1985 matches found
New Malware PG_MEM Targets PostgreSQL Databases for Crypto Mining
Cybersecurity researchers have unpacked a new malware strain dubbed PGMEM that's designed to mine cryptocurrency after brute-forcing their way into PostgreSQL database instances. "Brute-force attacks on Postgres involve repeatedly attempting to guess the database credentials until access is gaine...
UBUNTU-CVE-2024-7348
Time-of-check Time-of-use TOCTOU race condition in pgdump in PostgreSQL allows an object creator to execute arbitrary SQL functions as the user running pgdump, which is often a superuser. The attack involves replacing another relation type with a view or foreign table. The attack requires waiting...
CVE-2024-7548
The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to time-based SQL Injection via the 'order' parameter in all versions up to, and including, 4.2.6.9.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query...
CVE-2023-5000
CVE-2023-5000 pertains to the WordPress plugin Horizontal scrolling announcements where an SQL Injection exists via the shortcode hsas-shortcode in versions up to 2.4. The issue arises from insufficient escaping of user input and inadequate preparation of the SQL query, enabling authenticated att...
GHSA-9F24-JRV4-F8G5 Meshery SQL Injection vulnerability
Meshery is an open source, cloud native manager that enables the design and management of Kubernetes-based infrastructure and applications. A SQL injection vulnerability in Meshery prior to version 0.7.22 may lead to arbitrary file write by using a SQL injection stacked queries payload, and the...
CVE-2024-7202
The query functionality of WinMatrix3 Web package from Simopro Technology lacks proper validation of user input, allowing unauthenticated remote attackers to inject SQL commands to read, modify, and delete database contents...
CVE-2024-7202 Simopro Technology WinMatrix3 Web package - SQL Injection
The query functionality of WinMatrix3 Web package from Simopro Technology lacks proper validation of user input, allowing unauthenticated remote attackers to inject SQL commands to read, modify, and delete database contents...
CVE-2024-40689
IBM InfoSphere Information Server 11.7 is vulnerable to SQL injection. A remote attacker can send crafted SQL statements to view, add, modify, or delete data in the back-end database. Affected product: InfoSphere Information Server (11.7). Root cause: SQL injection vulnerability; exploitation det...
UFIDA U8 Cloud suffers from SQL injection vulnerability (CNVD-2024-36940)
U8 Cloud is a digital platform for enterprises to go to the cloud, integrating transactions, services and management into a total ERP solution. A SQL injection vulnerability exists in UFIDA U8 Cloud, which can be exploited by attackers to gain access to sensitive database information...
UFIDA U8CRM suffers from SQL Injection Vulnerability (CNVD-2024-36541)
U8CRM is a professional enterprise-level CRM software. A SQL injection vulnerability exists in UFIDA U8CRM, which can be exploited by attackers to obtain sensitive information from the database...
Simple Inventory Management System SQL Injection Vulnerability
Simple Inventory Management System is a simple inventory management system. A SQL injection vulnerability exists in Simple Inventory Management System version 1.0 due to a lack of validation of the parameter orderid against externally entered SQL statements. An attacker can exploit this...
Document Management System SQL Injection Vulnerability
Document Management System is a document management system. A SQL injection vulnerability exists in Document Management System version 1.0 due to a lack of validation of externally entered SQL statements in parameter anothercont. An attacker can exploit this vulnerability to execute illegal SQL...
CVE-2024-21184
Vulnerability in the Oracle Database RDBMS Security component of Oracle Database Server. Supported versions that are affected are 19.3-19.23. Easily exploitable vulnerability allows high privileged attacker having Execute on SYS.XSDIAG privilege with network access via Oracle Net to compromise...
CVE-2024-6743
AguardNet's Space Management System does not properly validate user input, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents...
SQL Injection in the KubeClarity REST API
Summary A time/boolean SQL Injection is present in the following resource /api/applicationResources via the following parameter packageID Details As it can be seen here, while building the SQL Query the fmt.Sprintf function is used to build the query string without the input having first been...
CVE-2024-6666
WP ERP for WordPress is vulnerable to SQL Injection via vendor_id in versions up to 1.13.0. The flaw stems from insufficient escaping and query preparation, enabling authenticated attackers with Accounting Manager+ permissions (erp_ac_view_sales_summary) to inject additional SQL into existing que...
Unsecured Database Exposed 39 Million Sensitive Legal Records Online
Millions of Legal Documents Exposed Online! Sensitive data leak raises security concerns for the legal industry. Learn how…...
CVE-2024-3604
CVE-2024-3604 affects the OSM – OpenStreetMap WordPress plugin. The Red Hat advisory confirms an authenticated SQL Injection via the 'tagged_filter' parameter of the 'osm_map_v3' shortcode, affecting all versions up to 6.0.2. The vulnerability arises from insufficient escaping of user input and l...
Microsoft SQL Server Security Vulnerability
Microsoft SQL Server is a large commercial database system from Microsoft Corporation USA that is used under Microsoft Windows. A security vulnerability exists in Microsoft SQL Server. An attacker exploiting this vulnerability could remotely execute code. The following products and editions are...
SQL Injection
magento/community-edition is vulnerable to SQL Injection. The vulnerability is due to improper user input sanitization in email templates, allowing an authenticated user with access to these templates to send malicious SQL queries and gain access to sensitive database information...