CVE-2022-45529

AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability via the postcategoryid parameter at \admin\includes\editpost.php. This vulnerability allows attackers to access database information...

CVE-2022-45535

AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability via the edit parameter at \admin\categories.php. This vulnerability allows attackers to access database information...

CVE-2022-45536

AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability via the id parameter at \admin\postcomments.php. This vulnerability allows attackers to access database information...

CVE-2022-45329

AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability via the Search parameter. This vulnerability allows attackers to access database information...

CVE-2022-45330

AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability via the Category parameter at \category.php. This vulnerability allows attackers to access database information...

CVE-2022-25205

A cross-site request forgery CSRF vulnerability in Jenkins dbCharts Plugin 0.5.2 and earlier allows attackers to connect to an attacker-specified database via JDBC using attacker-specified credentials and to determine if a class is available in the Jenkins instance...

CVE-2025-48735

A SQL Injection issue in the request body processing in BOS IPCs with firmware 21.45.8.2.2220219 before 21.45.8.2.3230220 allows remote attackers to obtain sensitive information from the database via crafted input in the request body...

SQL Injection Vulnerability in UFIDA U8+CRM at UFIDA Network Technology Co.

UFIDA U8+CRM is a management software designed specifically for the agency sales and service industry that integrates CRM, call center, and OA core applications and provides integrated applications for front-end marketing, back-end business processing, and employee management. A SQL injection...

PT-2025-22787 · Unknown · Majestic Support

Name of the Vulnerable Software and Affected Versions: Majestic Support versions n/a through 1.1.0 Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL Injection attacks against Majestic...

The vulnerability of the B&R APROL software solution for monitoring the status of industrial systems lies in its improper handling of insufficient permissions or privileges. This allows a intruder to gain unauthorized access to the database.

The vulnerability of the B&R APROL software solution for monitoring the status of industrial systems is related to improper handling of insufficient permissions or privileges. Exploiting this vulnerability can allow an intruder to gain unauthorized access to the database...

CVE-2022-41399

The optional Web Screens feature for Sage 300 through version 2022 uses a hard-coded 40-byte blowfish key "PASSKEY" to encrypt and decrypt the database connection string for the PORTAL database found in the "dbconfig.xml". This issue could allow attackers to obtain access to the SQL database...

CVE-2022-35198

Contract Management System v2.0 contains a weak default password which gives attackers to access database connection information...

CVE-2022-39275

Saleor is a headless, GraphQL commerce platform. In affected versions some GraphQL mutations were not properly checking the ID type input which allowed to access database objects that the authenticated user may not be allowed to access. This vulnerability can be used to expose the following...

CVE-2022-44645

In Apache Linkis =1.3.0 when used with the MySQL Connector/J, a deserialization vulnerability with possible remote code execution impact exists when an attacker has write access to a database and configures new datasource with a MySQL data source and malicious parameters. Therefore, the parameter...

CVE-2021-25037

The All in One SEO WordPress plugin before 4.1.5.3 is affected by an authenticated SQL injection issue, which was discovered during an internal audit by the Jetpack Scan team, and could grant attackers access to privileged information from the affected site’s database e.g., usernames and hashed...

CVE-2021-36177

An improper access control vulnerability CWE-284 in FortiAuthenticator HA service 6.3.2 and below, 6.2.x, 6.1.x, 6.0.x may allow an attacker on the same vlan as the HA management interface to make an unauthenticated direct connection to the FAC's database...

CVE-2021-24200

The wpDataTables – Tables & Table Charts premium WordPress plugin before 3.4.2 allows a low privilege authenticated user to perform Boolean-based blind SQL Injection in the table list page on the endpoint /wp-admin/admin-ajax.php?action=getwdtableid=1, on the 'length' HTTP POST parameter. This...

CVE-2021-26935

In WoWonder 3.1, remote attackers can gain access to the database by exploiting a requests.php?f=search-my-followers SQL Injection vulnerability via the eventid parameter...

CVE-2021-37599

The exporter/Login.aspx login form in the Exporter in Nuance Winscribe Dictation 4.1.0.99 is vulnerable to SQL injection that allows a remote, unauthenticated attacker to read the database and execute code in some situations via the txtPassword parameter...

CVE-2021-33894

In Progress MOVEit Transfer before 2019.0.6 11.0.6, 2019.1.x before 2019.1.5 11.1.5, 2019.2.x before 2019.2.2 11.2.2, 2020.x before 2020.0.5 12.0.5, 2020.1.x before 2020.1.4 12.1.4, and 2021.x before 2021.0.1 13.0.1, a SQL injection vulnerability exists in SILUtility.vb in MOVEit.DMZ.WebApp in th...