CVE-2020-35567

An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. The software uses a secure password for database access, but this password is shared across instances...

CVE-2020-28087

A SQL injection vulnerability in /jeecg boot/sys/dict/loadtreedata of jeecg-boot CMS 2.3 allows attackers to access sensitive database information...

CVE-2020-20474

White Shark System WSS 1.3.2 has a SQL injection vulnerability. The vulnerability stems from the defaulttaskedituser.php files failing to filter the csatouser parameter. Remote attackers can exploit the vulnerability to obtain database sensitive information...

CVE-2020-16277

An SQL injection vulnerability in the Analytics component of SAINT Security Suite 8.0 through 9.8.20 allows a remote, authenticated attacker to gain unauthorized access to the database...

CVE-2018-1000871

HotelDruid HotelDruid 2.3.0 version 2.3.0 and earlier contains a SQL Injection vulnerability in "idutentemod" parameter in gestioneutenti.php file that can result in An attacker can dump all the database records of backend webserver. This attack appear to be exploitable via the attack can be done...

CVE-2010-0139

Cisco Unified MeetingPlace 7 before 7.02.3 hotfix 5F, 6 before 6.0.639.2, and possibly 5 does not properly validate SQL commands, which allows remote attackers to create, modify, or delete data in a database via unspecified vectors, aka Bug ID CSCtc39691...

CVE-2012-4069

Dir2web 3.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database via a direct request for system/db/website.db...

CVE-2017-11614

MEDHOST Connex contains hard-coded credentials that are used for customer database access. An attacker with knowledge of the hard-coded credentials and the ability to communicate directly with the database may be able to obtain or modify sensitive patient and financial information. Connex utilize...

CVE-2019-25218

The Photo Gallery Slideshow & Masonry Tiled Gallery plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter in all versions up to, and including, 1.0.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This...

CVE-2019-1010248

Synetics GmbH I-doit 1.12 and earlier is affected by: SQL Injection. The impact is: Unauthenticated mysql database access. The component is: Web login form. The attack vector is: An attacker can exploit the vulnerability by sending a malicious HTTP POST request. The fixed version is: 1.12.1...

CVE-2019-19015

An issue was discovered in TitanHQ WebTitan before 5.18. The proxy service which is typically exposed to all users allows connections to the internal PostgreSQL database of the appliance. By connecting to the database through the proxy without password authentication, an attacker is able to fully...

CVE-2011-1643

Cisco Unified Communications Manager aka CUCM, formerly CallManager 6.x, 7.x before 7.15bsu4, 8.0, and 8.5 before 8.51su2 and Cisco Unified Presence Server 6.x, 7.x, 8.0, and 8.5 before 8.5xnr allow remote attackers to read database data by connecting to a query interface through an SSL session,...

CVE-2019-12890

RedwoodHQ 2.5.5 does not require any authentication for database operations, which allows remote attackers to create admin users via a con.automationframework users insertone call...

CVE-2019-1010104

TechyTalk Quick Chat WordPress Plugin All up to the latest is affected by: SQL Injection. The impact is: Access to the database. The component is: likeescape is used in Quick-chat.php line 399. The attack vector is: Crafted ajax request...

CVE-2019-16264

In Escuela de Gestion Publica Plurinacional EGPP Sistema Integrado de Gestion Academica GESAC v1, the username parameter of the authentication form is vulnerable to SQL injection, allowing attackers to access the database...

CVE-2017-12774

finecms in 1.9.5\controllers\member\ContentController.php allows remote attackers to operate website database...

CVE-2019-0348

SAP BusinessObjects Business Intelligence Platform Web Intelligence, versions 4.1, 4.2, can access database with unencrypted connection, even if the quality of protection should be encrypted...

CVE-2017-7879

SQL Injection vulnerability in flatCore version 1.4.6 allows an attacker to read the content database...

CVE-2019-20495

cPanel before 82.0.18 allows attackers to read an arbitrary database via MySQL dump streaming SEC-531...

CVE-2012-3009

Siemens COMOS before 9.1 Patch 413, 9.2 before Update 03 Patch 023, and 10.0 before Patch 005 allows remote authenticated users to obtain database administrative access via unspecified method calls...