SQL Injection

github.com/square/squalor is vulnerable to SQL injection. The vulnerability exists due to improper argument handling of the database queries which allows an attacker to inject and execute arbitrary SQL queries...

CVE-2022-43437

The Download function’s parameter of EasyTest has insufficient validation for user input. A remote attacker authenticated as a general user can inject arbitrary SQL command to access, modify or delete database...

CVE-2022-39041

aEnrich a+HRD has insufficient user input validation for specific API parameter. An unauthenticated remote attacker can exploit this vulnerability to inject arbitrary SQL commands to access, modify and delete database...

Sql injection

A SQL injection issue in the web API in TrueConf Server 5.2.0.10225 allows remote unauthenticated attackers to execute arbitrary SQL commands, ultimately leading to remote code execution...

CVE-2022-46763

A SQL injection issue in a database stored function in TrueConf Server 5.2.0.10225 fixed in 5.2.6.10025 allows a low-privileged database user to execute arbitrary SQL commands as the database administrator, resulting in execution of arbitrary code...

Design/Logic Flaw

An issue was discovered in Simmeth Lieferantenmanager before 5.6. In the design of the API, a user is inherently able to fetch arbitrary SQL tables. This leaks all user passwords and MSSQL hashes via /DS/LMAPI/api/SelectionService/GetPaggedTab...

CVE-2022-45889

Planet eStream before 6.72.10.07 allows a remote attacker who is a publisher or admin to obtain access to all records stored in the database, and achieve the ability to execute arbitrary SQL commands, via Search the StatisticsResults.aspx flt parameter...

PT-2022-27667 · Unknown · Planet Estream

Name of the Vulnerable Software and Affected Versions: Planet eStream versions prior to 6.72.10.07 Description: The issue allows a remote attacker, who is a publisher or admin, to obtain access to all records stored in the database and execute arbitrary SQL commands via Search, specifically throu...

CVE-2021-31650

A SQL injection vulnerability in Sourcecodester Online Grading System 1.0 allows remote attackers to execute arbitrary SQL commands via the uname parameter...

Online Grading System SQL注入漏洞

Sourcecodester Online Grading System is a student information management system. The system provides functions such as student information management and online grading. A security vulnerability exists in Online Grading System version 1.0, which is caused by a uname parameter that allows remote...

CVE-2021-31650

A SQL injection vulnerability in Sourcecodester Online Grading System 1.0 allows remote attackers to execute arbitrary SQL commands via the uname parameter...

SQL Injection

cubejs-backend/api-gateway is vulnerable to SQL Injection attacks. A specifically crafted attack statement through the /v1/sql-runner endpoint allows a malicious authenticated user to inject and execute arbitrary SQL queries on the target system...

Senayan Library Management System 9.0.0 SQL Injection

Title: Senayan Library Management System v9.0.0 a.k.a SLIMS 9 SQLi Author: nu11secur1ty Date: 11.09.2022 Vendor: https://slims.web.id/web/ Software: https://github.com/slims/slims9bulian/releases/download/v9.0.0/slims9bulian-9.0.0.zip Reference:...

CVE-2022-45931

A SQL injection issue was discovered in the AAA package of OpenDaylight. The aaa-idm-store-h2/src/main/java/org/opendaylight/aaa/datastore/h2/UserStore.java deleteUser function is affected when the API interface /auth/v1/users/ is used. This may allow a malicious user to execute arbitrary sql...

CVE-2022-45932

A SQL injection issue was discovered in the AAA package of OpenDaylight. The aaa-idm-store-h2/src/main/java/org/opendaylight/aaa/datastore/h2/RoleStore.java deleteRole function is affected when the API interface /auth/v1/roles/ is used. This may allow a malicious user to execute arbitrary sql...

CVE-2022-45930

A SQL injection issue was discovered in the AAA package of OpenDaylight. The aaa-idm-store-h2/src/main/java/org/opendaylight/aaa/datastore/h2/DomainStore.java deleteDomain function is affected for the /auth/v1/domains/ API interface. This may allow a malicious user to execute arbitrary sql...

SQL Injection

silverstripe/framework is vulnerable to SQL Injection. The vulnerability exists in the getManipulatedData function in GridFieldSortableHeader.php where an attacker with cms access could execute an arbitrary sql statements...

GHSA-RR8H-F97Q-8P9C Blind SQL Injection via GridFieldSortableHeader

Gridfield state is vulnerable to SQL injections. The vast majority of Gridfields in Silverstripe CMS are affected by this vulnerability. An attacker with CMS access could execute an arbitrary SQL statement by adding an SQL payload in some parts of the GridField state...

WordPress plugin My wpdb 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...

ZEROF Web Server SQL Injection (CVE-2022-25322)

An SQL injection vulnerability exists in ZEROF Web Server. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system...