GHSA-M6M4-34CJ-4HH7 MindSQL is vulnerable to Code Injection through its ask_db function

A vulnerability was found in Mindinventory MindSQL up to 0.2.1. Impacted is the function askdb of the file mindsql/core/mindsqlcore.py. Performing a manipulation results in code injection. The attack can be initiated remotely. The exploit has been made public and could be used. The vendor was...

CVE-2026-4506

CVE-2026-4506 – Mindinventory MindSQL : A vulnerability in MindSQL up to version 0.2.1 affects the function ask_db in mindsql/core/mindsql_core.py. Manipulation of this function can lead to code injection. The attack is remote, and exploitation is publicly available. The vendor was contacted earl...

CVE-2024-55372

CVE-2024-55372 concerns Wallos

CVE-2025-0203

A vulnerability was found in code-projects Student Management System 1.0. It has been declared as critical. This vulnerability affects the function showSubject1 of the file /config/DbFunction.php. The manipulation of the argument sid leads to sql injection. The attack can be initiated remotely. T...

PT-2024-17653 · WordPress · Wp Base Booking Of Appointments

Name of the Vulnerable Software and Affected Versions: WP BASE Booking of Appointments, Services and Events plugin for WordPress versions up to, and including, 4.9.2 Description: The issue is related to unauthorized access of data due to a missing capability check on the export db function. This...

PT-2024-8717 · Siemens · Sinec Nms

Name of the Vulnerable Software and Affected Versions: SINEC NMS versions prior to V3.0 SP1 Description: A vulnerability has been identified in the affected application, which contains a database function that does not properly restrict the permissions of users to write to the filesystem of the...

mariadb: assertion failure in sql/item_func.cc

A flaw was found in the MariaDB Server. It contains a segmentation fault via the component, sql/itemfunc.cc:148, affecting availability...

SUSE CVE-2003-0025

Multiple SQL injection vulnerabilities in IMP 2.2.8 and earlier allow remote attackers to perform unauthorized database activities and possibly gain privileges via certain database functions such as checkprefs in db.pgsql, as demonstrated using mailbox.php3...

SUSE CVE-2007-0555

PostgreSQL 7.3 before 7.3.13, 7.4 before 7.4.16, 8.0 before 8.0.11, 8.1 before 8.1.7, and 8.2 before 8.2.2 allows attackers to disable certain checks for the data types of SQL function arguments, which allows remote authenticated users to cause a denial of service server crash and possibly access...

The add_database function in objects.c in the pgbouncer pooler 1.5.2 for PostgreSQL allows remote attackers to cause a denial of service (daemon outage) via a long database name in a request.

...

Stellar Docs 1.2 Path Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/8385/info Stellar Docs will disclose path information in an error page in response to a request for an invalid request for a web resource. This could disclose information that could be useful in further attacks against th...

PT-2012-5484 · Pgbouncer · Pgbouncer

Name of the Vulnerable Software and Affected Versions: pgbouncer version 1.5.2 Description: The issue allows remote attackers to cause a denial of service, resulting in a daemon outage. This is achieved by sending a request with a long database name to the add database function in objects.c...