CVE-2023-26781

SQL injection vulnerability in mccms 2.6 allows remote attackers to run arbitrary SQL commands via Author Center -Reader Comments -Search...

CVE-2023-26781

SQL injection vulnerability in mccms 2.6 allows remote attackers to run arbitrary SQL commands via Author Center -Reader Comments -Search...

SQL Injection

github.com/hashicorp/vault is vulnerable to SQL Injection. The vulnerability exists in mssql.go due to improper validation of parameters such as schema, database, and table which allows an attacker to inject and execute arbitrary sql queries...

Sql injection

A SQL injection vulnerability in Mybatis plus below 3.5.3.1 allows remote attackers to execute arbitrary SQL commands via the tenant ID valuer...

CVE-2023-25330

A SQL injection vulnerability in Mybatis plus below 3.5.3.1 allows remote attackers to execute arbitrary SQL commands via the tenant ID valuer. NOTE: the vendor's position is that this can only occur in a misconfigured application; the documentation discusses how to develop applications that avoi...

CVE-2023-25330

A SQL injection vulnerability in Mybatis plus below 3.5.3.1 allows remote attackers to execute arbitrary SQL commands via the tenant ID valuer. NOTE: the vendor's position is that this can only occur in a misconfigured application; the documentation discusses how to develop applications that avoi...

Online Graduate Tracer System - Multiple SQL injection Vulnerabilities

A Blind SQL injection vulnerability in the fill-in forms of Online Graduate Tracer System allows remote unauthenticated attackers to execute remote arbitrary SQL commands through "age" parameter. Description A Blind SQL injection vulnerability in the fill-in forms of Online Graduate Tracer System...

CVE-2023-28424 Soko SQL Injection vulnerability

Soko if the code that powers packages.gentoo.org. Prior to version 1.0.2, the two package search handlers, Search and SearchFeed, implemented in pkg/app/handler/packages/search.go, are affected by a SQL injection via the q parameter. As a result, unauthenticated attackers can execute arbitrary SQ...

CVE-2023-28424 Soko SQL Injection vulnerability

Soko if the code that powers packages.gentoo.org. Prior to version 1.0.2, the two package search handlers, Search and SearchFeed, implemented in pkg/app/handler/packages/search.go, are affected by a SQL injection via the q parameter. As a result, unauthenticated attackers can execute arbitrary SQ...

CVE-2023-27463

A vulnerability has been identified in RUGGEDCOM CROSSBOW All versions V5.3. The audit log form of affected applications is vulnerable to SQL injection. This could allow authenticated remote attackers to execute arbitrary SQL queries on the server database...

HackerOne: SQL Injection in CVE Discovery Search

Unsanitized user-controlled inputs in the CVE Discovery Search allowed for SQL injection, which could lead to the disclosure of data in the Analytics Database, including report, team, and asset data...

The vulnerability of the microprogrammed network interface controllers from SonicWall, models SMA 210, SMA 410, SMA 500v, allows attackers to execute arbitrary SQL queries.

The vulnerability of SonicWall’s SMA 210, SMA 410, and SMA 500v network firewall microprogramming systems lies in the lack of security measures for handling SQL query structures. Exploiting this vulnerability allows an attacker to execute arbitrary SQL queries remotely...

CVE-2023-26037

ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 contain an SQL Injection. The minTime and maxTime request parameters are not properly validated and could be used execute...

CVE-2023-26037 ZoneMinder contains SQL Injection via report_event_audit

ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 contain an SQL Injection. The minTime and maxTime request parameters are not properly validated and could be used execute...

CVE-2023-26037

ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 contain an SQL Injection. The minTime and maxTime request parameters are not properly validated and could be used execute...

CVE-2023-26034

ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 are affected by a SQL Injection vulnerability. The blind SQL Injection vulnerability is present within the...

CVE-2023-26032

ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 contain SQL Injection via malicious jason web token. The Username field of the JWT token was trusted when performing an SQL...

CVE-2023-26034 ZoneMinder SQL Injection

ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 are affected by a SQL Injection vulnerability. The blind SQL Injection vulnerability is present within the...

CVE-2023-26550

A SQL injection vulnerability in BMC Control-M before 9.0.20.214 allows attackers to execute arbitrary SQL commands via the memname JSON field...

CVE-2023-26550

CVE-2023-26550 affects BMC Control-M prior to 9.0.20.214. The vulnerability is a SQL injection in the memname JSON field that allows an attacker to execute arbitrary SQL commands. The issue is documented with a high severity (CVSS v3.1: 9.8/CRITICAL, network vector, no user interaction, no privil...