13181 matches found
PyWebDAV SQL Injection vulnerability
Multiple SQL injection vulnerabilities in the getuserinfo method in the MySQLAuthHandler class in DAVServer/mysqlauth.py in PyWebDAV before 0.9.4.1 allow remote attackers to execute arbitrary SQL commands via the 1 user or 2 pw argument. NOTE: some of these details are obtained from third party...
GHSA-9GGP-5RF4-X7Q9 Fat Free CRM vulnerable to SQL Injection
Multiple SQL injection vulnerabilities in app/controllers/homecontroller.rb in Fat Free CRM before 0.12.1 allow remote authenticated users to execute arbitrary SQL commands via 1 the homepage timeline feature or 2 the activity feature...
GHSA-F3V6-G4MV-PJHQ WEC Map (wec_map) extension for TYPO3 allows SQL Injection
SQL injection vulnerability in the WEC Map wecmap extension before 3.0.3 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors...
Apache Jetspeed vulnerable to SQL Injection
Multiple SQL injection vulnerabilities in the User Manager service in Apache Jetspeed before 2.3.1 allow remote attackers to execute arbitrary SQL commands via the 1 role or 2 user parameter to services/usermanager/users/...
Zend Framework SQL injection vector using null byte for PDO
The PDO adapters in Zend Framework before 1.12.16 do not filer null bytes in SQL statements, which allows remote attackers to execute arbitrary SQL commands via a crafted query...
GHSA-GJCJ-FJ23-5J5V GeniXCMS SQL injection vulnerability
SQL injection vulnerability in register.php in GeniXCMS before 1.0.0 allows remote attackers to execute arbitrary SQL commands via the activation parameter...
GeniXCMS SQL injection vulnerability
SQL injection vulnerability in register.php in GeniXCMS before 1.0.0 allows remote attackers to execute arbitrary SQL commands via the activation parameter...
GHSA-R64J-5W3W-FP49 TeamPass vulnerable to SQL Injection
Multiple SQL injection vulnerabilities in TeamPass 2.1.24 and earlier allow remote attackers to execute arbitrary SQL commands via the 1 id parameter in an actiononquickicon action to item.query.php or the 2 order or 3 direction parameter in an a connectionslogs, b errorslogs or c accesslogs acti...
GHSA-QM8M-7626-762H Dolibarr SQL injection vulnerability in admin/menus/edit.php
SQL injection vulnerability in admin/menus/edit.php in Dolibarr ERP/CRM version 6.0.0 allows remote attackers to execute arbitrary SQL commands via the menuId parameter...
GHSA-JJGQ-JQ8G-24W4 Dolibarr SQL injection vulnerability in don/list.php
SQL injection vulnerability in don/list.php in Dolibarr version 6.0.0 allows remote attackers to execute arbitrary SQL commands via the statut parameter...
Dolibarr SQL injection vulnerability in don/list.php
SQL injection vulnerability in don/list.php in Dolibarr version 6.0.0 allows remote attackers to execute arbitrary SQL commands via the statut parameter...
Dolibarr SQL injection vulnerability in admin/menus/edit.php
SQL injection vulnerability in admin/menus/edit.php in Dolibarr ERP/CRM version 6.0.0 allows remote attackers to execute arbitrary SQL commands via the menuId parameter...
GHSA-Q4HW-62MX-Q37W MetalGenix GeniXCMS vulnerable to SQL Injection
Multiple SQL injection vulnerabilities in inc/lib/User.class.php in MetalGenix GeniXCMS before 0.0.3-patch allow remote attackers to execute arbitrary SQL commands via the 1 email parameter or 2 userid parameter to register.php...
CVE-2021-41965
A SQL injection vulnerability exists in ChurchCRM version 2.0.0 to 4.4.5 that allows an authenticated attacker to issue an arbitrary SQL command to the database through the unsanitized ENtyid, theID and EID fields used when an Edit action on an existing record is being performed...
GHSA-9V7M-F3CV-68RW Dolibarr SQL injection vulnerability in comm/multiprix.php
SQL injection vulnerability in comm/multiprix.php in Dolibarr ERP/CRM version 6.0.4 allows remote attackers to execute arbitrary SQL commands via the id parameter...
GHSA-6FRC-VFW9-WM27 Dolibarr SQL injection vulnerability in fourn/index.php
SQL injection vulnerability in fourn/index.php in Dolibarr ERP/CRM version 6.0.4 allows remote attackers to execute arbitrary SQL commands via the socid parameter...
Dolibarr SQL injection vulnerability in fourn/index.php
SQL injection vulnerability in fourn/index.php in Dolibarr ERP/CRM version 6.0.4 allows remote attackers to execute arbitrary SQL commands via the socid parameter...
Dolibarr SQL injection vulnerability in adherents/subscription/info.php
SQL injection vulnerability in adherents/subscription/info.php in Dolibarr ERP/CRM version 6.0.4 allows remote attackers to execute arbitrary SQL commands via the rowid parameter...
GHSA-M5RG-G6F9-8WPW Dolibarr SQL injection vulnerability in product/card.php
SQL injection vulnerability in product/card.php in Dolibarr ERP/CRM version 7.0.3 allows remote attackers to execute arbitrary SQL commands via the countryid parameter...
Dolibarr SQL injection vulnerability in product/card.php
SQL injection vulnerability in product/card.php in Dolibarr ERP/CRM version 7.0.3 allows remote attackers to execute arbitrary SQL commands via the countryid parameter...