CSCMS Music Portal System SQL Injection Vulnerability (CNVD-2022-45894)

CSCMS Music Portal System is a diversified content management system from China Sunshine Network Technology CSCMS, Inc. A SQL injection vulnerability exists in CSCMS Music Portal System, which originates from the missing validation of the id parameter in /admin.php/Label/jsdel for external input...

CVE-2022-30496

CVE-2022-30496 describes an SQL injection on the login page of MV Informática IDCE MV (version 1.0). The flaw arises in the user field, enabling an attacker to inject SQL payloads and connect to the underlying database to access enterprise‑level private and sensitive information. The provided con...

CVE-2022-28862

Affected product : Archibus Web Central. Vulnerability : SQL Injection in dwr/call/plaincall/workflow.runWorkflowRule.dwr prior to 26.2, allowing arbitrary SQL to modify query syntax and perform unauthorized operations against the remote database. Root cause : lack of validation of externally ent...

GHSA-6C88-GVXW-F5HG Liferay Portal and Liferay DXP Stores User Passwords in Cleartext

The Portal Workflow module in Liferay Portal 7.3.2 and earlier, and Liferay DXP 7.0 before fix pack 93, 7.1 before fix pack 19, and 7.2 before fix pack 7, user's clear text passwords are stored in the database if workflow is enabled for user creation, which allows attackers with access to the...

phpMyAdmin PHP code injection

An issue was discovered in phpMyAdmin. A specially crafted database name could be used to run arbitrary PHP commands through the array export feature. All 4.6.x versions prior to 4.6.4, 4.4.x versions prior to 4.4.15.8, and 4.0.x versions prior to 4.0.10.17 are affected...

CVE-2022-22413

Summary: CVE-2022-22413 affects IBM Robotic Process Automation versions 21.0.0, 21.0.1, and 21.0.2 and is described as a SQL injection vulnerability that could allow a remote attacker to view, add, modify, or delete data in the back-end database. The IBM Security Bulletin and related sources conf...

Delta Electronics DIAEnergie SQL Injection Vulnerability (CNVD-2022-36022)

Delta Electronics DIAEnergie is an industrial energy management system for monitoring and analyzing energy consumption in real time, calculating energy consumption and load characteristics, optimizing equipment performance, improving production processes and maximizing energy efficiency. Delta...

Exploit for SQL Injection in Redplanetcomputers Laundry_Management_System

Red-Planet-Laundry-Management-System-1.0-is-vulnerable-to-SQL...

Azure Database for PostgreSQL Flexible Server Privilege Escalation and Remote Code Execution

MSRC was informed by Wiz, a cloud security vendor, under Coordinated Vulnerability Disclosure CVD of an issue with the Azure Database for PostgreSQL Flexible Server that could result in unauthorized cross-account database access in a region. By exploiting an elevated permissions bug in the Flexib...

Car Driving School Management System SQL Injection Vulnerability (CNVD-2022-65321)

Car Driving School Management System is a driving school management system. SQL injection vulnerability exists in Car Driving School Managment System, which originates from /cdsms/classes/Master.php?f=delete The vulnerability is caused by the lack of filtering and escaping of SQL data in the id...

Purchase Order Management System SQL注入漏洞（CNVD-2022-44236）

Purchase Order Management System is a purchase order management system. Purchase Order Management System v1.0 is vulnerable to SQL injection, which can be exploited by attackers to execute illegal SQL commands to steal sensitive database data...

Attendance and Payroll System SQL注入漏洞（CNVD-2022-33137）

Attendance and Payroll System is a PHP/MySQLi source code attendance and payroll system from oretnom23 individual developers. v1.0 of Attendance and Payroll System is vulnerable to SQL injection, which originates from the component adminschedule employeeedit.php lacks validation of external input...

Sql injection

A vulnerability in the web-based management interface of Cisco Unified Communications Manager IM & Presence Service Unified CM IM&P could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. This vulnerability is due to improper validation of...

Attendance and Payroll System SQL注入漏洞

Attendance and Payroll System is a PHP/MySQLi source code attendance and payroll system from oretnom23 individual developers. v1.0 of Attendance and Payroll System is vulnerable to SQL injection, which originates from the component adminschedule employeeedit.php lacks validation of external input...

CSZ CMS SQL Injection Vulnerability (CNVD-2022-30777)

CSZ CMS is a PHP-based open source content management system CMS. CSZ CMS version 1.2.2 contains a SQL injection vulnerability, which originates from the lack of validation of external input SQL statements in cszcmsadminUsersviewUsers and can be exploited by attackers to execute illegal SQL...

Atom.CMS SQL Injection Vulnerability (CNVD-2022-30776)

CMS is a content management system from The Digital Craft individual developers in the U.S. A SQL injection vulnerability exists in Atom.CMS version 2.0, which stems from a lack of validation of external input SQL statements in Atom.CMSadminuploads.php, which could be exploited to execute illegal...

Vulnerability of the Server: Optimizer component of the MySQL database management system, which allows a hacker to cause a service failure.

The vulnerability of the Server: Optimizer component of the MySQL database management system is related to errors during resource release. Exploiting this vulnerability allows a malicious actor to cause service interruptions remotely...

KevinLAB Building Energy Management System SQL注入漏洞

KevinLAB Building Energy Management System is a building energy management system from KevinLAB Korea. SQL injection vulnerability exists in KevinLAB Building Energy Management System version 4ST BEMS 1.0.0, which originates from a missing validation of external input SQL statements in the inputi...

openSIS SQL Injection Vulnerability (CNVD-2022-85100)

Open Solutions For Education openSIS is an open source student information management system from Open Solutions For Education. openSIS version 8.0 has a SQL injection vulnerability that originates from the parameter studentid in /modules/eligibility/Student.php that can be used for SQL injection...

CVE-2022-23972

ASUS RT-AX56U’s SQL handling function has an SQL injection vulnerability due to insufficient user input validation. An unauthenticated LAN attacker to inject arbitrary SQL code to read, modify and delete database...