Sql injection

SQL injection vulnerability in /wbg/core/includes/authorization.inc.php in CMS Web-Gooroo through 2013-01-19 allows remote attackers to execute arbitrary SQL commands via the wbglogin parameter...

CVE-2017-18346

SQL injection vulnerability in /wbg/core/includes/authorization.inc.php in CMS Web-Gooroo through 2013-01-19 allows remote attackers to execute arbitrary SQL commands via the wbglogin parameter...

CVE-2019-11821

Synology Photo Station is affected by a SQL injection in synophoto_csPhotoDB.php. The issue allows remote execution of arbitrary SQL commands via the type parameter and affects versions prior to 6.8.11-3489 and prior to 6.3-2977. Root cause: lack of validation of externally supplied SQL statement...

SQL Injection

Overview Versions of sequelize prior to 3.35.1 are vulnerable to SQL Injection. The package fails to sanitize JSON path keys in the Postgres dialect, which may allow attackers to inject SQL statements and execute arbitrary SQL queries. Recommendation Upgrade to version 3.35.1 or later. References...

CVE-2018-16116

SQL injection vulnerability in AccountStatus.jsp in Admin Portal of Sophos XG firewall 17.0.8 MR-8 allow remote authenticated attackers to execute arbitrary SQL commands via the "username" GET parameter...

SQL Injection

resquel is vulnerable to SQL injection. A remote attacker is able to inject and execute arbitrary SQL statements in the application due to the lack of query parameters sanitization...

CVE-2019-12149

SQL injection vulnerability in silverstripe/restfulserver module 1.0.x before 1.0.9, 2.0.x before 2.0.4, and 2.1.x before 2.1.2 and silverstripe/registry module 2.1.x before 2.1.1 and 2.2.x before 2.2.1 allows attackers to execute arbitrary SQL commands...

CVE-2018-11801

SQL injection vulnerability in Apache Fineract before 1.3.0 allows attackers to execute arbitrary SQL commands via a query on a mcenter data related table...

CVE-2019-12196

A SQL injection vulnerability in /client/api/json/v2/nfareports/compareReport in Zoho ManageEngine NetFlow Analyzer 12.3 allows attackers to execute arbitrary SQL commands via the DeviceID parameter...

Cybozu Garoon 4.x <= 4.10.0 Multiple Vulnerabilities

Cybozu Garoon is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:cybozu:garoon"; ifdescription...

Sql injection

SQL injection vulnerability in Vtiger CRM before 7.1.0 hotfix3 allows authenticated users to execute arbitrary SQL commands...

Sql injection

A vulnerability in the web-based management interface of Cisco Prime Infrastructure PI and Cisco Evolved Programmable Network EPN Manager could allow an authenticated, remote attacker to execute arbitrary SQL queries. This vulnerability exist because the software improperly validates user-supplie...

CVE-2019-1824 Cisco Prime Infrastructure and Evolved Programmable Network Manager SQL Injection Vulnerabilities

A vulnerability in the web-based management interface of Cisco Prime Infrastructure PI and Cisco Evolved Programmable Network EPN Manager could allow an authenticated, remote attacker to execute arbitrary SQL queries. This vulnerability exist because the software improperly validates user-supplie...

CVE-2019-1825 Cisco Prime Infrastructure and Evolved Programmable Network Manager SQL Injection Vulnerabilities

A vulnerability in the web-based management interface of Cisco Prime Infrastructure PI and Cisco Evolved Programmable Network EPN Manager could allow an authenticated, remote attacker to execute arbitrary SQL queries. This vulnerability exist because the software improperly validates user-supplie...

Cisco Prime Infrastructure and Evolved Programmable Network Manager SQL Injection Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Prime Infrastructure PI and Cisco Evolved Programmable Network EPN Manager could allow an authenticated, remote attacker to execute arbitrary SQL queries. These vulnerabilities exist because the software improperly validates...

CVE-2019-11600

A SQL injection vulnerability in the activities API in OpenProject before 8.3.2 allows a remote attacker to execute arbitrary SQL commands via the id parameter. The attack can be performed unauthenticated if OpenProject is configured not to require authentication for API access...

Sql injection

A SQL injection vulnerability in the activities API in OpenProject before 8.3.2 allows a remote attacker to execute arbitrary SQL commands via the id parameter. The attack can be performed unauthenticated if OpenProject is configured not to require authentication for API access...

Sql injection

SQL injection in folderViewSpecific.psp in Seagate NAS OS version 4.3.15.1 allows attackers to execute arbitrary SQL commands via the dirId URL parameter...

CVE-2018-12295

SQL injection in folderViewSpecific.psp in Seagate NAS OS version 4.3.15.1 allows attackers to execute arbitrary SQL commands via the dirId URL parameter...

SQL Injection

sequelize is vulnerable to SQL injection when using with PostgreSQL. This is due to backslashes that are not being escaped properly in non-standard strings, allowing a remote attacker to inject and execute arbitrary SQL statements in the database...