CVE-2025-22957

A SQL injection vulnerability exists in the front-end of the website in ZZCMS = 2023, which can be exploited without any authentication. This vulnerability could potentially allow attackers to gain unauthorized access to the database and extract sensitive information...

ZZCMS 安全漏洞

ZZCMS is a content management system CMS from the ZZCMS team in China. A security vulnerability exists in ZZCMS version 2023 and earlier versions. The vulnerability stems from the front-end website not being effectively protected against SQL injection, which allows attackers to gain unauthorized...

CVE-2025-24500

The CVE-2025-24500 entry concerns Broadcom Symantec Privileged Access Management (PAM). Multiple connected sources confirm an unauthenticated attacker can access information in the PAM database. No concrete affected versions or root-cause details are provided in the documents; some sources (PT-20...

CVE-2024-12269 Safe Ai Malware Protection for WP <= 1.0.17 - Missing Authorization to Unauthenticated Database Export

The Safe Ai Malware Protection for WP plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the exportdb function in all versions up to, and including, 1.0.17. This makes it possible for unauthenticated attackers to retrieve a complete dump of the...

Broadcom Symantec Privileged Access Management 安全漏洞

Broadcom Symantec Privileged Access Management Broadcom Symantec PAM is a security software from Broadcom, Inc. It helps prevent security breaches by protecting sensitive administrative credentials, controlling privileged user access, proactively enforcing security policies, and monitoring and...

PT-2025-5372 · Pam · Pam

Name of the Vulnerable Software and Affected Versions: PAM affected versions not specified Description: The issue allows an unauthenticated attacker to access information in the PAM database. Recommendations: At the moment, there is no information about a newer version that contains a fix for thi...

The vulnerability of the software for managing traffic in hybrid and multi-cloud environments, such as VMware Avi Load Balancer, stems from insufficient measures taken to protect the SQL query structure. This allows attackers to gain access to the internal database.

The vulnerability of the software for managing traffic in hybrid and multi-cloud environments of VMware Avi Load Balancer is related to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability can allow a malicious actor to gain access to the internal database...

Broadcom Warns of High-Severity SQL Injection Flaw in VMware Avi Load Balancer

Broadcom has alerted of a high-severity security flaw in VMware Avi Load Balancer that could be weaponized by malicious actors to gain entrenched database access. The vulnerability, tracked as CVE-2025-22217 CVSS score: 8.6, has been described as an unauthenticated blind SQL injection. "A malicio...

CVE-2025-22217

Avi Load Balancer contains an unauthenticated blind SQL Injection vulnerability which was privately reported to VMware. Patches are available to remediate this vulnerability in affected VMware products. A malicious user with network access may be able to use specially crafted SQL queries to gain...

CVE-2025-22217

Avi Load Balancer contains an unauthenticated blind SQL Injection vulnerability which was privately reported to VMware. Patches are available to remediate this vulnerability in affected VMware products. A malicious user with network access may be able to use specially crafted SQL queries to gain...

CVE-2025-22217

CVE-2025-22217 affects VMware Avi Load Balancer and is an unauthenticated blind SQL injection. A remote attacker with network access can craft queries to potentially gain database access. Public sources identify affected product families and versions, with patches available to remediate in VMware...

CVE-2025-22217

Avi Load Balancer contains an unauthenticated blind SQL Injection vulnerability which was privately reported to VMware. Patches are available to remediate this vulnerability in affected VMware products. A malicious user with network access may be able to use specially crafted SQL queries to gain...

CVE-2023-50316

IBM Sterling B2B Integrator (Standard Edition) versions 6.0.0.0–6.1.2.5 and 6.2.0.0–6.2.0.1 are vulnerable to SQL injection due to improper validation of externally entered SQL statements. A remote attacker could craft statements to view, add, modify, or delete data in the back-end database. Reme...

CVE-2023-50316 IBM Sterling B2B Integrator information disclosure

IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.1 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database...

PT-2025-1305 · Avi · Avi Load Balancer

Name of the Vulnerable Software and Affected Versions: Avi Load Balancer versions 30.1.1 through 30.2.2 Description: The Avi Load Balancer contains an unauthenticated blind SQL Injection vulnerability. A malicious user with network access may be able to use specially crafted SQL queries to gain...

VMware Avi Load Balancer 安全漏洞

VMware Avi Load Balancer is a load balancing platform from VMware. A security vulnerability exists in VMware Avi Load Balancer. An attacker could exploit the vulnerability to gain database access using specially crafted SQL queries...

MTN Group: SQLi | in URL paths

The vulnerability summary is as follows: A SQL injection vulnerability was discovered in the customerId parameter of the URL path. The vulnerability was demonstrated by adding a quote in the customerId parameter, which resulted in an error indicating that the application was vulnerable to SQL...

CVE-2024-35148

Summary of CVE-2024-35148 : IBM Maximo Application Suite – Monitor Component is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements to view, add, modify, or delete data in the back-end database. Affected Monitor Component versions include 8.10.10, 8.11.7, an...

IBM Maximo Application Suite SQL注入漏洞

IBM Maximo Application Suite is a single platform for intelligent asset management, monitoring, maintenance, computer vision, security and reliability from International Business Machines IBM. An SQL injection vulnerability exists in IBM Maximo Application Suite. The vulnerability stems from the...

CVE-2023-37777

A SQL injection vulnerability exists in Synnefo Internet Management Software IMS version 2023 and earlier. This vulnerability occurs due to improper input validation in a specific API endpoint parameter allowing an attacker to manipulate SQL queries via crafted input. Successful exploitation coul...