13181 matches found
ALPINE-CVE-2024-7348
Time-of-check Time-of-use TOCTOU race condition in pgdump in PostgreSQL allows an object creator to execute arbitrary SQL functions as the user running pgdump, which is often a superuser. The attack involves replacing another relation type with a view or foreign table. The attack requires waiting...
AZL-47636 CVE-2024-7348 affecting package postgresql for versions less than 16.4-1
Time-of-check Time-of-use TOCTOU race condition in pgdump in PostgreSQL allows an object creator to execute arbitrary SQL functions as the user running pgdump, which is often a superuser. The attack involves replacing another relation type with a view or foreign table. The attack requires waiting...
DEBIAN-CVE-2024-7348
Time-of-check Time-of-use TOCTOU race condition in pgdump in PostgreSQL allows an object creator to execute arbitrary SQL functions as the user running pgdump, which is often a superuser. The attack involves replacing another relation type with a view or foreign table. The attack requires waiting...
UBUNTU-CVE-2024-7348
Time-of-check Time-of-use TOCTOU race condition in pgdump in PostgreSQL allows an object creator to execute arbitrary SQL functions as the user running pgdump, which is often a superuser. The attack involves replacing another relation type with a view or foreign table. The attack requires waiting...
CVE-2024-7348 PostgreSQL relation replacement during pg_dump executes arbitrary SQL
Time-of-check Time-of-use TOCTOU race condition in pgdump in PostgreSQL allows an object creator to execute arbitrary SQL functions as the user running pgdump, which is often a superuser. The attack involves replacing another relation type with a view or foreign table. The attack requires waiting...
CVE-2024-7348 PostgreSQL relation replacement during pg_dump executes arbitrary SQL
Time-of-check Time-of-use TOCTOU race condition in pgdump in PostgreSQL allows an object creator to execute arbitrary SQL functions as the user running pgdump, which is often a superuser. The attack involves replacing another relation type with a view or foreign table. The attack requires waiting...
CVE-2024-40486
A SQL injection vulnerability in "/index.php" of Kashipara Live Membership System v1.0 allows remote attackers to execute arbitrary SQL commands and bypass Login via the email or password Login parameters...
PT-2024-28871 · Unknown · Kashipara Live Membership System
Name of the Vulnerable Software and Affected Versions: Kashipara Live Membership System version 1.0 Description: A SQL injection vulnerability in the "/index.php" page of Kashipara Live Membership System allows remote attackers to execute arbitrary SQL commands and bypass login via the email or...
CVE-2024-40486
A SQL injection vulnerability in "/index.php" of Kashipara Live Membership System v1.0 allows remote attackers to execute arbitrary SQL commands and bypass Login via the email or password Login parameters...
CVE-2024-28297
SQL injection vulnerability in AzureSoft MyHorus 4.3.5 allows authenticated users to execute arbitrary SQL commands via unspecified vectors...
CVE-2024-28298
SQL injection vulnerability in BM SOFT BMPlanning 1.0.0.1 allows authenticated users to execute arbitrary SQL commands via the SECIDF, LIEIDF, PLANFIDF, CLIIDF, DOSIDF, and possibly other parameters to /BMServerR.dll/BMRest...
CVE-2024-28298
SQL injection vulnerability in BM SOFT BMPlanning 1.0.0.1 allows authenticated users to execute arbitrary SQL commands via the SECIDF, LIEIDF, PLANFIDF, CLIIDF, DOSIDF, and possibly other parameters to /BMServerR.dll/BMRest...
AzureSoft MyHorus 安全漏洞
AzureSoft MyHorus is a global supervisory system from AzureSoft, Inc. A security vulnerability exists in AzureSoft MyHorus version 4.3.5 that stems from the presence of a SQL injection vulnerability that allows an authenticated user to execute arbitrary SQL commands via an unspecified vector...
CVE-2024-28298
CVE-2024-28298 is a SQL injection vulnerability in BM SOFT BMPlanning 1.0.0.1. Authenticated users can pass crafted values to /BMServerR.dll/BMRest via parameters such as SEC_IDF, LIE_IDF, PLANF_IDF, CLI_IDF, and DOS_IDF to execute arbitrary SQL commands. Public references (NVD/Red Hat/CVE record...
The vulnerability of the setgeneral.php file in the Tailoring Management System (TMS) allows a hacker to execute arbitrary SQL code, gain unauthorized access to read, modify, or delete data, or cause service interruptions.
The vulnerability of the setgeneral.php file in the Tailoring Management System TMS involves a lack of security measures for the SQL query structure. Exploiting this vulnerability allows an attacker to execute arbitrary SQL code, gain unauthorized access to read, modify, or delete data, or cause ...
Learning Management System SQL Injection Vulnerability (CNVD-2024-35193)
Learning Management System is itsourcecode open source a learning management system . Learning Management System version 1.0 suffers from a SQL injection vulnerability , the vulnerability stems from the application lack of validation of external input SQL statements . Attackers can use this...
Payroll Management System SQL Injection Vulnerability
Payroll Management System is a payroll management system. A SQL injection vulnerability exists in Payroll Management System version 1.0, which stems from the application's lack of validation of externally entered SQL statements. A remote attacker can exploit this vulnerability to execute arbitrar...
SQL Injection
zendframework/zendframework1 is vulnerable to SQL Injection. The vulnerability is due to the improper handling of SQL expressions and comments in the ORDER BY and GROUP BY clauses. Attackers can exploit this vulnerability by injecting malicious SQL code that can alter the intended SQL query and...
CVE-2024-37871
SQL injection vulnerability in login.php in Itsourcecode Online Discussion Forum Project in PHP with Source Code 1.0 allows remote attackers to execute arbitrary SQL commands via the email parameter...
CVE-2024-37873
SQL injection vulnerability in viewpayslip.php in Itsourcecode Payroll Management System Project In PHP With Source Code 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter...