ROS-20231009-03

PostgreSQL database management system vulnerability is related to the possibility of SQL injection in extensions, that use quoting constructs @extowner@, @extschema@, or @extschema:...@ inside parentheses dollar quoting, '', or "". Exploitation of the vulnerability could allow an attacker acting...

SQL Injection

webbuilders-group/silverstripe-kapost-bridge is vulnerable to SQL Injection. The vulnerability exists due to the improper sanitization in the database and table name designer feature allowing an attacker to submit arbitrary SQL query’s, resulting in Information Disclosure...

My wpdb < 2.5 - Arbitrary SQL Query via CSRF

The plugin is missing CSRF check when running SQL queries, which could allow attacker to make a logged in admin run arbitrary SQL query via a CSRF attack document.getElementById"test".submit;...

Mango Automation 2.6.0 SQL Query Cross Site Request Forgery

Mango Automation 2.6.0 CSRF Arbitrary SQL Query Execution Vendor: Infinite Automation Systems Inc. Product web page: http://www.infiniteautomation.com/ Affected version: 2.5.2 and 2.6.0 beta build 327 Summary: Mango Automation is a flexible SCADA, HMI And Automation software application that allo...

PostgreSQL Denial of Service Vulnerability (Apr 2013) - Windows

PostgreSQL is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...