Sql injection

A SQL Injection issue was discovered in ONLYOFFICE Document Server 5.5.0. An attacker can execute arbitrary SQL queries via injection to DocID parameter of Websocket API...

Oracle E-Business Suite SQL Injection (CVE-2020-2586; CVE-2020-2587)

An SQL injection vulnerability exists in Oracle E-Business Suite. Successful exploitation of this vulnerability could result in the execution of arbitrary SQL statements with the privileges of the APPS database user...

Sql injection

A SQL injection vulnerability in TestLink 1.9.20 allows attackers to execute arbitrary SQL commands in dragdroptreenodes.php via the nodeid parameter...

EUVD-2020-29485

A SQL injection vulnerability in TestLink 1.9.20 allows attackers to execute arbitrary SQL commands in dragdroptreenodes.php via the nodeid parameter...

CVE-2020-5292

Leantime before versions 2.0.15 and 2.1-beta3 has a SQL Injection vulnerability. The impact is high. Malicious users/attackers can execute arbitrary SQL queries negatively affecting the confidentiality, integrity, and availability of the site. Attackers can exfiltrate data like the users' and...

CVE-2020-5292

Leantime before versions 2.0.15 and 2.1-beta3 has a SQL Injection vulnerability. The impact is high. Malicious users/attackers can execute arbitrary SQL queries negatively affecting the confidentiality, integrity, and availability of the site. Attackers can exfiltrate data like the users' and...

Grandstream UCM6200 SQL Injection Vulnerability (CNVD-2020-20680)

The Grandstream UCM6200 is an enterprise-class switch for IP telephony communications from Grandstream. A SQL injection vulnerability exists in the Grandstream UCM6200 series prior to version 1.0.20.22. The vulnerability stems from a database-based application that lacks validation of externally...

CVE-2020-3936 Unisoon UltraLog Express - SQL Injection

UltraLog Express device management interface does not properly filter user inputted string in some specific parameters, attackers can inject arbitrary SQL command...

CVE-2020-3936 Unisoon UltraLog Express - SQL Injection

UltraLog Express device management interface does not properly filter user inputted string in some specific parameters, attackers can inject arbitrary SQL command...

postgresql: TYPE in pg_temp executes arbitrary SQL during SECURITY DEFINER execution

A flaw was discovered in postgresql where arbitrary SQL statements can be executed given a suitable SECURITY DEFINER function. An attacker, with EXECUTE permission on the function, can execute arbitrary SQL as the owner of the function...

CVE-2019-19127

An authentication bypass vulnerability is present in the standalone SITS:Vision 9.7.0 component of Tribal SITS in its default configuration, related to unencrypted communications sent by the client each time it is launched. This occurs because the Uniface TLS Driver is not enabled by default. Thi...

Authentication flaw

An authentication bypass vulnerability is present in the standalone SITS:Vision 9.7.0 component of Tribal SITS in its default configuration, related to unencrypted communications sent by the client each time it is launched. This occurs because the Uniface TLS Driver is not enabled by default. Thi...

Samsung Mobile Device SQL Injection Vulnerability (CNVD-2020-32868)

Android is a free and open source operating system from Google based on the Linux kernel without GNU components. Samsung mobile devices suffer from a SQL injection vulnerability that can be exploited by attackers to execute arbitrary SQL queries with the help of specially crafted SQL statements...

Samsung Mobile Device SQL Injection Vulnerability (CNVD-2020-31556)

Android is a free and open source operating system from Google based on the Linux kernel without GNU components. Samsung mobile devices suffer from a SQL injection vulnerability that can be exploited by attackers to execute arbitrary SQL queries with the help of specially crafted SQL statements...

SQL Injection

phpmyadmin/phpmyadmin is vulnerable to SQL injection. A remote attacker is able to inject and execute arbitrary SQL statements to insert malicious values containing Javascript into the database. When displayed in a user's browser, the Javascript executes in the context of the user...

The vulnerability of the ABB eSOMS software for managing production processes, related to input validation errors, allows a perpetrator to execute arbitrary SQL queries against the database of the vulnerable application.

The vulnerability of the ABB eSOMS software for managing production processes is related to input validation errors. Exploiting this vulnerability could allow a malicious actor to execute arbitrary SQL queries against the database of the vulnerable application...

QIWI: Remote Code Execution on contactws.contact-sys.com via SQL injection in TCertObject operation "Delete"

Summary The API interface on https://contactws.contact-sys.com:3456/ accepts a body to interact with the server's AppServ object. Because of insufficient input validation, an attacker can abuse the ID parameter to inject arbitrary SQL statements into the underlying prepared statement. This leads ...

CVE-2019-20107

Multiple SQL injection vulnerabilities in TestLink through 1.9.19 allows remote authenticated users to execute arbitrary SQL commands via the 1 tprojectid parameter to keywordsView.php; the 2 reqspecid parameter to reqSpecCompareRevisions.php; the 3 requirementid parameter to...

CVE-2019-20107

Multiple SQL injection vulnerabilities in TestLink through 1.9.19 allows remote authenticated users to execute arbitrary SQL commands via the 1 tprojectid parameter to keywordsView.php; the 2 reqspecid parameter to reqSpecCompareRevisions.php; the 3 requirementid parameter to...

SQL Injection

django is vulnerable to SQL injection. Lack of adequate validation and sanitization of the tolerance parameter allows an attacker to inject and execute arbitrary SQL statements in the database...