CVE-2025-8296

SQL injection in Ivanti Avalanche before version 6.4.8.8008 allows a remote authenticated attacker with admin privileges to execute arbitrary SQL queries. In certain conditions, this can also lead to remote code execution...

CVE-2025-52914

A vulnerability in the Suite Applications Services component of Mitel MiCollab 10.0 through SP1 FP1 10.0.1.101 could allow an authenticated attacker to conduct a SQL Injection attack due to insufficient validation of user input. A successful exploit could allow an attacker to execute arbitrary SQ...

UBUNTU-CVE-2025-54119

ADOdb is a PHP database class library that provides abstractions for performing queries and managing databases. In versions 5.22.9 and below, improper escaping of a query parameter may allow an attacker to execute arbitrary SQL statements when the code using ADOdb connects to a sqlite3 database a...

Advantive Veracore < 2025.1.1.3 SQL Injection

Advantive Veracore version prior to 2025.1.1.3 is vulnerable to SQL Injection in timeoutWarning.asp functionality, allowing attackers to execute arbitrary SQL queries via the PmSess1 parameter. No source data...

SQL Injection

eKuiper is vulnerable to SQL Injection. The vulnerability is due to failure to sanitize user-controlled table name input in the getLast API, allowing unauthenticated attackers to execute arbitrary SQL statements...

CVE-2013-10033 Kimai 0.9.2 db_restore.php SQL Injection

An unauthenticated SQL injection vulnerability exists in Kimai version 0.9.2.x via the dbrestore.php endpoint. The flaw allows attackers to inject arbitrary SQL queries into the dates POST parameter, enabling file write via INTO OUTFILE under specific environmental conditions. This can lead to...

RLSA-2024:0974 Important: postgresql:12 security update

PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: non-owner 'REFRESH MATERIALIZED VIEW CONCURRENTLY' executes arbitrary SQL CVE-2024-0985 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and oth...

eKuiper API endpoints handling SQL queries with user-controlled table names.

Summary A critical SQL Injection vulnerability exists in the getLast API functionality of the eKuiper project. This flaw allows unauthenticated remote attackers to execute arbitrary SQL statements on the underlying SQLite database by manipulating the table name input in an API request. Exploitati...

LF Edge eKuiper SQL注入漏洞

LF Edge eKuiper is an edge lightweight IoT data analytics software from LF Edge open source. A SQL injection vulnerability exists in LF Edge eKuiper versions prior to 2.2.1, which stems from a SQL injection vulnerability in the getLast API function that could lead to the execution of arbitrary SQ...

CVE-2025-54294

A SQLi vulnerability in Komento component 4.0.0-4.0.7for Joomla was discovered. The issue allows unprivileged users to execute arbitrary SQL commands...

CVE-2025-54294 Extension - stackideas.com - SQLi vulnerability in Komento component 4.0.0-4.0.7 for Joomla

A SQLi vulnerability in Komento component 4.0.0-4.0.7for Joomla was discovered. The issue allows unprivileged users to execute arbitrary SQL commands...

CVE-2025-50127

CVE-2025-50127 concerns the DJ-Flyer Joomla extension (component DJ-Flyer 1.0–3.2). The issue is a SQL injection vulnerability that allows privileged users to execute arbitrary SQL commands. Root cause is improper input handling in the vulnerable component, enabling crafted queries to reach the d...

SQL Injection

github.com/go-pg/pg is vulnerable to SQL injection. The vulnerability is due to improper handling of input in the /types/appendvalue.go component, which allows an attacker to inject and execute arbitrary SQL commands...

StackIdeas Komento component SQL注入漏洞

StackIdeas Komento component is a commenting plugin from StackIdeas Malaysia. A SQL injection vulnerability exists in StackIdeas Komento component versions 4.0.0-4.0.7, which stems from a SQL injection vulnerability that could lead to the execution of arbitrary SQL commands...

Security Bulletin: Multiple Vulnerabilities Affected for EDB

Summary Multiple Vulnerabilities Affected for EDB has been addressed for EDB PostgreSQL with IBM and EDB Postgres Advanced Server with IBM Vulnerability Details CVEID:CVE-2025-1094 DESCRIPTION: Improper neutralization of quoting syntax in PostgreSQL libpq functions PQescapeLiteral,...

Zoo Management System /admin/index.php File SQL Injection Vulnerability

Zoo Management System is a zoo management system. Zoo Management System suffers from a SQL injection vulnerability that originates from the lack of validation of an externally entered SQL statement in the parameter Username in file /admin/index.php. An attacker can exploit this vulnerability to...

CVE-2025-49484

A SQL injection vulnerability in the JS Jobs plugin versions 1.0.0-1.4.1 for Joomla allows low-privilege users to execute arbitrary SQL commands via the 'cvid' parameter in the employee application feature...

CVE-2025-6718

The B1.lt plugin for WordPress is vulnerable to SQL Injection due to a missing capability check on the b1runquery AJAX action in all versions up to, and including, 2.2.57. This makes it possible for authenticated attackers, with Subscriber-level access and above, to execute and run arbitrary SQL...

CVE-2025-49484

A SQL injection vulnerability in the JS Jobs plugin versions 1.0.0-1.4.1 for Joomla allows low-privilege users to execute arbitrary SQL commands via the 'cvid' parameter in the employee application feature...

CVE-2025-49485

A SQL injection vulnerability in the Balbooa Forms plugin 1.0.0-2.3.1.1 for Joomla allows privileged users to execute arbitrary SQL commands via the 'id' parameter...