CVE-2024-9921

The Team+ from TEAMPLUS TECHNOLOGY does not properly validate specific page parameter, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify and delete database contents...

CVE-2024-6796

In Baxter Connex health portal released before 8/30/2024, an improper access control vulnerability has been found that could allow an unauthenticated attacker to gain unauthorized access to Connex portal's database and/or modify content...

CVE-2024-6795 Vulnerability in Baxter Connex Health Portal

In Connex health portal released before8/30/2024, SQL injection vulnerabilities were found that could have allowed an unauthenticated attacker to gain unauthorized access to Connex portal's database. An attacker could have submitted a crafted payload to Connex portal that could have resulted in...

SQL Injection

github.com/stashapp/stash is vulnerable to SQL Injection. The vulnerability is caused due to not validating the values provided in the sort parameter while executing SQL query. This can lead to attacker retrieving data from database or can change values in the database tables...

Jieshun JieLink+ JSOTC2016 访问控制错误漏洞

Jieshun JieLink+ JSOTC2016 is an intelligent terminal operating platform from China's Jieshun Jieshun Corporation. An access control error vulnerability exists in Jieshun JieLink+ JSOTC2016 20240805 and earlier versions, which stems from the presence of sensitive information disclosure. A malicio...

Jieshun JieLink+ JSOTC2016 访问控制错误漏洞

Jieshun JieLink+ JSOTC2016 is an intelligent terminal operating platform from China's Jieshun Jieshun Corporation. An access control error vulnerability exists in Jieshun JieLink+ JSOTC2016 20240805 and earlier versions, which stems from the presence of sensitive information disclosure. A malicio...

CVE-2024-7731

The CVE-2024-7731 issue affects the SECOM Dr.ID Access Control System. Affected product: Dr.ID Access Control System from SECOM. Root cause: improper validation of a specific page parameter leads to SQL injection. Impact: unauthenticated remote attackers can read, modify, and delete database cont...

SECOM Dr.ID Access Control System SQL注入漏洞

SECOM Dr.ID Access Control System is an access control system of China Zhongbao SECOM Corporation. A SQL injection vulnerability exists in SECOM Dr.ID Access Control System versions prior to 3.5.0.0.0.5, which stems from the presence of specific page parameters that are not properly validated,...

Xibo CMS SQL注入漏洞

Xibo CMS is an open source content management system from Xibo Digital Signage. Xibo CMS suffers from a SQL injection vulnerability that originates from allowing an authenticated user to retrieve and modify arbitrary data from the database by injecting a specially crafted value into the sortBy...

CVE-2024-7201

The login functionality of WinMatrix3 Web package from Simopro Technology lacks proper validation of user input, allowing unauthenticated remote attackers to inject SQL commands to read, modify, and delete database contents...

CVE-2024-22059

A SQL injection vulnerability in web component of Ivanti Neurons for ITSM allows a remote authenticated user to read/modify/delete information in the underlying database. This may also lead to DoS...

CVE-2024-4609 Rockwell Automation Datalog Function within in FactoryTalk® View SE contains SQL Injection Vulnerability

A vulnerability exists in the Rockwell Automation FactoryTalk® View SE Datalog function that could allow a threat actor to inject a malicious SQL statement if the SQL database has no authentication in place or if legitimate credentials were stolen. If exploited, the attack could result in...

CVE-2024-31460

Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, some of the data stored in automationtreerules.php is not thoroughly checked and is used to concatenate the SQL statement in createallheadernodes function from lib/apiautomation.php , finally resulti...

CVE-2024-31460

Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, some of the data stored in automationtreerules.php is not thoroughly checked and is used to concatenate the SQL statement in createallheadernodes function from lib/apiautomation.php , finally resulti...

CVE-2024-31460

Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, some of the data stored in automationtreerules.php is not thoroughly checked and is used to concatenate the SQL statement in createallheadernodes function from lib/apiautomation.php , finally resulti...

CVE-2023-38724 IBM Cognos Controller SQL injection

IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 262183...

Advantech WebAccess/SCADA

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.1 ATTENTION : Exploitable remotely/low attack complexity/public exploits are available Vendor : Advantech Equipment : WebAccess/SCADA Vulnerability : SQL Injection 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an...

CVE-2022-43842

IBM Aspera Console 3.4.0 through 3.4.2 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 239079...

CVE-2023-48384

ArmorX Global Technology Corporation ArmorX Spam has insufficient validation for user input within a special function. An unauthenticated remote attacker can exploit this vulnerability to inject arbitrary SQL commands to access, modify and delete database...

Sql injection

ArmorX Global Technology Corporation ArmorX Spam has insufficient validation for user input within a special function. An unauthenticated remote attacker can exploit this vulnerability to inject arbitrary SQL commands to access, modify and delete database...