WordPress Plugin DynamicTags SQL Injection Vulnerability

WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection vulnerability exists in WordPress plugin DynamicTags version 1.4.0 and earlier versions,...

IBM DB2 SEoL (9.7.x)

According to its version, IBM DB2 is 9.7.x. It is, therefore, no longer maintained by its vendor or provider. Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it may contain security vulnerabilities. %NASLMINLEVEL 80900 C Tenable,...

CVE-2025-22141

WeGIA is a web manager for charitable institutions. A SQL Injection vulnerability was identified in the /dao/verificarrecursoscargo.php endpoint, specifically in the cargo parameter. This vulnerability allows attackers to execute arbitrary SQL commands, compromising the confidentiality, integrity...

CVE-2025-22141 WeGIA SQL Injection (Blind Time-Based) endpoint 'verificar_recursos_cargo.php' parameter 'cargo'

WeGIA is a web manager for charitable institutions. A SQL Injection vulnerability was identified in the /dao/verificarrecursoscargo.php endpoint, specifically in the cargo parameter. This vulnerability allows attackers to execute arbitrary SQL commands, compromising the confidentiality, integrity...

CVE-2025-22140 WeGIA SQL Injection (Blind Time-Based) endpoint 'dependente_listar_um.php' parameter 'id_dependente'

WeGIA is a web manager for charitable institutions. A SQL Injection vulnerability was identified in the /html/funcionario/dependentelistarum.php endpoint, specifically in the iddependente parameter. This vulnerability allows attackers to execute arbitrary SQL commands, compromising the...

CVE-2024-12157

The Popup – MailChimp, GetResponse and ActiveCampaign Intergrations plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter of the 'upcdeletedbrecord' AJAX action in all versions up to, and including, 3.2.6 due to insufficient escaping on the user supplied parameter and lack of...

CVE-2024-12157 Popup – MailChimp, GetResponse and ActiveCampaign Intergrations <= 3.2.6 - Unauthenticated SQL Injection

The Popup – MailChimp, GetResponse and ActiveCampaign Intergrations plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter of the 'upcdeletedbrecord' AJAX action in all versions up to, and including, 3.2.6 due to insufficient escaping on the user supplied parameter and lack of...

CVE-2024-11437 Timeline Designer <= 1.4 - Authenticated (Admin+) SQL Injection

The Timeline Designer plugin for WordPress is vulnerable to SQL Injection via the 's' parameter in all versions up to, and including, 1.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

CVE-2022-45186

An issue was discovered in SuiteCRM 7.12.7. Authenticated users can recover an arbitrary field of a database...

CVE-2024-46981 Redis' Lua library commands may lead to remote code execution

Redis is an open source, in-memory database that persists on disk. An authenticated user may use a specially crafted Lua script to manipulate the garbage collector and potentially lead to remote code execution. The problem is fixed in 7.4.2, 7.2.7, and 6.2.17. An additional workaround to mitigate...

GHSA-XWX7-P63R-2RJ8 Navidrome Stores JWT Secret in Plaintext in navidrome.db

Navidrome stores the JWT secret in plaintext in the navidrome.db database file under the property table. This practice introduces a security risk because anyone with access to the database file can retrieve the secret. The JWT secret is critical for the authentication and authorization system. If...

CVE-2024-56362 Navidrome Stores JWT Secret in Plaintext in navidrome.db

Navidrome is an open source web-based music collection server and streamer. Navidrome stores the JWT secret in plaintext in the navidrome.db database file under the property table. This practice introduces a security risk because anyone with access to the database file can retrieve the secret. Th...

CVE-2024-12558

CVE-2024-12558 affects the WordPress plugin WP BASE Booking of Appointments, Services and Events . The vulnerability is a missing capability check in the export_db function across all versions up to and including 4.9.2, enabling an authenticated attacker with Subscriber+ privileges to access sens...

CVE-2024-11714 WP Job Portal <= 2.2.2 - Authenticated (Admin+) SQL Injection via getFieldsForVisibleCombobox()

The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to SQL Injection via the 'ff' parameter of the getFieldsForVisibleCombobox function in all versions up to, and including, 2.2.2 due to insufficient escaping on the user supplied...

XWiki Platform has an SQL injection in getdocuments.vm with sort parameter

Impact In getdocument.vm ; the ordering of the returned documents is defined from an unsanitized request parameter request.sort and can allow any user to inject HQL. Depending on the used database backend, the attacker may be able to not only obtain confidential information such as password hashe...

PHPGurukul Online Nurse Hiring System 安全漏洞

PHPGurukul Online Nurse Hiring System is an online nurse hiring system from PHPGurukul. A security vulnerability exists in PHPGurukul Online Nurse Hiring System v1.0, which stems from an SQL injection vulnerability that allows remote attackers to execute arbitrary SQL commands via the username...

CVE-2024-11732

CVE-2024-11732 pertains to the WordPress plugin BP Profile Shortcodes Extra (versions up to 2.6.0). The issue is a time-based SQL Injection via the tab parameter caused by insufficient escaping and poor query preparation, enabling authenticated attackers with Contributor-level access or higher to...

CVE-2024-52360

IBM Concert Software versions 1.0.0–1.0.2.1 are vulnerable to SQL injection due to insufficient validation of externally supplied SQL statements, enabling a remote attacker to view, add, modify, or delete data in the back-end database. Affected versions: 1.0.0, 1.0.1, 1.0.2, 1.0.2.1. Remediation:...

SQL Injection Vulnerability in UFIDA U8CRM at UFIDA Network Technology Co.

UFIDA U8CRM is a professional business management software. A SQL injection vulnerability exists in UFIDA U8CRM, which can be exploited by attackers to obtain sensitive information from the database...

High-Severity Flaw in PostgreSQL Allows Hackers to Exploit Environment Variables

Cybersecurity researchers have disclosed a high-severity security flaw in the PostgreSQL open-source database system that could allow unprivileged users to alter environment variables, and potentially lead to code execution or information disclosure. The vulnerability, tracked as CVE-2024-10979 ,...