Sql injection

Blind SQL injection in apiversion parameter in Tyk Gateway version 5.0.3 allows attacker to access and dump the database via a crafted SQL query...

CVE-2023-42283

Blind SQL injection in apiid parameter in Tyk Gateway version 5.0.3 allows attacker to access and dump the database via a crafted SQL query...

CVE-2023-42283

Blind SQL injection in apiid parameter in Tyk Gateway version 5.0.3 allows attacker to access and dump the database via a crafted SQL query...

CVE-2023-42284

Blind SQL injection in apiversion parameter in Tyk Gateway version 5.0.3 allows attacker to access and dump the database via a crafted SQL query...

Tyk Gateway Security Vulnerability

Tyk Gateway is a cloud-based, open-source API gateway open-sourced by Tyk Technologies. A security vulnerability exists in Tyk Gateway version 5.0.3. An attacker exploited the vulnerability to access and dump a database via a specially crafted SQL query...

PT-2023-7225 · Tyk · Tyk Gateway

Name of the Vulnerable Software and Affected Versions: Tyk Gateway version 5.0.3 Description: The issue concerns a blind SQL injection in the api id parameter, allowing an attacker to access and dump the database via a crafted SQL query. This is related to the lack of protection measures for the...

CVE-2023-42284

Blind SQL injection in apiversion parameter in Tyk Gateway version 5.0.3 allows attacker to access and dump the database via a crafted SQL query...

Exploit for SQL Injection in Moodle

CVE-2021-36396 Exploit Description This repository holds a...

PT-2023-8554 · Unknown · Neshan Maps

Name of the Vulnerable Software and Affected Versions: Neshan Maps versions 1.1.4 and earlier Description: The issue is related to the improper neutralization of special elements used in an SQL command, which allows for SQL injection attacks. This can be exploited by a remote attacker to conduct...

CVE-2023-29047

Imageconverter API endpoints provided methods that were not sufficiently validating and sanitizing client input, allowing to inject arbitrary SQL statements. An attacker with access to the adjacent network and potentially API credentials, could read and modify database content which is accessible...

PT-2023-20647 · Unknown · Imageconverter Service

Name of the Vulnerable Software and Affected Versions: imageconverter service affected versions not specified Description: The issue allows requests to fetch image metadata to be abused, including SQL queries that would be executed unchecked. This requires at least access to adjacent networks of...

CVE-2023-5436

The Vertical marquee plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 7.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

CVE-2023-5436 Vertical marquee plugin <= 7.1 - Authenticated (Subscriber+) SQL Injection via Shortcode

The Vertical marquee plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 7.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

CVE-2023-5438 wp image slideshow <= 12.0 - Authenticated (Subscriber+) SQL Injection via Shortcode

The wp image slideshow plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 12.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

CVE-2023-43507

A vulnerability in the web-based management interface of ClearPass Policy Manager could allow an authenticated remote attacker to conduct SQL injection attacks against the ClearPass Policy Manager instance. An attacker could exploit this vulnerability to obtain and modify sensitive information in...

CVE-2023-45825 Token in custom credentials object can leak through logs in ydb-go-sdk

ydb-go-sdk is a pure Go native and database/sql driver for the YDB platform. Since ydb-go-sdk v3.48.6 if you use a custom credentials object implementation of interface Credentials it may leak into logs. This happens because this object could be serialized into an error message using...

CVE-2023-5336 iPanorama 360 – WordPress Virtual Tour Builder <= 1.8.0 - Authenticated (Contributor+) SQL Injection via Shortcode

The iPanorama 360 – WordPress Virtual Tour Builder plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 1.8.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This...

The vulnerability of the monitoring software for the status and functions of Advantech R-SeeNet routers lies in the lack of protection for operational data. This allows a hacker to gain access to the database by reading and writing data in the snmpmon.ini file.

The vulnerability of the monitoring software for the status and functions of Advantech R-SeeNet routers lies in the lack of protection for operational data. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain access to the database by reading and writing data ...

Smart School 6.4.1 SQL Injection

Exploit Title: Smart School 6.4.1 - SQL Injection Exploit Author: CraCkEr Date: 28/09/2023 Vendor: QDocs - qdocs.net Vendor Homepage: https://smart-school.in/ Software Link: https://demo.smart-school.in/ Tested on: Windows 10 Pro Impact: Database Access CVE: CVE-2023-5495 CWE: CWE-89 - CWE-74 -...

Clcknshop 1.0.0 - SQL Injection

Exploit Title: Clcknshop 1.0.0 - SQL Injection Exploit Author: CraCkEr Date: 16/08/2023 Vendor: Infosoftbd Solutions Vendor Homepage: https://infosoftbd.com/ Software Link: https://infosoftbd.com/multitenancy-e-commerce-solution/ Demo: https://kidszone.clckn.shop/ Version: 1.0.0 Tested on: Window...