F5 BIG-IP SQL注入漏洞

F5 BIG-IP is an application delivery platform from F5 USA that integrates network traffic management, application security management, load balancing and other functions. An OData injection vulnerability exists in F5 BIG-IP Next Central Manager, which can be exploited to send crafted SQL statemen...

Delta Electronics DIAEnergie GetDIACloudList SQL Injection Vulnerability

Delta Electronics DIAEnergie is an industrial energy management system from Delta Electronics, Taiwan, China. Delta Electronics DIAEnergie GetDIACloudList suffers from a SQL injection vulnerability that can be exploited by an attacker to view, add, modify, or delete information in the back-end...

SQL Injection Vulnerability in Crypto M6 Integration Management Platform System of Xiamen Crypto Information Technology Company Limited (CNVD-2024-27112)

Ltd. is an innovative high-tech enterprise dedicated to the research and development of information integration management system. Xiamen Crypto Information Technology Co., Ltd. Crypto M6 Integration Management Platform system suffers from a SQL injection vulnerability, which can be exploited by ...

CVE-2021-20451

IBM Cognos Controller (versions 10.4.1, 10.4.2, and 11.0.0) is affected by a SQL injection vulnerability. The root cause is unspecified in the extract, but the issue allows a remote attacker to view, add, modify, or delete data in the back-end database. Remediation provided in the sources require...

PT-2024-3240 · Cyberpower · Cyberpower Powerpanel

Name of the Vulnerable Software and Affected Versions: CyberPower PowerPanel affected versions not specified Description: The issue is related to hard-coded credentials used by the CyberPower PowerPanel platform for authentication to the database, other services, and the cloud. This could allow a...

HubBank SQL注入漏洞

HubBank is an application from HubBank, Inc. HubBank version 1.0.2 suffers from a SQL injection vulnerability that originates from allowing an attacker to send specially crafted SQL queries to the database from different endpoints and retrieve information stored in the database...

PT-2024-30279 · Hubbank · Hubbank

Name of the Vulnerable Software and Affected Versions: HubBank version 1.0.2 Description: The issue is related to a SQL injection vulnerability that could allow an attacker to send a specially crafted SQL query to the database through different endpoints, such as "/admin/view users.php?id=1",...

CVE-2024-3342

The Timetable and Event Schedule by MotoPress plugin for WordPress is vulnerable to SQL Injection via the 'events' attribute of the 'mp-timetable' shortcode in all versions up to, and including, 2.4.11 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation ...

SQL Injection

librenms/librenms is vulnerable to SQL Injection. The vulnerability is due to inadequate validation of the order parameter sourced from the $request in the file apifunctions.inc.php where the parameter value is directly incorporated into an SQL statement and concatenated. This allows attackers to...

CVE-2024-31077

Forminator prior to 1.29.3 contains a SQL injection vulnerability. If this vulnerability is exploited, a remote authenticated attacker with an administrative privilege may obtain and alter any information in the database and cause a denial-of-service DoS condition...

WordPress plugin Forminator 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

DerbyNet print/render/award.inc Script SQL Injection Vulnerability

DerbyNet is a simple code for a match broadcasting program. A SQL injection vulnerability exists in the DerbyNet print/render/award.inc script, which can be exploited by an attacker to be able to view, add, modify, or delete information in the back-end database...

PT-2024-24434 · Unknown · Podlove Podcast Publisher

Name of the Vulnerable Software and Affected Versions: Podlove Podcast Publisher versions through 4.0.12 Description: The issue is related to an Improper Neutralization of Special Elements used in an SQL Command, also known as a SQL Injection vulnerability. This allows for potential exploitation ...

PT-2024-24427 · Unknown · Cbx Bookmark & Favorite

Name of the Vulnerable Software and Affected Versions: CBX Bookmark & Favorite versions 1.7.20 and earlier Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for potential exploitation by...

CVE-2024-30381

An Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Juniper Networks Paragon Active Assurance Control Center allows a network-adjacent attacker with root access to a Test Agent Appliance the ability to access sensitive information about downstream devices. The...

CVE-2024-30381

An Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Juniper Networks Paragon Active Assurance Control Center allows a network-adjacent attacker with root access to a Test Agent Appliance the ability to access sensitive information about downstream devices. The...

CVE-2024-3704

SQL Injection Vulnerability has been found on OpenGnsys product affecting version 1.1.1d Espeto. This vulnerability allows an attacker to inject malicious SQL code into login page to bypass it or even retrieve all the information stored in the database...

PT-2024-3155 · WordPress · Forminator

Name of the Vulnerable Software and Affected Versions: Forminator versions prior to 1.29.3 Description: The issue is related to a SQL injection vulnerability due to a lack of protection measures for the SQL query structure. This vulnerability can be exploited by a remote attacker to modify...

CVE-2024-3025

The CVE-2024-3025 entry affects mintplex-labs/anything-llm, where the logo filename handling allows path traversal due to insufficient input validation. Attackers can reference files outside the restricted directory via the logo upload endpoint, exposing the application’s database and potentially...

PT-2024-3593 · Quay · Quay

Name of the Vulnerable Software and Affected Versions: Quay affected versions not specified Description: A flaw in Quay's mirror-registry allows a malicious actor with access to the config.yaml file to gain unauthorized access to Quay's database. The issue is related to the storage of critical...