21 matches found
EUVD-2019-6519
Malware in sbrugna...
CVE-2022-27360
SpringBlade v3.2.0 and below was discovered to contain a SQL injection vulnerability via the component customSqlSegment...
Exploit for CVE-2024-42327
🛡️ Zabbix 7.0.0 SQL Injection Exploit Script A Python script...
CVE-2024-13321
The AnalyticsWP plugin for WordPress is vulnerable to SQL Injection via the 'customsql' parameter in all versions up to, and including, 2.0.0 due to insufficient authorization checks on the handlegetstats function. This makes it possible for unauthenticated attackers to append additional SQL...
WordPress plugin AnalyticsWP SQL注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection...
CVE-2023-50347 Insecure SQL Interface affects HCL DRYiCE MyXalytics
HCL DRYiCE MyXalytics is impacted by an insecure SQL interface vulnerability, potentially giving an attacker the ability to execute custom SQL queries. A malicious user can run arbitrary SQL commands including changing system configuration...
HCL Technologies DRYiCE MyXalytics 安全漏洞
HCL Technologies DRYiCE MyXalytics is a unified reporting and dashboard product from HCL Technologies, USA. A security vulnerability exists in HCL Technologies DRYiCE MyXalytics. An attacker exploiting the vulnerability is able to execute custom SQL queries...
GO-2023-2162 SQL Injection in List Endpoints in github.com/flyteorg/flyteadmin
A malicious user can send a REST request to a List endpoint with filters that contain custom SQL statements. This can result in SQL injection...
CVE-2023-41891 FlyteAdmin SQL Injection in List Filters
FlyteAdmin is the control plane for Flyte responsible for managing entities and administering workflow executions. Prior to version 1.1.124, list endpoints on FlyteAdmin have a SQL vulnerability where a malicious user can send a REST request with custom SQL statements as list filters. The attacke...
SQL Injection
github.com/flyteorg/flyteadmin is vulnerable to SQL Injection. The vulnerability exists because the custom sql statements are not properly handled which allows an attacker to inject and execute arbitrary sql queries...
Flyte Admin SQL Injection in List Filters
Impact List endpoints on Flyte Admin has a SQL vulnerability where a malicious user can send a REST requests with custom SQL statements as list filters. Workarounds The attacker needs to have access to the flyteadmin installation typically either behind a VPN or authentication. References...
GHSA-R847-6W6H-R8G4 Flyte Admin SQL Injection in List Filters
Impact List endpoints on Flyte Admin has a SQL vulnerability where a malicious user can send a REST requests with custom SQL statements as list filters. Workarounds The attacker needs to have access to the flyteadmin installation typically either behind a VPN or authentication. References...
CVE-2023-35811
An issue was discovered in SugarCRM Enterprise before 11.0.6 and 12.x before 12.0.3. Two SQL Injection vectors have been identified in the REST API. By using crafted requests, custom SQL code can be injected through the REST API because of missing input validation. Regular user privileges can use...
GHSA-FGJ8-93XX-F6G6 phpMyAdmin SQL injection in user accounts page
In phpMyAdmin 4 before 4.9.4 and 5 before 5.0.1, SQL injection exists in the user accounts page. A malicious user could inject custom SQL in place of their own username when creating queries to this page. An attacker must have a valid MySQL account to access the server...
InsightCloudSec Supports 12 New AWS Services Announced at re:Invent
In case you didn’t hear, Amazon hosted AWS re:Invent in Las Vegas last week. As has come to be expected at the annual mega-event, Amazon made a number of huge announcements and launched a significant number of improvements and brand-new services and settings to enhance their public cloud platform...
Sql injection
In phpMyAdmin 4 before 4.9.4 and 5 before 5.0.1, SQL injection exists in the user accounts page. A malicious user could inject custom SQL in place of their own username when creating queries to this page. An attacker must have a valid MySQL account to access the server...
CVE-2019-15535
Tasking Manager before 3.4.0 allows SQL Injection via custom SQL...
Sql injection
Tasking Manager before 3.4.0 allows SQL Injection via custom SQL...
Magento Server MAGMI Plugin - Multiple Vulnerabilities
Exploit Title: Magento Server MAGMI Plugin Local File Inclusion And Cross Site Scripting Software Link: http://sourceforge.net/projects/magmi/ Author: SECUPENT Website:www.secupent.com Email: researchatsecupentdotcom Date: 5-2-2015 ExploitLocal file inclusion :...
Thyme Calendar 1.3 Remote SQL Injection Vulnerability
Exploit for unknown platform in category web applications ===================================================== Thyme Calendar 1.3 Remote SQL Injection Vulnerability ===================================================== Thyme Calendar 1.3 SQL Vulnerability Exploit by Warlord...