13181 matches found
Sql injection
SQL Injection vulnerability in add.php in Simple CRUD Functionality v1.0 allows attackers to run arbitrary SQL commands via the 'title' parameter...
The vulnerability of Fortinet FortiWLM, a centralized management system for WLAN access points and LAN switches, stems from the lack of protective measures for the SQL query structure. This allows attackers to execute arbitrary SQL queries against the database.
The vulnerability of Fortinet FortiWLM, a centralized management system for WLAN access points and LAN switches, relates to the lack of security measures for the SQL query structure. Exploiting this vulnerability allows an attacker to execute arbitrary SQL queries against the database remotely...
CVE-2023-48078
SQL Injection vulnerability in add.php in Simple CRUD Functionality v1.0 allows attackers to run arbitrary SQL commands via the 'title' parameter...
Pimcore SQL Injection in Admin Grid Filter API through Multiselect::getFilterConditionExt()
Summary User input passed directly into an SQL statement allows non-admin backend users to execute arbitrary SQL statements. Details The /admin/object/grid-proxy endpoint calls getFilterCondition on fields of classes to be filtered for at...
GHSA-72HH-XF79-429P Pimcore SQL Injection in Admin Grid Filter API through Multiselect::getFilterConditionExt()
Summary User input passed directly into an SQL statement allows non-admin backend users to execute arbitrary SQL statements. Details The /admin/object/grid-proxy endpoint calls getFilterCondition on fields of classes to be filtered for at...
CVE-2023-46024
SQL Injection vulnerability in index.php in phpgurukul Teacher Subject Allocation Management System 1.0 allows attackers to run arbitrary SQL commands and obtain sensitive information via the 'searchdata' parameter...
CVE-2023-46022
SQL Injection vulnerability in delete.php in Code-Projects Blood Bank 1.0 allows attackers to run arbitrary SQL commands via the 'bid' parameter...
CVE-2023-46017
SQL Injection vulnerability in receiverLogin.php in Code-Projects Blood Bank 1.0 allows attackers to run arbitrary SQL commands via 'remail' and 'rpassword' parameters...
CVE-2023-46017
SQL Injection vulnerability in receiverLogin.php in Code-Projects Blood Bank 1.0 allows attackers to run arbitrary SQL commands via 'remail' and 'rpassword' parameters...
CVE-2023-46018
SQL injection vulnerability in receiverReg.php in Code-Projects Blood Bank 1.0 \allows attackers to run arbitrary SQL commands via 'remail' parameter...
Sql injection
SQL Injection vulnerability in hospitalLogin.php in Code-Projects Blood Bank 1.0 allows attackers to run arbitrary SQL commands via 'hemail' and 'hpassword' parameters...
Sql injection
SQL injection vulnerability in receiverReg.php in Code-Projects Blood Bank 1.0 \allows attackers to run arbitrary SQL commands via 'remail' parameter...
CVE-2023-46018
SQL injection vulnerability in receiverReg.php in Code-Projects Blood Bank 1.0 \allows attackers to run arbitrary SQL commands via 'remail' parameter...
Sql injection
An issue was discovered in Spiceworks Help Desk Server before 1.3.3. A Blind Boolean SQL injection vulnerability within the orderbyforticket function in app/models/reporting/databasequery.rb allows an authenticated attacker to execute arbitrary SQL commands via the sort parameter. This can be...
Rocky Linux 8 : postgresql:10 (RLSA-2022:4805)
The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2022:4805 advisory. - A flaw was found in PostgreSQL. There is an issue with incomplete efforts to operate safely when a privileged user is maintaining another user's objects. The...
Rocky Linux 8 : postgresql:12 (RLSA-2022:4807)
The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2022:4807 advisory. - A flaw was found in PostgreSQL. There is an issue with incomplete efforts to operate safely when a privileged user is maintaining another user's objects. The...
PT-2023-20647 · Unknown · Imageconverter Service
Name of the Vulnerable Software and Affected Versions: imageconverter service affected versions not specified Description: The issue allows requests to fetch image metadata to be abused, including SQL queries that would be executed unchecked. This requires at least access to adjacent networks of...
SQL Injection
github.com/flyteorg/flyteadmin is vulnerable to SQL Injection. The vulnerability exists because the custom sql statements are not properly handled which allows an attacker to inject and execute arbitrary sql queries...
CVE-2023-34210
SQL Injection in create customer group function in EasyUse MailHunter Ultimate 2023 and earlier allow remote authenticated users to execute arbitrary SQL commands via the ctl00$ContentPlaceHolder1$txtCustSQL parameter...
Sql injection
SQL Injection in create customer group function in EasyUse MailHunter Ultimate 2023 and earlier allow remote authenticated users to execute arbitrary SQL commands via the ctl00$ContentPlaceHolder1$txtCustSQL parameter...