Sql injection

SQL injection vulnerability in the KonaWiki2 versions prior to 2.2.4 allows remote attackers to execute arbitrary SQL commands and to obtain/alter the information stored in the database via unspecified vectors...

KonaWiki SQL Injection Vulnerability

KonaWiki is a lightweight Wiki system. The system is primarily used for writing manuscripts, keeping minutes and memos, etc. A SQL injection vulnerability exists in KonaWiki2 prior to version 2.2.4. The vulnerability stems from the program not performing sufficient cleansing of user-supplied data...

SQL Injection

storage-jdbc-hikaricp-plugin is vulnerable to SQL injection. The wildcard query cases when using H2/MySQL/TiDB allows an attacker to inject and execute arbitrary SQL statements...

SQL Injection in librenms

A second-order SQL injection issue in Widgets/TopDevicesController.php aka the Top Devices dashboard widget of LibreNMS before 21.1.0 allows remote authenticated attackers to execute arbitrary SQL commands via the sortorder parameter against the /ajax/form/widget-settings endpoint...

postgresql: Multiple features escape "security restricted operation" sandbox

A flaw was found in postgresql. An attacker having permission to create non-temporary objects in at least one schema can execute arbitrary SQL functions under the identity of a superuser. The highest threat from this vulnerability is to data confidentiality and integrity as well as system...

postgresql: TYPE in pg_temp executes arbitrary SQL during SECURITY DEFINER execution

A flaw was discovered in postgresql where arbitrary SQL statements can be executed given a suitable SECURITY DEFINER function. An attacker, with EXECUTE permission on the function, can execute arbitrary SQL as the owner of the function...

TikiWiki Project SQL Injection (CVE-2004-1925)

An SQL injection vulnerability exists in TikiWiki Project. Successful exploitation of this vulnerability could result in the execution of arbitrary SQL statements on the affected system...

Sql injection

SQL injection in the getip function in conn/function.php in ??100-???????? 1.1 allows remote attackers to inject arbitrary SQL commands via the X-Forwarded-For header to admin/productadd.php...

CVE-2021-31856

A SQL Injection vulnerability in the REST API in Layer5 Meshery 0.5.2 allows an attacker to execute arbitrary SQL commands via the /experimental/patternfiles endpoint order parameter in GetMesheryPatterns in models/mesherypatternpersister.go...

Online Reviewer System SQL Injection (CVE-2021-27130)

An SQL injection vulnerability exists in Online Reviewer System. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system...

OpenClinic GA SQL Injection (CVE-2020-27233; CVE-2020-27234; CVE-2020-27235; CVE-2020-27236; CVE-2020-27237; CVE-2020-27238; CVE-2020-27239; CVE-2020-27240)

An SQL injection vulnerability exists in OpenClinic GA. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system...

Devolutions Server SQL Injection Vulnerability

Devolutions Server is an application from Devolutions Canada. It provides a full-featured shared account and password management solution. A SQL injection vulnerability exists in Devolutions Server versions prior to 2021.1and Devolutions Server LTS versions prior to 2020.3.18, which can be...

CVE-2021-28157

An SQL Injection issue in Devolutions Server before 2021.1 and Devolutions Server LTS before 2020.3.18 allows an administrative user to execute arbitrary SQL commands via a username in api/security/userinfo/delete...

CVE-2021-28157

An SQL Injection issue in Devolutions Server before 2021.1 and Devolutions Server LTS before 2020.3.18 allows an administrative user to execute arbitrary SQL commands via a username in api/security/userinfo/delete...

Sql injection

SQL injection in admin.php in Online Book Store 1.0 allows remote attackers to execute arbitrary SQL commands and bypass authentication...

CVE-2020-23763

SQL injection in admin.php in Online Book Store 1.0 allows remote attackers to execute arbitrary SQL commands and bypass authentication...

CVE-2020-23763

The CVE-2020-23763 entry corresponds to a SQL injection vulnerability in Online Book Store 1.0, specifically in admin.php, that allows remote attackers to execute arbitrary SQL commands and bypass authentication. This is corroborated by multiple connected sources (e.g., Red Hat advisory, CNVD, CV...

Knowage SQL Injection Vulnerability

Knowage is a suite of open source tools for modern business analytics. A SQL injection vulnerability exists in the documentexecution/url analysis driver component of Knowage prior to version 7.4 when running reports. An attacker can exploit this vulnerability to execute arbitrary SQL commands on ...

Rockwell Automation FactoryTalk AssetCentre SQL注入漏洞

Rockwell Automation FactoryTalk AssetCentre is an asset management software tool from Rockwell Automation that allows manufacturers and industrial companies to centrally manage controllers and other automation-related assets. An SQL injection vulnerability exists in Rockwell Automation FactoryTal...

SQL Injection

fluidtypo3/vhs is vulnerable to SQL injection. An attacker is able to inject and execute arbitrary SQL statements via isLanguageViewHelper in the vhs extension...