Canteen Management System SQL Injection Vulnerability (CNVD-2023-08051)

Canteen Management System is a canteen management system. version 1.0 of Canteen Management System is vulnerable to SQL injection, which stems from the lack of validation of external input SQL statements by parameter id. An attacker could use this vulnerability to execute illegal SQL commands to...

CVE-2023-22324

SQL injection vulnerability in the CONPROSYS HMI System CHS Ver.3.5.0 and earlier allows a remote authenticated attacker to execute an arbitrary SQL command. As a result, information stored in the database may be obtained...

Sql injection

SQL injection vulnerability in the CONPROSYS HMI System CHS Ver.3.5.0 and earlier allows a remote authenticated attacker to execute an arbitrary SQL command. As a result, information stored in the database may be obtained...

CVE-2023-22332

CVE-2023-22332 is an information-disclosure vulnerability in Pgpool-II affecting multiple series (4.4.0–4.4.1, 4.3.0–4.3.4, 4.2.0–4.2.11, 4.1.0–4.1.14, 4.0.0–4.0.21, and all versions of 3.x). The weakness allows a database user to obtain another user’s authentication information, potentially enab...

CVE-2023-22324

CVE-2023-22324 affects CONPROSYS HMI System (CHS) versions 3.5.0 and earlier. The vulnerability is an SQL injection in CHS that allows a remote authenticated attacker to execute arbitrary SQL commands, potentially exposing information stored in the database. The available connected sources descri...

CVE-2023-22324

SQL injection vulnerability in the CONPROSYS HMI System CHS Ver.3.5.0 and earlier allows a remote authenticated attacker to execute an arbitrary SQL command. As a result, information stored in the database may be obtained...

pgAdmin 4 vulnerable to directory traversal

Overview PostgreSQL management tool pgAdmin 4 contains a directory traversal vulnerability CWE-22. Yuji Tounai of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact A user ...

CVE-2022-45444

Sewio RTLS Studio

Code injection

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.29 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...

Online Food Ordering System SQL Injection Vulnerability (CNVD-2023-06521)

Online Food Ordering System is an online food ordering system. Online Food Ordering System suffers from a SQL injection vulnerability, which originates from the lack of validation of an externally entered SQL statement in the Username parameter of the component's login page, action = login, which...

CVE-2022-42284

NVIDIA BMC stores user passwords in an obfuscated form in a database accessible by the host. This may lead to a credentials exposure...

CVE-2022-46163

CVE-2022-46163 affects the Travel Support Program (openSUSE) – a Rails app that uses the Ransack search library. The default Ransack configuration can be abused via *_start, *_end, or *_cont matchers to perform character‑by‑character brute‑force and exfiltrate sensitive data (e.g., bank account n...

IBM Sterling B2B Integrator SQL Injection Vulnerability (CNVD-2023-05240)

IBM Sterling B2B Integrator is a suite of software from International Business Machines IBM that integrates critical B2B processes, transactions and relationships. The software supports secure integration of complex B2B processes with diverse partner communities. IBM Sterling B2B Integrator...

SQL Injection Vulnerability in Human Resource Information Management System of Beijing Hongjing Century Software Co. Ltd (CNVD-2023-08743)

Beijing Hongjing Century Software Co., Ltd. is a professional e-HR vendor in China. A SQL injection vulnerability exists in the human resources information management system of Beijing Hongjing Century Software Company Limited, which can be exploited by attackers to obtain sensitive information...

Information Disclosure Through EXPLAIN Feature

A malicious PgHero user can use the EXPLAIN functionality to extract data from the database. With certain inputs, a user can get the results of a query to appear in an error message. If the PgHero database user has superuser privileges not recommended, the user can use file access functions to re...

CVE-2022-39041

CVE-2022-39041 affects aEnrich a+HRD. The vulnerability is SQL injection caused by insufficient input validation on a specific API parameter, exploitable by an unauthenticated remote attacker to access, modify, and delete data in the database. The CVSS 3.1 base metrics show high impact with Confi...

Oracle Unified Audit Policy Bypass

Title: CVE-2021-35576 – Oracle database system Unified Audit Policy ByPass Product: Database Manufacturer: Oracle Affected Versions: 12.1.0.2, 12.2.0.1, 19c Tested Versions: 19c Risk Level: low Solution Status: Fixed Manufacturer Notification: 2021-03-17 Solution Date: 2021-10-17 Public Disclosur...

Sql injection

A SQL injection issue in a database stored function in TrueConf Server 5.2.0.10225 allows a low-privileged database user to execute arbitrary SQL commands as the database administrator, resulting in execution of arbitrary code...

CVE-2022-46763

The CVE-2022-46763 issue affects TrueConf Server 5.2.0.10225, where a SQL injection in a database stored function allows a low-privileged database user to execute arbitrary SQL as the database administrator, potentially enabling arbitrary code execution. The root cause is a vulnerability in the d...

CVE-2022-4164 Contest Gallery < 19.1.5 - Author+ SQL Injection

The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the cgmultiplefilesforpost POST parameter before concatenating it to an SQL query in 0change-gallery.php. This may allow malicious users with at least author privilege to leak...