Sql injection

McAfee Enterprise ePolicy Orchestrator ePO prior to 5.10 Update 13 allows a local attacker to point an ePO server to an arbitrary SQL server during the restoration of the ePO server. To achieve this the attacker would have to be logged onto the server hosting the ePO server restricted to...

cyrus-sasl: failure to properly escape SQL input allows an attacker to execute arbitrary SQL commands

A flaw was found in the SQL plugin shipped with Cyrus SASL. The vulnerability occurs due to failure to properly escape SQL input and leads to an improper input validation vulnerability. This flaw allows an attacker to execute arbitrary SQL commands and the ability to change the passwords for othe...

PT-2022-13478 · Mcafee · Mcafee Enterprise Epolicy Orchestrator

Name of the Vulnerable Software and Affected Versions: McAfee Enterprise ePolicy Orchestrator ePO versions prior to 5.10 Update 13 Description: The issue allows a local attacker to point an ePO server to an arbitrary SQL server during the restoration of the ePO server. This can be achieved if the...

Delta Electronics DIAEnergie SQL注入漏洞

Delta Electronics DIAEnergie is an industrial energy management system used to monitor and analyze energy consumption in real time, calculate energy consumption and load characteristics, optimize equipment performance, improve production processes, and maximize energy efficiency.Delta Electronics...

Taocms SQL注入漏洞

Taocms is a micro Cms content management system in China. a SQL injection vulnerability exists in Taocms v3.0.2, which stems from the lack of validation of external input SQL statements in the id parameter in includeModelCategory.php, and can be exploited by attackers to execute illegal SQL...

WordPress WP Statistics Plugin SQL Injection (CVE-2022-25148)

An SQL injection vulnerability exists in WordPress WP Statistics Plugin. Successful exploitation of this vulnerability could result in the execution of arbitrary SQL statements on the affected system...

AlmaLinux 8 : postgresql:12 (ALSA-2021:5235)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2021:5235 advisory. postgresql: memory disclosure in certain queries CVE-2021-3677 postgresql: server processes unencrypted bytes from man-in-the-middle CVE-2021-23214 Tenabl...

Important: cyrus-sasl

Issue Overview: A flaw was found in the SQL plugin shipped with Cyrus SASL. Failure to properly escape the SQL input allows a remote attacker to execute arbitrary SQL commands. This issue can lead to the escalation of privileges. CVE-2022-24407 Affected Packages: cyrus-sasl Issue Correction: Run...

Fortinet FortiWLM SQL注入漏洞

Fortinet FortiWLC is a wireless LAN controller from Fortinet, Inc. An SQL injection vulnerability exists in Fortinet FortiWLC, which stems from insufficient cleaning of user-supplied data in the AP monitoring handler, and could be exploited to send specially crafted requests to affected...

CLSA-2022-1646061219 Fixed CVE-2022-24407 in cyrus-sasl

CVE-2022-24407: Fix failure to properly escape SQL input allows an attacker to execute arbitrary SQL commands...

Ubuntu: Security Advisory (USN-5301-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Cyrus Sasl SQL注入漏洞

Cyrus Sasl is a simple authentication from The Cyrus Team team. Enables application developers to easily integrate authentication mechanisms into applications in a generic way. Cyrus SASL A SQL injection vulnerability exists that stems from the Cyrus SASL SQL plugin incorrectly handling SQL input...

WordPress WP_Query SQL Injection (CVE-2022-21661)

An SQL injection vulnerability exists in WordPress WPQuery. Successful exploitation of this vulnerability could result in the execution of arbitrary SQL statements on the affected system...

Sql injection

The WP Statistics WordPress plugin is vulnerable to SQL Injection due to insufficient escaping and parameterization of the exclusionreason parameter found in the /includes/class-wp-statistics-exclusion.php file which allows attackers without authentication to inject arbitrary SQL queries to obtai...

Emerson DeltaV SQL Injection (CVE-2012-1815)

SQL injection vulnerability in Emerson DeltaV and DeltaV Workstations 9.3.1, 10.3.1, 11.3, and 11.3.1 and DeltaV ProEssentials Scientific Graph 5.0.0.6 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. This plugin only works with Tenable.ot. Please visit...

Rockwell (CVE-2015-6486)

SQL injection vulnerability on Allen-Bradley MicroLogix 1100 devices before B FRN 15.000 and 1400 devices before B FRN 15.003 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. This plugin only works with Tenable.ot. Please visit...

SQL Injection

github.com/navidrome/navidrome is vulnerable to SQL injection. The vulnerability exists in OrderBy function of criteria.go due to not handling the conditional sql statements properly which allows a malicious attacker to inject and execute arbitrary SQL...

CVE-2021-41659

SQL injection vulnerability in Sourcecodester Banking System v1 by oretnom23, allows attackers to execute arbitrary SQL commands via the username or password field...

CVE-2021-41472

SQL injection vulnerability in Sourcecodester Simple Membership System v1 by oretnom23, allows attackers to execute arbitrary SQL commands via the username and password parameters...

CVE-2021-41471

SQL injection vulnerability in Sourcecodester South Gate Inn Online Reservation System v1 by oretnom23, allows attackers to execute arbitrary SQL commands via the email and Password parameters...