4670 matches found
Sql injection
Affected 1E Platform versions have a Blind SQL Injection vulnerability that can lead to arbitrary code execution. Application of the relevant hotfix remediates this issue. for v8.1.2 apply hotfix Q23166 for v8.4.1 apply hotfix Q23164 for v9.0.1 apply hotfix Q23169 SaaS implementations on v23.7.1...
CVE-2023-45162
CVE-2023-45162 affects 1E Platform versions 8.1.2–9.0.1 (SaaS on 23.7.1+ auto-patches). The vulnerability is a Blind SQL Injection that can lead to arbitrary code execution. Root cause is the inability to properly neutralize SQL constructs in affected paths, per multiple sources. Impact is rated ...
CVE-2023-45162 Blind SQL vulnerability in 1E platform
Affected 1E Platform versions have a Blind SQL Injection vulnerability that can lead to arbitrary code execution. Application of the relevant hotfix remediates this issue. for v8.1.2 apply hotfix Q23166 for v8.4.1 apply hotfix Q23164 for v9.0.1 apply hotfix Q23169 SaaS implementations on v23.7.1...
CVE-2023-45162 Blind SQL vulnerability in 1E platform
Affected 1E Platform versions have a Blind SQL Injection vulnerability that can lead to arbitrary code execution. Application of the relevant hotfix remediates this issue. for v8.1.2 apply hotfix Q23166 for v8.4.1 apply hotfix Q23164 for v9.0.1 apply hotfix Q23169 SaaS implementations on v23.7.1...
CVE-2023-38221 Adobe Commerce | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') (CWE-89)
Adobe Commerce versions 2.4.7-beta1 and earlier, 2.4.6-p2 and earlier, 2.4.5-p4 and earlier and 2.4.4-p5 and earlier are affected by an Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability that could lead in arbitrary code execution by an admin-privileg...
Sql injection
Blind SQL injection vulnerability in the Conacwin 3.7.1.2 web interface, the exploitation of which could allow a local attacker to obtain sensitive data stored in the database by sending a specially crafted SQL query to the xml parameter...
CVE-2023-4037
CVE-2023-4037 affects Setelsa Security ConacWin CB 3.7.1.2. A blind SQL injection in the Conacwin web interface allows a local attacker to obtain sensitive data by sending a specially crafted SQL query to the xml parameter. The vulnerability targets the web interface component, with impact to con...
CVE-2023-5004 Hospital-management-system-in-php 378c157 - Blind SQL Injection
Hospital management system version 378c157 allows to bypass authentication. This is possible because the application is vulnerable to SQLI...
Color Prediction Game v1.0 - SQL Injection
Exploit Title: Color Prediction Game v1.0 - SQL Injection Date: 2023-08-12 Exploit Author: Ahmet Ümit BAYRAM Vendor: https://www.codester.com/items/44411/color-prediction-game-php-script Tested on: Kali Linux & MacOS CVE: N/A Request POST /loginNow.php HTTP/1.1 Host: localhost Cookie:...
CVE-2023-3864
Blind SQL injection in a service running in Snow Software license manager from version 8.0.0 up to and including 9.30.1 on Windows allows a logged in user with high privileges to inject SQL commands via the web portal...
Sql injection
Blind SQL injection in a service running in Snow Software license manager from version 8.0.0 up to and including 9.30.1 on Windows allows a logged in user with high privileges to inject SQL commands via the web portal...
CVE-2023-22378 Authenticated Blind SQL Injection on sorting in Guardian/CMC before 22.6.2
A blind SQL Injection vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in the sorting parameter, allows an authenticated attacker to execute arbitrary SQL statements on the DBMS used by the web application. Authenticated users may be able to extract arbitrary...
CVE-2023-22378
Nozomi Networks Guardian and CMC (Nozomi Guardian/CMC) are affected by CVE-2023-22378, a blind SQL Injection vulnerability caused by improper input validation in the sorting parameter. The issue allows an authenticated attacker to execute arbitrary SQL on the target DBMS, with potential to exfilt...
Authenticated Blind SQL Injection on alerts count in Guardian/CMC before 22.6.2
Summary A blind SQL Injection vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in the alertscount component, allows an authenticated attacker to execute arbitrary SQL statements on the DBMS used by the web application. Impact Authenticated users may be able to...
PT-2023-19053 · Nozomi Networks · Nozomi Networks Cmc +1
Name of the Vulnerable Software and Affected Versions: Nozomi Networks Guardian and CMC affected versions not specified Description: A blind SQL Injection vulnerability, due to improper input validation in the alerts count component, allows an authenticated attacker to execute arbitrary SQL...
PT-2023-5524 · Nozomi Networks · Nozomi Networks Cmc +1
Name of the Vulnerable Software and Affected Versions: Nozomi Networks Guardian and CMC affected versions not specified Description: A blind SQL Injection issue exists due to improper input validation in the sorting parameter, allowing an authenticated attacker to execute arbitrary SQL statements...
CVE-2023-3983
An authenticated SQL injection vulnerability exists in Advantech iView versions prior to v5.7.4 build 6752. An authenticated remote attacker can bypass checks in com.imc.iview.utils.CUtils.checkSQLInjection to perform blind SQL injection...
CVE-2023-3983
An authenticated SQL injection vulnerability exists in Advantech iView versions prior to v5.7.4 build 6752. An authenticated remote attacker can bypass checks in com.imc.iview.utils.CUtils.checkSQLInjection to perform blind SQL injection...
U.S. Dept Of Defense: Blind Sql Injection in https://█████/qsSearch.aspx
A blind SQL injection vulnerability was discovered in the qsSearch.aspx page of the application. An attacker could exploit this vulnerability to bypass authentication and retrieve sensitive information from the database. The vulnerability has been mitigated by implementing appropriate security...
Hikvision Hybrid SAN Ds-a71024 Firmware - Multiple Remote Code Execution Exploit
Exploit Title: Hikvision Hybrid SAN Ds-a71024 Firmware - Multiple Remote Code Execution Exploit Author: Thurein Soe CVE : CVE-2022-28171 Vendor Homepage: https://www.hikvision.com Software Link: N/A Refence Link: https://cve.report/CVE-2022-28171 Version: Filmora 12: Ds-a71024 Firmware, Ds-a71024...