CVE-2021-35946

A receiver of a federated share with access to the database with ownCloud version before 10.8 could update the permissions and therefore elevate their own permissions...

CVE-2021-35946

CVE-2021-35946 describes a privilege-escalation flaw in ownCloud Server prior to 10.8: a recipient of a federated share with database access could update permissions and elevate their own privileges. Public details in the provided sources confirm the affected product/version (ownCloud Server befo...

How to Exploit SQL Server Using Registry Keys

At the Imperva Research Labs we have the chance to scrutinize various security situations. In this blog, we will take a closer look at database security on SQL Server. One routine approach that security practitioners employ to protect databases is deploying honeypots and waiting for bad actors to...

How to Exploit SQL Server Using OLE Automation

As part of the Imperva Research Labs we have the opportunity to examine various security scenarios. In this post, we will consider database security on SQL Server. One standard method that security practitioners use to protect databases is deploying honeypots and waiting for hackers to take the...

CVE-2020-20340

A SQL injection vulnerability in the 4.edu.php\conn\function.php component of S-CMS v1.0 allows attackers to access sensitive database information...

SQL Injection Vulnerability in Smart Meter Integrated Management System of Xintian Technology Corporation (CNVD-2021-70001)

Xintian Technology Co., Ltd. is a professional manufacturer and supplier of water meters, energy meters and gas meters. A SQL injection vulnerability exists in the Smart Meter Integrated Management System of Xintian Technology Corporation, which can be exploited by attackers to obtain sensitive...

CVE-2020-18913

CVE-2020-18913 affects EARCLINK ESPCMS-P8 with a SQL injection vulnerability in the espcms_web/Search.php component via the attr_array parameter. The issue allows attackers to access sensitive database information. Public details cite both CVSS v2 (base score 5.0, MEDIUM) and CVSS v3.1 (base scor...

SQL Injection in slackero/phpwcms

✍️ Description Data enters a program from an untrusted source 🕵️‍♂️ Proof of Concept if$result = mysqliquery$db, 'SELECT FROM '. $phpwcms"dbprepend" ? $phpwcms"dbprepend".'' : ''.'phpwcmsuser' 💥 Impact A successful attack may result in the unauthorized viewing of user lists, the deletion of entire...

CVE-2017-16632

In SapphireIMS 40971, the password in the database is stored in Base64 format...

CVE-2020-28087

A SQL injection vulnerability in /jeecg boot/sys/dict/loadtreedata of jeecg-boot CMS 2.3 allows attackers to access sensitive database information...

CVE-2021-37614

In Progress MOVEit Transfer, a SQL injection vulnerability exists in the MOVEit Transfer web application for certain versions prior to 2021.0.3 (13.0.3). An authenticated remote attacker could potentially access the backend database, with the impact depending on the database engine (MySQL, Micros...

PEEL Shopping SQL Injection Vulnerability (CNVD-2021-61762)

PEEL Shopping is a PHP/MySQL architecture of open source e-commerce system. 9.4.0.1 prior version of PEEL Shopping has a SQL injection vulnerability, which can be exploited by attackers to inject malicious SQL queries and obtain sensitive database information...

CVE-2021-37593

CVE-2021-37593 affects PEEL Shopping. Public/unauthenticated users can perform remote SQL injection, potentially reading and modifying database data. The vulnerability is reported against PEEL Shopping version 9.4.0 (and prior versions in some sources). Root cause: insecure handling of SQL querie...

CVE-2021-25201

CVE-2021-25201 corresponds to an SQL injection vulnerability in Learning Management System v1.0 where the id parameter is exploited to execute arbitrary SQL and potentially expose sensitive database information. Multiple connected sources corroborate the issue and its impact; no details on affect...

CVE-2021-2336

The CVE-2021-2336 entry discusses a vulnerability in Oracle Database Server, specifically the Enterprise Edition Data Redaction component, affecting 12.1.0.2, 12.2.0.1, and 19c. The issue allows a low-privileged attacker with Create Session privilege and network access via Oracle Net to compromis...

CVE-2021-32743

Icinga is a monitoring system which checks the availability of network resources, notifies users of outages, and generates performance data for reporting. In versions prior to 2.11.10 and from version 2.12.0 through version 2.12.4, some of the Icinga 2 features that require credentials for extern...

SQL Injection Vulnerability in Hubei Dapeng Network Technology Co.

Hubei Dapeng Network Technology Co., Ltd. is a network technology company mainly focusing on website construction, network promotion, 400 telephone, public number development, small program construction, WeChat marketing, software system, network engineering and so on. Hubei Roc Network Technolog...

SQL Injection Vulnerability in Zhejiang Dingcheng Network Co.

Zhejiang Dingcheng Network Co., Ltd. is a company with experience in Internet marketing services, the main products are responsive website construction, marketing website construction, website SEO optimization and other Internet marketing basic services. Zhejiang Dingcheng Network Co., Ltd. websi...

Crab poend blog program has SQL injection vulnerability

Crab poend blog program is a blogging system. Crab poend blog program suffers from a SQL injection vulnerability, which can be exploited by attackers to obtain sensitive information from the database...

Sql injection

IBM InfoSphere Information Server 11.7 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 201164...