1985 matches found
CVE-2022-26986
ImpressCMS
WordPress Wow Countdowns plugin SQL注入漏洞
WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. WordPress plugin is a WordPress open source application plugin. WordPress Wow Countdowns plugin version 3.1.2 later has a SQL injection vulnerability, which stems from the plugin using the user The...
Bitbucket displays sensitive DB details in error message in browser
h3. Issue Summary On application startup, if the database is down the Bitbucket application displays the sensitive database hostname & port details in the error message in browser. Error Message: noformat The database, as currently configured, is not accessible. Connection to : refused. Check tha...
CVE-2021-45491
CVE-2021-45491 affects 3CX System up to 2022-03-17, where passwords are stored in cleartext in the database and are exportable via the management interface. The vulnerability stems from storing credentials in an unencrypted form, enabling potential disclosure of user passwords. The public documen...
CMSWing SQL Injection Vulnerability (CNVD-2022-84039)
CMSWing is an e-commerce platform and CMS builder based on ThinkJS and MySQL.A SQL injection vulnerability exists in CMSWing version 1.3.7, which stems from the lack of filtering escapes for SQL data in the behavior rules of the parameters. An attacker could use this vulnerability to execute...
Delta Electronics DIAEnergie SQL Injection Vulnerability (CNVD-2022-27438)
Delta Electronics DIAEnergie is an industrial energy management system used to monitor and analyze energy consumption in real time, calculate energy consumption and load characteristics, optimize equipment performance, improve production processes, and maximize energy efficiency.Delta Electronics...
Delta Electronics DIAEnergie SQL Injection Vulnerability (CNVD-2022-27437)
Delta Electronics DIAEnergie is an industrial energy management system used to monitor and analyze energy consumption in real time, calculate energy consumption and load characteristics, optimize equipment performance, improve production processes, and maximize energy efficiency.A SQL injection...
Delta Electronics DIAEnergie SQL Injection Vulnerability (CNVD-2022-27558)
Delta Electronics DIAEnergie is an industrial energy management system used to monitor and analyze energy consumption in real time, calculate energy consumption and load characteristics, optimize equipment performance, improve production processes, and maximize energy efficiency.Delta Electronics...
Delta Electronics DIAEnergie SQL Injection Vulnerability (CNVD-2022-27440)
Delta Electronics DIAEnergie is an industrial energy management system used to monitor and analyze energy consumption in real time, calculate energy consumption and load characteristics, optimize equipment performance, improve production processes, and maximize energy efficiency.A SQL injection...
Delta Electronics DIAEnergie SQL Injection Vulnerability (CNVD-2022-27436)
Delta Electronics DIAEnergie is an industrial energy management system used to monitor and analyze energy consumption in real time, calculate energy consumption and load characteristics, optimize equipment performance, improve production processes, and maximize energy efficiency.Delta Electronics...
Design/Logic Flaw
A flaw was found in Quarkus. The state and potentially associated permissions can leak from one web request to another in RestEasy Reactive. This flaw allows a low-privileged user to perform operations on the database with a different set of privileges than intended...
CVE-2022-0842
CVE-2022-0842 affects McAfee Enterprise ePolicy Orchestrator (ePO) prior to 5.10 Update 13. The vulnerability is a blind SQL injection in ePO, which could let a remote authenticated attacker obtain information from the ePO database. The amount of data potentially exposed depends on the attacker’s...
WordPress FV Flowplayer Video Player plugin SQL injection vulnerability
WordPress is a set of blogging platforms developed by the Wordpress Foundation using the PHP language. WordPress plugin is an application plugin for WordPress. WordPress FV Flowplayer Video Player plugin version 7.5.15.727 and earlier versions are vulnerable to SQL injection. The vulnerability...
SQL Injection
sylius/grid-bundle is vulnerable to SQL Injection attacks. The library directly passes the values added at the end of query sorting to the database, allowing a malicious user to inject and execute arbitrary SQL queries on the system...
WordPress CommonsBooking plugin SQL injection vulnerability
WordPress is a set of blogging platforms developed by the Wordpress Foundation using the PHP language. WordPress plugin is a WordPress application plugin. SQL injection vulnerability exists in versions of the WordPress CommonsBooking plugin prior to 2.6.8, which stems from the CommonsBooking plug...
WordPress WP Email Users plugin SQL注入漏洞
WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. WordPress plugin is a WordPress open source application plugin. WordPress WP Email Users plugin version 1.7.6 and previous versions have a SQL injection vulnerability, which originates from WP Email...
College Website Management System 1.0 SQL Injection
Exploit Title: College Website Management System 1.0 - SQL Injection Date: 12/03/2022 Exploit Author: Mr Empy Software Link: https://www.sourcecodester.com/php/15203/college-website-content-management-system-phpoop-free-source-code.html Version: 1.0 Tested on: Linux Title: ================ Colleg...
Luocms SQL Injection Vulnerability (CNVD-2022-20131)
Luocms is an article management system. A SQL injection vulnerability exists in Luocms v2.0, which stems from a lack of validation of external input SQL statements in /admin/news/sortmod.php. An attacker could use this vulnerability to execute illegal SQL commands to steal sensitive database data...
CVE-2022-24128
Timescale TimescaleDB 1.x and 2.x before 2.5.2 may allow privilege escalation during extension installation. The installation process uses commands such as CREATE x IF NOT EXIST that allow an unprivileged user to precreate objects. These objects will be used by the installer which executes as...
WordPress The WP Visitor Statistics Plugin SQL Injection Vulnerability
WordPress is a set of blogging platforms developed using the PHP language by the Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A SQL injection vulnerability exists in WordPress The WP Visitor Statistics Plugin versions prior to 5.6, whic...