13181 matches found
Sql injection
A SQL injection vulnerability in Mybatis plus below 3.5.3.1 allows remote attackers to execute arbitrary SQL commands via the tenant ID valuer...
CVE-2023-25330
A SQL injection vulnerability in Mybatis plus below 3.5.3.1 allows remote attackers to execute arbitrary SQL commands via the tenant ID valuer. NOTE: the vendor's position is that this can only occur in a misconfigured application; the documentation discusses how to develop applications that avoi...
CVE-2023-25330
A SQL injection vulnerability in Mybatis plus below 3.5.3.1 allows remote attackers to execute arbitrary SQL commands via the tenant ID valuer. NOTE: the vendor's position is that this can only occur in a misconfigured application; the documentation discusses how to develop applications that avoi...
Online Graduate Tracer System - Multiple SQL injection Vulnerabilities
A Blind SQL injection vulnerability in the fill-in forms of Online Graduate Tracer System allows remote unauthenticated attackers to execute remote arbitrary SQL commands through "age" parameter. Description A Blind SQL injection vulnerability in the fill-in forms of Online Graduate Tracer System...
CVE-2023-28424 Soko SQL Injection vulnerability
Soko if the code that powers packages.gentoo.org. Prior to version 1.0.2, the two package search handlers, Search and SearchFeed, implemented in pkg/app/handler/packages/search.go, are affected by a SQL injection via the q parameter. As a result, unauthenticated attackers can execute arbitrary SQ...
CVE-2023-28424 Soko SQL Injection vulnerability
Soko if the code that powers packages.gentoo.org. Prior to version 1.0.2, the two package search handlers, Search and SearchFeed, implemented in pkg/app/handler/packages/search.go, are affected by a SQL injection via the q parameter. As a result, unauthenticated attackers can execute arbitrary SQ...
CVE-2023-27463
A vulnerability has been identified in RUGGEDCOM CROSSBOW All versions V5.3. The audit log form of affected applications is vulnerable to SQL injection. This could allow authenticated remote attackers to execute arbitrary SQL queries on the server database...
HackerOne: SQL Injection in CVE Discovery Search
Unsanitized user-controlled inputs in the CVE Discovery Search allowed for SQL injection, which could lead to the disclosure of data in the Analytics Database, including report, team, and asset data...
The vulnerability of the microprogrammed network interface controllers from SonicWall, models SMA 210, SMA 410, SMA 500v, allows attackers to execute arbitrary SQL queries.
The vulnerability of SonicWall’s SMA 210, SMA 410, and SMA 500v network firewall microprogramming systems lies in the lack of security measures for handling SQL query structures. Exploiting this vulnerability allows an attacker to execute arbitrary SQL queries remotely...
CVE-2023-26037
ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 contain an SQL Injection. The minTime and maxTime request parameters are not properly validated and could be used execute...
CVE-2023-26037 ZoneMinder contains SQL Injection via report_event_audit
ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 contain an SQL Injection. The minTime and maxTime request parameters are not properly validated and could be used execute...
CVE-2023-26037
ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 contain an SQL Injection. The minTime and maxTime request parameters are not properly validated and could be used execute...
CVE-2023-26032
ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 contain SQL Injection via malicious jason web token. The Username field of the JWT token was trusted when performing an SQL...
CVE-2023-26034
ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 are affected by a SQL Injection vulnerability. The blind SQL Injection vulnerability is present within the...
CVE-2023-26034 ZoneMinder SQL Injection
ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 are affected by a SQL Injection vulnerability. The blind SQL Injection vulnerability is present within the...
CVE-2023-26550
A SQL injection vulnerability in BMC Control-M before 9.0.20.214 allows attackers to execute arbitrary SQL commands via the memname JSON field...
CVE-2023-26550
CVE-2023-26550 affects BMC Control-M prior to 9.0.20.214. The vulnerability is a SQL injection in the memname JSON field that allows an attacker to execute arbitrary SQL commands. The issue is documented with a high severity (CVSS v3.1: 9.8/CRITICAL, network vector, no user interaction, no privil...
CVE-2023-25813 SQL Injection via replacements in sequelize
Sequelize is a Node.js ORM tool. In versions prior to 6.19.1 a SQL injection exploit exists related to replacements. Parameters which are passed through replacements are not properly escaped which can lead to arbitrary SQL injection depending on the specific queries in use. The issue has been fix...
K43254923: Apache Ranger vulnerability CVE-2016-2174
Security Advisory Description SQL injection vulnerability in the policy admin tool in Apache Ranger before 0.5.3 allows remote authenticated administrators to execute arbitrary SQL commands via the eventTime parameter to service/plugins/policies/eventTime. CVE-2016-2174 Impact There is no impact;...
SQL Injection
webbuilders-group/silverstripe-kapost-bridge is vulnerable to SQL Injection. The vulnerability exists due to the improper sanitization in the database and table name designer feature allowing an attacker to submit arbitrary SQL query’s, resulting in Information Disclosure...