Apache Superset SQL注入漏洞

A SQL injection vulnerability exists in Apache Superse, a modern, industrial-grade Web application for Business Intelligence. An attacker can use this vulnerability to execute arbitrary SQL statements such as querying data, downloading data, writing to a webshell, executing system commands, and...

PT-2021-16927 · Joomla · Joomla!

Name of the Vulnerable Software and Affected Versions: Joomla! versions 3.0.0 through 3.9.26 Description: A missing token check causes a CSRF issue in data download endpoints in com banners and com sysinfo. This allows for potential exploitation. Recommendations: For Joomla! versions 3.0.0 throug...

CVE-2020-24677

Vulnerabilities in the S+ Operations and S+ Historian web applications can lead to a possible code execution and privilege escalation, redirect the user somewhere else or download unwanted data...

CVE-2020-13146

Studio in Open edX Ironwood 2.5 allows CSV injection because an added cohort in CourseInstructorCohorts may contain a formula that is exported via the "CourseData DownloadsReportsDownload profile info" feature...

Input validation

Studio in Open edX Ironwood 2.5 allows CSV injection because an added cohort in CourseInstructorCohorts may contain a formula that is exported via the "CourseData DownloadsReportsDownload profile info" feature...

CVE-2020-13146

Studio in Open edX Ironwood 2.5 allows CSV injection because an added cohort in CourseInstructorCohorts may contain a formula that is exported via the "CourseData DownloadsReportsDownload profile info" feature...

CVE-2020-7471

Django 1.11 before 1.11.28, 2.2 before 2.2.10, and 3.0 before 3.0.3 allows SQL Injection if untrusted data is used as a StringAgg delimiter e.g., in Django applications that offer downloads of data as a series of rows with a user-specified column delimiter. By passing a suitably crafted delimiter...

CVE-2016-10983

The ghost plugin before 0.5.6 for WordPress has no access control for wp-admin/tools.php?ghostexport=true downloads of exported data...