CVE-2025-23218

WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A SQL Injection vulnerability was identified in the WeGIA application, specifically in the adicionarespecie.php endpoint. This vulnerability allows attackers to execute arbitrary SQL commands ...

Exploit for SQL Injection in Microsoft

CVE-2024-43468 SCCM SQL Injection Exploit mTLS client certs f...

CVE-2023-42243

In Selesta Visual Access Manager 4.42.2, an authenticated user can access the administrative page /common/vamSql.php, which allows for arbitrary SQL queries...

ROS-20250109-04

Vulnerability of the Fields plug-in of the GLPI system of requests, incidents and inventory of computer equipment is related to failure to take measures to protect the SQL query structure. Exploitation of the vulnerability could allow An attacker acting remotely could execute arbitrary SQL code...

WordPress plugin WPMU Prefill Post SQL注入漏洞

WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection vulnerability exists in WordPress plugin WPMU Prefill Post version 1.02 and earlier...

SQL Injection

Django is vulnerable to SQL injection. The vulnerability exists due to the improper handling of untrusted data in the django.db.models.fields.json.HasKey lookup when used with an Oracle database, allowing attackers to execute arbitrary SQL commands...

SQL Injection

github.com/apache/trafficcontrol is vulnerable to SQL Injection. The vulnerability is due to improper input validation in Traffic Ops, allowing a privileged user with roles such as "admin," "federation," "operations," "portal," or "steering" to execute arbitrary SQL queries through...

Trellix Data Loss Prevention SQL注入漏洞

Trellix Data Loss Prevention Trellix DLP is a data loss prevention solution from American FireEye Trellix. It provides a comprehensive scan of inbound and outbound network traffic for all ports, protocols, etc. Trellix Data Loss Prevention Trellix DLP version 11.11.1.3 suffers from a SQL injectio...

CVE-2024-54811

A SQL injection vulnerability in /index.php in PHPGurukul Park Ticketing Management System v1.0 allows an attacker to execute arbitrary SQL commands via the "login" parameter...

CVE-2024-54811

A SQL injection vulnerability in /index.php in PHPGurukul Park Ticketing Management System v1.0 allows an attacker to execute arbitrary SQL commands via the "login" parameter...

CVE-2024-54811

PHPGurukul Park Ticketing Management System v1.0 is affected by a SQL injection in /index.php via the login parameter. Root cause, per connected sources, is lack of input validation/external SQL handling, enabling execution of arbitrary SQL commands. Affected component: /index.php in PHPGurukul P...

CVE-2024-11773

SQL injection in the admin web console of Ivanti CSA before version 5.0.3 allows a remote authenticated attacker with admin privileges to run arbitrary SQL statements...

CVE-2024-11773

SQL injection in the admin web console of Ivanti CSA before version 5.0.3 allows a remote authenticated attacker with admin privileges to run arbitrary SQL statements...

CVE-2024-11773

Ivanti Cloud Security Appliance (CSA) admin web console prior to 5.0.3 is affected by a SQL injection that can be exploited by a remote authenticated attacker with admin privileges to execute arbitrary SQL statements. The issue is confirmed in CVE-2024-11773; affected product/version is CSA befor...

CVE-2024-11773

SQL injection in the admin web console of Ivanti CSA before version 5.0.3 allows a remote authenticated attacker with admin privileges to run arbitrary SQL statements...

CVE-2024-54921

A SQL Injection was found in /studentsignup.php in kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the username, firstname, lastname, and classid parameters...

CVE-2024-54922

CVE-2024-54922 affects Kashipara E-learning Management System v1.0. A SQL Injection vulnerability exists in the web endpoint/workflow involving the file /admin/edit_user.php, impacting input parameters firstname , lastname , and username . The flaw allows remote attackers to execute arbitrary SQL...

CVE-2024-54931

A SQL Injection was found in /admin/deleteevent.php in kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the id parameter...

CVE-2024-54923

A SQL Injection vulnerability was found in /admin/editteacher.php in kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the department parameter...

Astra Linux – Vulnerability in PostgresSQL-15

The Time-of-Check Time-of-Use TOCTOU race condition in pgdump in PostgreSQL allows an object creator to execute arbitrary SQL functions while the user running pgdump is a superuser. The attack involves replacing another relation type with a view or foreign table. The attack requires waiting for...