A SQL injection vulnerability exists in PostgreSQL versions 9.4...
SaltStack Salt MySQL Module SQL Injection Vulnerability
SaltStack Salt is a set of open source tools for managing infrastructure from SaltStack. The tool provides configuration management, remote execution, and more. A SQL injection vulnerability exists in the SaltStack Salt MySQL module. The vulnerability stems from a lack of validation of externally...
Harmis JE Messenger Component SQL Injection Vulnerability in Joomla!
Joomla! is an open source, cross-platform content management system CMS developed by the Open Source Matters team in the United States using PHP and MySQL. Harmis JE Messenger component is used in one of the personal messaging components, which supports incoming and outgoing e-mail and online...
CVE-2019-9204
SQL injection vulnerability in Nagios IM component of Nagios XI before 2.2.7 allows attackers to execute arbitrary SQL commands...
youke365 SQL Injection Vulnerability
youke365 is an open source navigation management system. The admin/login.html page in version 1.1.5 of youke365 suffers from a SQL injection vulnerability that can be exploited by remote attackers to execute arbitrary SQL commands...
Wordpress Arigato Autoresponder and Newsletter SQL Injection Vulnerability
WordPress is a blogging platform developed by the WordPress Software Foundation using the PHP language, which supports personal blog sites on PHP and MySQL servers.Arigato Autoresponder and Newsletter is an autoresponder plugin that is used in... A SQL injection vulnerability exists in Wordpress...
Multiple Vulnerabilities in MySQL Smart Reports 'id'
MySQL Smart Reports is a complete solution for generating reports using existing MySQL databases. An attacker can exploit this vulnerability to execute arbitrary SQL commands. A SQL injection and cross-site scripting vulnerability exists in MySQL Smart Reports 'id'. An attacker can exploit this...
MySQL Blob Uploader 'home-filet-edit.php' SQL Injection Vulnerability
MySQL Blob Uploader is a database file upload script. MySQL Blob Uploader 'home-filet-edit.php' suffers from a SQL injection vulnerability that can be exploited by an attacker to execute arbitrary SQL commands...
GxlcmsQY Arbitrary PHP Code Execution Vulnerability
Gxlcms QY is an enterprise website creation system. A security vulnerability exists in the 'upsql' function in the \Lib\Lib\Action\Admin\DataAction.class.php file in Gxlcms QY version 1.0.0713. A remote attacker can exploit this vulnerability by executing arbitrary SQL statements with the help of...
WordPress wordpress-gallery-transformation SQL Injection Vulnerability
WordPress wordpress-gallery-transformation is a website wallpaper plugin for WordPress. WordPress wordpress-gallery-transformation version 1.0 in . /wordpress-gallery-transformation/gallery.php in version 1.0 contains a SQL injection vulnerability that stems from the program failing to filter the...
ThinkPHP5 PDO Authenticity Preprocessing suffers from SQL Injection Vulnerability
ThinkPHP V5.0 is a high-performance framework designed for API development. A SQL injection vulnerability exists in ThinkPHP5 PDO authenticity preprocessing. The vulnerability is caused by controlling the value position of the in statement, i.e. by passing in an array, leading to a SQL injection...
SQL Injection
Moodle is vulnerable to SQL injection attacks. The library does not sanitize form data, allowing a malicious user can inject and execute arbitrary SQL...
WordPress Mail Masta plugin SQL injection vulnerability (CNVD-2017-02638)
WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language, the platform supports personal blog sites set up on PHP and MySQL servers.Mail Masta aka mail-masta is one of the email plug-ins. WordPress Mail Masta plugin version 1.0 in...
IBM BigFix Remote Control SQL Injection Vulnerability
IBM BigFix Remote Control is a set of remote control systems from IBM in the United States. A SQL injection vulnerability exists in IBM BigFix Remote Control 9.1.2 and earlier versions. An attacker can exploit this vulnerability to execute arbitrary SQL commands...
Symphony CMS SQL Injection Vulnerability
Symphony is a content management system CMS developed using PHP MySQL. Symphony suffers from a SQL injection vulnerability because the program fails to adequately validate the 'fieldsusername', 'actionsave', and 'fieldsemail' parameters can be exploited to execute arbitrary SQL code in the...
Drupal 7.x < 7.32 SQLi
The remote web server is running a version of Drupal that is 7.x prior to 7.32. It is, therefore, potentially affected by a SQL injection vulnerability due to a flaw in the Drupal database abstraction API, which allows a remote attacker to use specially crafted requests that can result in arbitra...
drupal7 -- SQL injection
Drupal Security Team reports: Drupal 7 includes a database abstraction API to ensure that queries executed against the database are sanitized to prevent SQL injection attacks. A vulnerability in this API allows an attacker to send specially crafted requests resulting in arbitrary SQL execution...
UBUNTU-CVE-2014-5262
SQL injection vulnerability in the graph settings script graphsettings.php in Cacti 0.8.8b and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors...
CVE-2010-5021
SQL injection vulnerability in viewgroup.asp in Digital Interchange Document Library 5.8.5 allows remote attackers to execute arbitrary SQL commands via the intGroupID parameter...
CVE-2011-1686
Multiple SQL injection vulnerabilities in Best Practical Solutions RT 2.0.0 through 3.6.10, 3.8.0 through 3.8.9, and 4.0.0rc through 4.0.0rc7 allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors, as demonstrated by reading data...