EasyVirt DC Scope和EasyVirt CO2 Scope 安全漏洞

EasyVirt DC Scope and EasyVirt CO2 Scope are both products of the French company EasyVirt.EasyVirt DC Scope is a monitoring and management solution for VMware Virtualization VMware.EasyVirt CO2 Scope is a real-time monitoring and control solution for IT services, virtual machines and servers in...

Amazon Linux 2 : postgresql (ALAS-2025-2733)

The version of postgresql installed on the remote host is prior to 9.2.24-8. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2733 advisory. Time-of-check Time-of-use TOCTOU race condition in pgdump in PostgreSQL allows an object creator to execute arbitrary SQL...

CVE-2025-23218

WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A SQL Injection vulnerability was identified in the WeGIA application, specifically in the adicionarespecie.php endpoint. This vulnerability allows attackers to execute arbitrary SQL commands ...

Exploit for SQL Injection in Microsoft

CVE-2024-43468 SCCM SQL Injection Exploit mTLS client certs f...

CVE-2023-42243

In Selesta Visual Access Manager 4.42.2, an authenticated user can access the administrative page /common/vamSql.php, which allows for arbitrary SQL queries...

ROS-20250109-04

Vulnerability of the Fields plug-in of the GLPI system of requests, incidents and inventory of computer equipment is related to failure to take measures to protect the SQL query structure. Exploitation of the vulnerability could allow An attacker acting remotely could execute arbitrary SQL code...

WordPress plugin WPMU Prefill Post SQL注入漏洞

WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection vulnerability exists in WordPress plugin WPMU Prefill Post version 1.02 and earlier...

SQL Injection

Django is vulnerable to SQL injection. The vulnerability exists due to the improper handling of untrusted data in the django.db.models.fields.json.HasKey lookup when used with an Oracle database, allowing attackers to execute arbitrary SQL commands...

SQL Injection

github.com/apache/trafficcontrol is vulnerable to SQL Injection. The vulnerability is due to improper input validation in Traffic Ops, allowing a privileged user with roles such as "admin," "federation," "operations," "portal," or "steering" to execute arbitrary SQL queries through...

Trellix Data Loss Prevention SQL注入漏洞

Trellix Data Loss Prevention Trellix DLP is a data loss prevention solution from American FireEye Trellix. It provides a comprehensive scan of inbound and outbound network traffic for all ports, protocols, etc. Trellix Data Loss Prevention Trellix DLP version 11.11.1.3 suffers from a SQL injectio...

CVE-2024-54811

A SQL injection vulnerability in /index.php in PHPGurukul Park Ticketing Management System v1.0 allows an attacker to execute arbitrary SQL commands via the "login" parameter...

CVE-2024-54811

PHPGurukul Park Ticketing Management System v1.0 is affected by a SQL injection in /index.php via the login parameter. Root cause, per connected sources, is lack of input validation/external SQL handling, enabling execution of arbitrary SQL commands. Affected component: /index.php in PHPGurukul P...

CVE-2024-54811

A SQL injection vulnerability in /index.php in PHPGurukul Park Ticketing Management System v1.0 allows an attacker to execute arbitrary SQL commands via the "login" parameter...

CVE-2024-11773

SQL injection in the admin web console of Ivanti CSA before version 5.0.3 allows a remote authenticated attacker with admin privileges to run arbitrary SQL statements...

CVE-2024-11773

Ivanti Cloud Security Appliance (CSA) admin web console prior to 5.0.3 is affected by a SQL injection that can be exploited by a remote authenticated attacker with admin privileges to execute arbitrary SQL statements. The issue is confirmed in CVE-2024-11773; affected product/version is CSA befor...

CVE-2024-11773

SQL injection in the admin web console of Ivanti CSA before version 5.0.3 allows a remote authenticated attacker with admin privileges to run arbitrary SQL statements...

CVE-2024-11773

SQL injection in the admin web console of Ivanti CSA before version 5.0.3 allows a remote authenticated attacker with admin privileges to run arbitrary SQL statements...

CVE-2024-54921

A SQL Injection was found in /studentsignup.php in kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the username, firstname, lastname, and classid parameters...

CVE-2024-54923

A SQL Injection vulnerability was found in /admin/editteacher.php in kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the department parameter...

CVE-2024-54931

A SQL Injection was found in /admin/deleteevent.php in kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the id parameter...