148 matches found
CVE-2025-41371
A SQL injection vulnerability has been found in Gandia Integra Total of TESI from version 2.1.2217.3 to v4.4.2236.1. The vulnerability allows an authenticated attacker to retrieve, create, update and delete databases through the 'idestudio' parameter in...
CVE-2025-41372
A SQL injection vulnerability has been found in Gandia Integra Total of TESI from version 2.1.2217.3 to v4.4.2236.1. The vulnerability allows an authenticated attacker to retrieve, create, update and delete databases through the 'idestudio' parameter in...
CVE-2025-40682
SQL injection vulnerability in Human Resource Management System version 1.0, which allows an attacker to retrieve, create, update and delete databases via the “city” and “state” parameters in the /controller/ccity.php endpoint...
CVE-2025-40655
A SQL injection vulnerability has been found in DM Corporative CMS. This vulnerability allows an attacker to retrieve, create, update and delete databases through the name parameter in /antcatalogue.asp...
CVE-2025-40656
A SQL injection vulnerability has been found in DM Corporative CMS. This vulnerability allows an attacker to retrieve, create, update and delete databases through the cod parameter in /administer/node-selection/data.asp...
CVE-2025-40655
A SQL injection vulnerability has been found in DM Corporative CMS. This vulnerability allows an attacker to retrieve, create, update and delete databases through the name parameter in /antcatalogue.asp...
PT-2025-24188 · Unknown · Libro De Reclamaciones Y Quejas
Name of the Vulnerable Software and Affected Versions: Libro de Reclamaciones y Quejas versions 0.9 and earlier Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL Injection attacks...
CVE-2024-30157
A vulnerability in the Suite Applications Services component of Mitel MiCollab through 9.7.1.110 could allow an authenticated attacker with administrative privileges to conduct a SQL Injection attack due to insufficient validation of user input. A successful exploit could allow an attacker to...
CVE-2024-35286
A vulnerability in NuPoint Messenger NPM of Mitel MiCollab through 9.8.0.33 allows an unauthenticated attacker to conduct a SQL injection attack due to insufficient sanitization of user input. A successful exploit could allow an attacker to access sensitive information and execute arbitrary...
CVE-2024-30158
A vulnerability in the web conferencing component of Mitel MiCollab through 9.7.1.110 could allow an authenticated attacker with administrative privileges to conduct a SQL Injection attack due to insufficient validation of user input. A successful exploit could allow an attacker to execute...
CVE-2022-46901
An issue was discovered in Vocera Report Server and Voice Server 5.x through 5.8. There is an Access Control Violation for Database Operations. The Vocera Report Console contains a websocket interface that allows for the unauthenticated execution of various tasks and database functions. This...
PT-2025-21685 · Lambertgroup · Lambertgroup Apollo
Name of the Vulnerable Software and Affected Versions: LambertGroup Apollo versions through 3.6.3 Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL Injection attacks. To mitigate the...
[SECURITY] Fedora 40 Update: php-adodb-5.22.9-1.fc40
ADOdb is an object oriented library written in PHP that abstracts database operations for portability. It is modelled on Microsoft's ADO, but has many improvements that make it unique eg. pivot tables, Active Record support, generating HTML for paging recordsets with next and previous links, cach...
[SECURITY] Fedora 42 Update: php-adodb-5.22.9-1.fc42
ADOdb is an object oriented library written in PHP that abstracts database operations for portability. It is modelled on Microsoft's ADO, but has many improvements that make it unique eg. pivot tables, Active Record support, generating HTML for paging recordsets with next and previous links, cach...
Citrix Virtual Apps and Desktops: Issues with Monitor Service after upgrade to 2402 CU2
Environment has been upgraded to 2402 CU2 version. When admin invokes a cmdlet: Get-MonitorConfiguration, the error is displayed: A database operation failed and could not be recovered : Reason ? Not all Delivery Controllers are affected and cmdlet returns actual configuration on some of the...
PT-2025-17122 · Unknown · Kiotviet Sync
Name of the Vulnerable Software and Affected Versions: KiotViet Sync versions 1.8.3 and earlier Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL Injection attacks. Recommendations: Fo...
PT-2025-14982 · Unknown · Falling Things
Name of the Vulnerable Software and Affected Versions: Falling things versions n/a through 1.08 Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL Injection attacks. Recommendations: Fo...
PT-2025-5971 · Apache · Apache Kvrocks
Name of the Vulnerable Software and Affected Versions: Apache Kvrocks versions 1.0 through 2.11.0 Description: A Cross-Protocol Scripting vulnerability is found in Apache Kvrocks. Since Kvrocks did not detect if Host: or POST appears in RESP requests, a valid HTTP request can also be sent to...
Mitel MiCollab SQL Injection Vulnerability (CNVD-2024-42937)
Mitel MiCollab is a mobile application from Mitel Canada that provides voice, video, messaging, audio conferencing and team collaboration for employees. Mitel MiCollab suffers from an SQL injection vulnerability that can be exploited by attackers to access sensitive information and perform...
Mitel MiCollab SQL Injection Vulnerability (CNVD-2024-42934)
Mitel MiCollab is a mobile application from Mitel Canada that provides voice, video, messaging, audio conferencing and team collaboration for employees. A SQL injection vulnerability exists in Mitel MiCollab version 9.7.1.110 and earlier, which stems from insufficient validation of user input in...