Beijing NetDynamic Network Technology Co., Ltd. NetDynamic unified communication platform suffers from sql injection vulnerability

NetDrive Unified Communications Platform is a comprehensive communications platform designed to enhance users' communication efficiency and convenience and provide a unified communications environment. A sql injection vulnerability exists in the NetDrive Unified Communications Platform of Beijing...

CVE-2025-3708

Le-show medical practice management system from Le-yan has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents...

CVE-2025-4204 Ultimate Auction Pro <= 1.5.2 - Unauthenticated SQL Injection via 'auction_id'

The Ultimate Auction Pro plugin for WordPress is vulnerable to SQL Injection via the ‘auctionid’ parameter in all versions up to, and including, 1.5.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible f...

CVE-2024-13322

CVE-2024-13322 describes an unauthenticated SQL injection in the WordPress Ads Pro Plugin (Multi-Purpose Advertising Manager) up to version 4.88. The root cause is insufficient escaping of the a_id parameter and lack of proper preparation in the existing SQL query, allowing attackers to append ad...

PT-2025-18746 · Sunnet · Ehdr Ctms

Name of the Vulnerable Software and Affected Versions: eHDR CTMS from Sunnet affected versions not specified Description: The issue allows remote attackers with regular privileges to inject arbitrary SQL commands to read database contents. This is a SQL Injection vulnerability. Recommendations: A...

PT-2025-18751 · WordPress · Advance Seat Reservation Management

Name of the Vulnerable Software and Affected Versions: Advance Seat Reservation Management for WooCommerce plugin for WordPress versions up to, and including, 3.3 Description: The issue allows for SQL Injection via the profileId parameter due to insufficient escaping on the user-supplied paramete...

ZTE GoldenDB SQL Injection Vulnerability

ZTE GoldenDB is a financial-grade transactional distributed database from China's ZTE Corporation ZTE. It is used in finance, government and enterprise, telecom and other industries to provide highly available data services. ZTE GoldenDB suffers from a SQL injection vulnerability that originates...

ZTE GoldenDB DDE Injection Vulnerability

ZTE GoldenDB is a financial-grade transactional distributed database from China's ZTE Corporation ZTE. It is used in finance, government and enterprise, telecom and other industries to provide highly available data services. ZTE GoldenDB suffers from a DDE injection vulnerability, which can be...

CVE-2025-46576

There is a Permission Management and Access Control vulnerability in the GoldenDB database product. Attackers can manipulate requests to bypass privilege restrictions and delete content...

CVE-2024-12706 SQL Injection vulnerability discovered in OpenText™ Digital Asset Management.

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in OpenText™ Digital Asset Management. T he vulnerability could allow an authenticated user to run arbitrary SQL commands on the underlying database. This issue affects Digital Asset Management.:...

CVE-2025-32969

XWiki is a generic wiki platform. In versions starting from 1.8 and prior to 15.10.16, 16.4.6, and 16.10.1, it is possible for a remote unauthenticated user to escape from the HQL execution context and perform a blind SQL injection to execute arbitrary SQL statements on the database backend,...

CVE-2025-32968

XWiki is a generic wiki platform. In versions starting from 1.6-milestone-1 to before 15.10.16, 16.4.6, and 16.10.1, it is possible for a user with SCRIPT right to escape from the HQL execution context and perform a blind SQL injection to execute arbitrary SQL statements on the database backend...

CVE-2025-32969

XWiki is a generic wiki platform. In versions starting from 1.8 and prior to 15.10.16, 16.4.6, and 16.10.1, it is possible for a remote unauthenticated user to escape from the HQL execution context and perform a blind SQL injection to execute arbitrary SQL statements on the database backend,...

CVE-2025-32969 org.xwiki.platform:xwiki-platform-rest-server allows SQL injection in query endpoint of REST API

XWiki is a generic wiki platform. In versions starting from 1.8 and prior to 15.10.16, 16.4.6, and 16.10.1, it is possible for a remote unauthenticated user to escape from the HQL execution context and perform a blind SQL injection to execute arbitrary SQL statements on the database backend,...

CVE-2025-32968 org.xwiki.platform:xwiki-platform-oldcore allows SQL injection in short form select requests through the script query API

XWiki is a generic wiki platform. In versions starting from 1.6-milestone-1 to before 15.10.16, 16.4.6, and 16.10.1, it is possible for a user with SCRIPT right to escape from the HQL execution context and perform a blind SQL injection to execute arbitrary SQL statements on the database backend...

PT-2025-17644 · Xwiki · Xwiki

Name of the Vulnerable Software and Affected Versions: XWiki versions 1.8 through 15.10.15 XWiki versions 16.4.0 through 16.4.5 XWiki versions 16.10.0 through 16.10.0 Description: XWiki is a generic wiki platform. In the affected versions, it is possible for a remote unauthenticated user to escap...

The vulnerability of the software for managing and monitoring remote devices in telemetry and telemechanics systems, related to the lack of measures taken to protect the SQL query structure, allows a perpetrator to execute arbitrary SQL queries.

The vulnerability of software for managing and monitoring remote devices in telemetry and telemechanics systems is related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL queries remotely...

CVE-2025-43949

MuM aka Mensch und Maschine MapEdit aka mapedit-web 24.2.3 is vulnerable to SQL Injection that allows an attacker to execute malicious SQL statements that control a web application's database server...

Siemens TeleControl Server Basic SQL Injection Vulnerability

TeleControl Server Basic is a server software for remote monitoring and control, widely used in industrial automation. Siemens TeleControl Server Basic suffers from a SQL injection vulnerability that stems from the internal use of the LockProjectCrossCommunications method that fails to properly...

CVE-2025-43949

MuM aka Mensch und Maschine MapEdit aka mapedit-web 24.2.3 is vulnerable to SQL Injection that allows an attacker to execute malicious SQL statements that control a web application's database server...