CVE-2023-35036

In Progress MOVEit Transfer before 2021.0.7 13.0.7, 2021.1.5 13.1.5, 2022.0.5 14.0.5, 2022.1.6 14.1.6, and 2023.0.2 15.0.2, SQL injection vulnerabilities have been found in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain unauthorized access to MOVEit...

Sql injection

The Intuitive Custom Post Order plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 3.1.3, due to insufficient escaping on the user supplied 'objects' and 'tags' parameters and lack of sufficient preparation in the 'updateoptions' function as well as the 'refresh...

CVE-2023-2454

CVE-2023-2454 concerns PostgreSQL; a flaw in schema_element defeats protective search_path changes could allow an authenticated user with database-level privileges to run arbitrary code. This has been observed in multiple advisories (including Astra Linux and Amazon Linux 2 notes) and is linked t...

Sql injection

The uListing plugin for WordPress is vulnerable to generic SQL Injection via the ‘listingid’ parameter in versions up to, and including, 1.6.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

Code injection

hoppscotch is an open source API development ecosystem. In versions prior to 2023.4.5 the database password is exposed in the logs when showing the database connection string. Attackers with access to read system logs will be able to elevate privilege with full access to the database. Users are...

CVE-2023-34097 Database password exposed in logs in hoppscotch

hoppscotch is an open source API development ecosystem. In versions prior to 2023.4.5 the database password is exposed in the logs when showing the database connection string. Attackers with access to read system logs will be able to elevate privilege with full access to the database. Users are...

CVE-2023-34097

CVE-2023-34097 affects Hoppscotch prior to version 2023.4.5, where the database password is exposed in logs when displaying the database connection string. This log exposure can enable attackers with access to read system logs to escalate privileges and gain full database access. The public-facin...

CVE-2023-34362

In Progress MOVEit Transfer before 2021.0.6 13.0.6, 2021.1.4 13.1.4, 2022.0.4 14.0.4, 2022.1.5 14.1.5, and 2023.0.1 15.0.1, a SQL injection vulnerability has been found in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain access to MOVEit Transfer's database...

CVE-2023-2201

The Web Directory Free for WordPress is vulnerable to SQL Injection via the ‘postid’ parameter in versions up to, and including, 1.6.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated...

CVE-2023-34362

MOVEit Transfer CVE-2023-34362 is a SQL injection vulnerability in the MOVEit Transfer web app that allows an unauthenticated attacker to access MOVEit databases. Affected versions include 2021.0.6 (13.0.6), 2021.1.4 (13.1.4), 2022.0.4 (14.0.4), 2022.1.5 (14.1.5), and 2023.0.1 (15.0.1), with all ...

Contec CONPROSYS HMI System 安全漏洞

Contec CONPROSYS HMI System is an HTML5 technology-based HMI Human Machine Interface/SCADA Supervisory Control and Data Acquisition software product from Contec Japan. A security vulnerability exists in Contec CONPROSYS HMI System versions prior to 3.5.3, which stems from database account details...

PT-2023-21175 · Unknown · Cityboss E-Municipality

Name of the Vulnerable Software and Affected Versions: Cityboss E-municipality versions prior to 6.05 Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL Injection attacks...

Student Study Center Desk Management System SQL Injection Vulnerability

Student Study Center Desk Management System is a student study center desk management system. A SQL injection vulnerability exists in Student Study Center Desk Management System v1.0, which originates from the lack of validation of externally entered SQL statements in adminreportsindex.phpdatefro...

SQL Injection Vulnerability in Online Exam System Version v1.0

Online Exam System is an online exam system. Online Exam System v1.0 suffers from a SQL injection vulnerability that originates from the lack of validation of external input SQL statements in the parameters columns, data of /jurusanmatkul/data. An attacker can exploit this vulnerability to execut...

CVE-2023-2454

A flaw was found in PostgreSQL. Certain database calls could permit an attacker with elevated database-level privileges to execute arbitrary code. Mitigation Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria...

CVE-2023-29927

Versions of Sage 300 through 2022 implement role-based access controls that are only enforced client-side. Low-privileged Sage users, particularly those on a workstation setup in the "Windows Peer-to-Peer Network" or "Client Server Network" Sage 300 configurations, could recover the SQL connectio...

CVE-2023-1934

CVE-2023-1934 concerns SDG Technologies SDG PnPSCADA. The vulnerability is an unauthenticated, error-based PostgreSQL injection affecting the hitlogcsv.jsp endpoint, allowing remote attackers to read/modify data in the underlying database. Reported impact includes access to ICS/OT data and other ...

Sql injection

An issue was discovered in Veritas InfoScale Operations Manager VIOM before 7.4.2.800 and 8.x before 8.0.410. The InfoScale VIOM web application is vulnerable to SQL Injection in some of the areas of the application. This allows attackers who must have admin credentials to submit arbitrary SQL...

CVE-2023-30839 PrestaShop vulnerable to SQL filter bypass leading to arbitrary write requests using "SQL Manager"

PrestaShop is an Open Source e-commerce web application. Versions prior to 8.0.4 and 1.7.8.9 contain a SQL filtering vulnerability. A BO user can write, update, and delete in the database, even without having specific rights. PrestaShop 8.0.4 and 1.7.8.9 contain a patch for this issue. There are ...

CVE-2021-23186

CVE-2021-23186 affects Odoo: sandboxing/ACL flaw in Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier. Authenticated administrators can read/modify database contents of other tenants in a multi-tenant setup. Consequences align with elevated access to tenant data. Public technic...