CVE-2022-48593

A SQL injection vulnerability exists in the “topology data service” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database...

CVE-2022-48596

A SQL injection vulnerability exists in the “ticket queue watchers” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database...

CVE-2022-48604

A SQL injection vulnerability exists in the “logging export” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database...

CVE-2024-42784

A SQL injection vulnerability in "/music/controller.php?page=viewmusic" in Kashipara Music Management System v1.0 allows an attacker to execute arbitrary SQL commands via the "id" parameter...

The vulnerability of the /sysmanage/edit_manageadmin.php component in the DAR-7000 router microprogramming system allows a attacker to execute arbitrary SQL code.

The vulnerability of the /sysmanage/editmanageadmin.php component in the DAR-7000 router microprogramming system is related to the lack of validation for the sequence of XML objects. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL code remotely...

PT-2023-15858 · Sciencelogic · Sciencelogic Sl1

Name of the Vulnerable Software and Affected Versions: ScienceLogic SL1 affected versions not specified Description: A SQL injection issue exists in the "json walker" feature, where unsanitized user-controlled input is passed directly to a SQL query, allowing the injection of arbitrary SQL that i...

CVE-2022-46898

An issue was discovered in Vocera Report Server and Voice Server 5.x through 5.8. There is Path Traversal via the "restore SQL data" filename. The Vocera Report Console contains a websocket function that allows for the restoration of the database from a ZIP archive that expects a SQL import file...

CVE-2023-30605 Multiple SQL injections in sql/instance.py param_edit method in Archery - GHSL-2022-104

Archery is an open source SQL audit platform. The Archery project contains multiple SQL injection vulnerabilities, that may allow an attacker to query the connected databases. User input coming from the variablename and variablevalue parameter value in the sql/instance.py paramedit endpoint is...

CVE-2023-30553 Multiple SQL injections in sql_api/api_workflow.py endpoint in Archery - GHSL-2022-102

Archery is an open source SQL audit platform. The Archery project contains multiple SQL injection vulnerabilities, that may allow an attacker to query the connected databases. Affected versions are subject to multiple SQL injections in the sqlapi/apiworkflow.py endpoint ExecuteCheck. User input...

SUSE CVE-2016-5843

Multiple SQL injection vulnerabilities in the FAQ package 2.x before 2.3.6, 4.x before 4.0.5, and 5.x before 5.0.5 in Open Ticket Request System OTRS allow remote attackers to execute arbitrary SQL commands via crafted search parameters...

PbootCMS SQL注入漏洞

PbootCMS is an open source enterprise building content management system CMS using PHP language developed by PbootCMS individual developers. A security vulnerability exists in PbootCMS version 3.0.5. An attacker can exploit the vulnerability to execute arbitrary SQL commands via a specially craft...

CVE-2022-37787

An issue was discovered in WeCube platform 3.2.2. A DOM XSS vulnerability has been found on the plugin database execution page...

Cross site scripting

An issue was discovered in WeCube platform 3.2.2. A DOM XSS vulnerability has been found on the plugin database execution page...

CVE-2022-37787

CVE-2022-37787 affects WeCube platform 3.2.2. A DOM XSS on the plugin database execution page is reported across multiple sources. The vulnerability allows client-side script execution via the page, with no documented exploitation details in the provided materials. A practical mitigation mentione...

CVE-2022-37787

An issue was discovered in WeCube platform 3.2.2. A DOM XSS vulnerability has been found on the plugin database execution page...

The vulnerability of the `include/chart_generator.php` script of the Pandora Console component, a monitoring and management system for IT environments in the Pandora FMS framework. This script allows attackers to bypass security restrictions and execute arbitrary SQL code.

The vulnerability of the include/chartgenerator.php implementation of the Pandora Console component in the Pandora FMS monitoring and management system is related to the lack of measures taken to protect the SQL query structure during the processing of the sessionid parameter. Exploiting this...

CVE-2022-40871

Dolibarr ERP & CRM =15.0.3 is vulnerable to Eval injection. By default, any administrator can be added to the installation page of dolibarr, and if successfully added, malicious code can be inserted into the database and then execute it by eval...

CVE-2022-40871

Dolibarr ERP & CRM =15.0.3 is vulnerable to Eval injection. By default, any administrator can be added to the installation page of dolibarr, and if successfully added, malicious code can be inserted into the database and then execute it by eval...

Library Management System With QR Code 1.0 SQL Injection Vulnerability

Title: Library Management System with QR code Attendance 1.0 SQL Injection Author: Ashish Kumar https://www.linkedin.com/in/ashish-kumar-0b65a3184 Vendor: https://www.sourcecodester.com/users/kingbhob02 Software:...

Siemens SINEC NMS SQL注入漏洞

SINEC NMS is a network management system from Siemens for monitoring and managing industrial networks.A SQL injection vulnerability exists in versions prior to SINEC NMS 1.0 SP2 Update 1, which stems from the lack of validation and escaping of SQL parameter statements in the software. An attacker...