13183 matches found
Invigo Automatic Device Management SQL Injection Vulnerability
Invigo Automatic Device Management ADM is a native management tool for cellular operators that enables them to detect, maintain and manage millions of devices cost-effectively and with a high degree of reliability. A SQL injection vulnerability exists in /admin/displayerrors.php in Invigo Automat...
CVE-2020-10582
CVE-2020-10582 describes a SQL injection in Invigo Automatic Device Management (ADM) prior to or including version 5.0, affecting the script at /admin/display_errors.php. The underlying issue allows remote attackers to execute arbitrary SQL queries against the database, with potential data readin...
postgresql: Uncontrolled search path element in logical replication
A flaw was found in PostgreSQL, where it did not properly sanitize the searchpath during logical replication. This flaw allows an authenticated attacker to use this flaw in an attack similar to CVE-2018-1058 to execute an arbitrary SQL command in the user's context for replication. The highest...
CVE-2020-35337
ThinkSAAS before 3.38 contains a SQL injection vulnerability through app/topic/action/admin/topic.php via the title parameter, which allows remote attackers to execute arbitrary SQL commands...
Sql injection
Unvalidated input in the Blog2Social WordPress plugin, versions before 6.3.1, lead to SQL Injection in the Re-Share Posts feature, allowing authenticated users to inject arbitrary SQL commands...
Sql injection
SQL injection vulnerability in the Paid Memberships Pro versions prior to 2.5.6 allows remote authenticated attackers to execute arbitrary SQL commands via unspecified vectors...
Accellion FTA SQL injection (CVE-2021-27101)
An SQL injection vulnerability exists in Accellion FTA. Successful exploitation of this vulnerability could result in the execution of arbitrary SQL statements on the affected system...
Online BookStore SQL Injection Vulnerability
Online BookStore is an online bookstore program. There is a sql injection vulnerability in Online Book Store v1.0. The vulnerability is caused by the id parameter in detail.php not filtering special characters, and an attacker can execute arbitrary SQL statements through this vulnerability...
Seat-Reservation-System SQL Injection Vulnerability
Seat-Reservation-System is a seat reservation system. A sql injection vulnerability exists in Seat-Reservation-System 1.0. The vulnerability is caused due to the id and file parameters in the index.php file not being input/output filtered for special characters. An attacker can exploit this...
Sourcecodester Seat-Reservation-System SQL注入漏洞
Seat-Reservation-System is a seat reservation system. A sql injection vulnerability exists in Seat-Reservation-System 1.0. The vulnerability is caused due to the id and file parameters in the index.php file not being input/output filtered for special characters. An attacker can exploit this...
QIWI: Remote Code Execution on contactws.contact-sys.com via SQL injection in TAktifBankObject.GetOrder in parameter DOC_ID
Summary The API interface on https://contactws.contact-sys.com:3456/ accepts a body to interact with the server's AppServ object. Because of insufficient input validation, an attacker can abuse the DOCID parameter on the TAktifBankObject operation GetOrder to inject arbitrary SQL statements into...
CVE-2020-29140
A SQL injection vulnerability in interface/reports/immunizationreport.php in OpenEMR before 5.0.2.5 allows a remote authenticated attacker to execute arbitrary SQL commands via the formcode parameter...
Sql injection
A second-order SQL injection issue in Widgets/TopDevicesController.php aka the Top Devices dashboard widget of LibreNMS before 21.1.0 allows remote authenticated attackers to execute arbitrary SQL commands via the sortorder parameter against the /ajax/form/widget-settings endpoint...
The vulnerability in the vManage web interface of the software-defined Cisco SD-WAN network allows a attacker to execute arbitrary SQL queries.
The vulnerability in the vManage web interface of the Cisco SD-WAN programmatically defined network is related to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL queries remotely...
Ming-Soft MCMS SQL Injection (CVE-2020-23262)
An SQL injection vulnerability exists in Ming-Soft MCMS. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system...
CVE-2020-21176
SQL injection vulnerability in the model.increment and model.decrement function in ThinkJS 3.2.10 allows remote attackers to execute arbitrary SQL commands via the step parameter...
CVE-2020-21176
SQL injection vulnerability in the model.increment and model.decrement function in ThinkJS 3.2.10 allows remote attackers to execute arbitrary SQL commands via the step parameter...
Sql injection
SQL injection vulnerability in the model.increment and model.decrement function in ThinkJS 3.2.10 allows remote attackers to execute arbitrary SQL commands via the step parameter...
Sql injection
An issue was found in CMSWing project version 1.3.8. Because the updateAction function does not check the detail parameter, malicious parameters can execute arbitrary SQL commands...
CVE-2020-20296
An issue was found in CMSWing project version 1.3.8, Because the rechargeAction function does not check the balance parameter, malicious parameters can execute arbitrary SQL commands...