CVE-2025-52646

HCL AION is affected by a vulnerability where certain offering configurations may permit execution of potentially harmful SQL queries. Improper validation or restrictions on query execution could expose the system to unintended database interactions or limited information exposure under specific...

CVE-2019-25451

phpMoAdmin 1.1.5 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized database operations by crafting malicious requests. Attackers can trick authenticated users into submitting GET requests to moadmin.php with parameters like action, db, and collectio...

CVE-2019-25451 phpMoAdmin 1.1.5 Cross-Site Request Forgery via moadmin.php

phpMoAdmin 1.1.5 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized database operations by crafting malicious requests. Attackers can trick authenticated users into submitting GET requests to moadmin.php with parameters like action, db, and collectio...

PT-2026-21320

phpMoAdmin 1.1.5 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized database operations by crafting malicious requests. Attackers can trick authenticated users into submitting GET requests to moadmin.php with parameters like action, db, and collectio...

CVE-2025-11372

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to modification of data in all versions up to, and including, 4.2.9.2. This is due to missing capability checks on the Admin Tools REST endpoints which are registered with permissioncallback set to returntrue. This makes it...

EUVD-2011-4990

Malware in sbrugna...

EUVD-2003-0651

Malware in sbrugna...

EUVD-2025-28901

Malicious code in bioql PyPI...

CVE-2003-0657

Multiple SQL injection vulnerabilities in the infolog module for phpgroupware 0.9.14 and earlier could allow remote attackers to conduct unauthorized database actions...

WordPress plugin External Database Based Actions 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A security vulnerability exists in WordPress plugin...

PT-2024-16178 · WordPress · External Database Based Actions

Name of the Vulnerable Software and Affected Versions: External Database Based Actions plugin for WordPress version 0.1 and earlier Description: The issue is due to a missing capability check in the edba admin handle function, allowing authenticated attackers with subscriber-level permissions and...

CADClick 安全漏洞

CADClick is a software solution from CADClick, Inc. that creates interactive catalogs of 2D/3D CAD data for individual customer CAD catalogs. A security vulnerability exists in CADClick v1.11.0 and earlier versions that stems from the presence of a SQL injection vulnerability that allows remote...

CVE-2014-2508

EMC Documentum Content Server before 6.7 SP1 P28, 6.7 SP2 before P14, 7.0 before P15, and 7.1 before P05 allows remote authenticated users to conduct Documentum Query Language DQL injection attacks and bypass intended restrictions on database actions via vectors involving DQL hints...

Authentication flaw

GR Board aka grboard 1.8.6.5 Community Edition does not require authentication for certain database actions, which allows remote attackers to modify or delete data via a request to 1 modrewrite.php, 2 commentwriteok.php, 3 poll/index.php, 4 update/index.php, 5 trackback.php, or 6 an arbitrary...

PT-2012-2068 · Gr Board · Gboard

Name of the Vulnerable Software and Affected Versions: GR Board aka grboard version 1.8.6.5 Community Edition Description: The issue allows remote attackers to modify or delete data without requiring authentication for certain database actions. This can be achieved by sending a request to specifi...

IWebNegar - Multiple SQL Injections

IWebNegar - Multiple SQL Injections source: https://www.securityfocus.com/bid/11946/info iWebNegar is reported prone to multiple SQL injection vulnerabilities, these issues exist due to a lack of sufficient boundary checks performed on user-supplied URI parameter data. These issues could...

CVE-2003-0657

CVE-2003-0657 covers multiple SQL injection vulnerabilities in the infolog module of phpgroupware

CVE-2003-0657

Multiple SQL injection vulnerabilities in the infolog module for phpgroupware 0.9.14 and earlier could allow remote attackers to conduct unauthorized database actions...

CVE-2002-1499

Multiple SQL injection vulnerabilities in FactoSystem CMS allows remote attackers to perform unauthorized database actions via 1 the authornumber parameter in author.asp, 2 the discussblurbid parameter in discuss.asp, 3 the name parameter in holdcomment.asp, and 4 the email parameter in...