PT-2023-9169 · Unknown · Schuhfried

Name of the Vulnerable Software and Affected Versions: SCHUHFRIED version 8.22.00 Description: The issue is related to the use of hardcoded credentials in the SCHUHFRIED system, which can be exploited by a remote attacker to obtain access to protected information using a specially crafted curl...

ShipStation 安全漏洞

ShipStation is an e-commerce retail order carrier processing and shipping software from ShipStation. A security vulnerability exists in ShipStation version 1.1 and prior versions that stems from unchecked access to an endpoint, allowing a remote attacker to insert arbitrary information into the...

Online Computer and Laptop Store SQL注入漏洞

Online Computer and Laptop Store is an online computer and laptop store from Carlo Montero's personal developer. Online Computer and Laptop Store v1.0 is vulnerable to a SQL injection vulnerability, which stems from the lack of validation of external input SQL statements in the parameter email of...

Online Payroll System SQL注入漏洞

Online Payroll System is a system for distributing payroll online. Online Payroll System is vulnerable to SQL injection, which can be exploited by attackers to submit special SQL requests to manipulate the database and obtain sensitive information...

PT-2023-17225

Name of the Vulnerable Software and Affected Versions Akbim Computer Panon versions prior to 1.0.2 Description The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL Injection attacks. Recommendations F...

CVE-2023-28630 Sensitive information disclosure possible on misconfigured failed backups of non-H2 databases in gocd

GoCD is an open source continuous delivery server. In GoCD versions from 20.5.0 and below 23.1.0, if the server environment is not correctly configured by administrators to provide access to the relevant PostgreSQL or MySQL backup tools, the credentials for database access may be unintentionally...

CVE-2023-28630

CVE-2023-28630 affects GoCD versions 20.5.0 through 23.1.0. When backups are enabled but the server cannot access the required backup binaries (pg_dump for PostgreSQL or mysqldump for MySQL), a failure to launch the backup utility can leak the plaintext database password in admin alerts. The flaw...

HGiga MailSherlock SQL注入漏洞

Hgiga MailSherlock is an enterprise email audit system from China Henderson Technology Hgiga. A SQL injection vulnerability exists in HGiga MailSherlock version 4.5, which stems from a query function that does not adequately validate user input. An attacker can exploit this vulnerability by...

PT-2023-17093 · Pimcore · Pimcore

Name of the Vulnerable Software and Affected Versions: pimcore/pimcore versions prior to 10.5.19 Description: The issue allows an attacker to perform SQL injection, potentially leading to full database access and possibly remote code execution RCE if the WEBROOT path is known. Recommendations: Fo...

CVE-2023-25684

IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 247597...

CVE-2023-1306

An authenticated attacker can leverage an exposed resource.db accessor method to smuggle Python method calls via a Jinja template, which can lead to code execution. This issue was resolved in the Managed and SaaS deployments on February 1, 2023, and in version 23.2.1 of the Self-Managed version o...

PT-2023-20243 · Ibm · Ibm Security Guardium Key Lifecycle Manager

Name of the Vulnerable Software and Affected Versions: IBM Security Guardium Key Lifecycle Manager versions 3.0 through 4.1.1 Description: The issue allows a remote attacker to send specially crafted SQL statements, which could enable the attacker to view, add, modify, or delete information in th...

CVE-2023-26905

An issue was discovered in Alphaware - Simple E-Commerce System v1.0. There is a SQL injection that can directly issue instructions to the background database system via /alphaware/details.php?id...

Siemens RUGGEDCOM CROSSBOW SQL注入漏洞

RUGGEDCOM CROSSBOW is a secure access management solution designed to provide NERC CIP-compliant access to intelligent electronic devices.A SQL injection vulnerability exists in Siemens RUGGEDCOM CROSSBOW, which stems from the fact that the audit logs of affected applications are vulnerable to SQ...

Insecure Direct Object Reference

wallabag/wallabag is vulnerable to Insecure Direct Object Reference. The vulnerability is due to improper authentication checks in the addTagFormAction function of TagController.php which allows an admin authenticated remote attacker to add tags and get direct access to objects in the internal...

CVE-2023-26473 XWiki Platform allows unprivileged users to make arbitrary select queries using DatabaseListProperty and suggest.vm

XWiki Platform is a generic wiki platform. Starting in version 1.3-rc-1, any user with edit right can execute arbitrary database select and access data stored in the database. The problem has been patched in XWiki 13.10.11, 14.4.7, and 14.10. There is no workaround for this vulnerability other th...

CVE-2023-26473

XWiki Platform (the affected product) has a vulnerability CVE-2023-26473 where, starting in version 1.3-rc-1, any user with edit rights can execute arbitrary database SELECT queries and access data stored in the database. The issue has been patched in XWiki 13.10.11, 14.4.7, and 14.10, and there ...

CVE-2023-26473 XWiki Platform allows unprivileged users to make arbitrary select queries using DatabaseListProperty and suggest.vm

XWiki Platform is a generic wiki platform. Starting in version 1.3-rc-1, any user with edit right can execute arbitrary database select and access data stored in the database. The problem has been patched in XWiki 13.10.11, 14.4.7, and 14.10. There is no workaround for this vulnerability other th...

PT-2023-20664 · Xwiki · Xwiki Platform

Name of the Vulnerable Software and Affected Versions: XWiki Platform versions 1.3-rc-1 through 13.10.10 XWiki Platform versions 14.4.0 through 14.4.6 XWiki Platform versions 14.10.0 Description: XWiki Platform is a generic wiki platform where any user with edit right can execute arbitrary databa...

XWiki Platform 安全漏洞

XWiki Platform is a suite of Wiki platforms for creating Web collaboration applications from the French company XWiki. A security vulnerability exists in XWiki Platform that originates from the fact that any user with editing privileges can execute arbitrary database selections and access data...