484 matches found
CVE-2026-0488
CVE-2026-0488 affects SAP CRM and SAP S/4HANA (Scripting Editor) via a flaw in a generic function module call that an authenticated attacker can abuse to execute an arbitrary SQL statement. This can lead to full database compromise with high impact to confidentiality, integrity, and availability....
PT-2026-7203
Name of the Vulnerable Software and Affected Versions SAP CRM and SAP S/4HANA affected versions not specified Description An authenticated attacker in SAP CRM and SAP S/4HANA Scripting Editor can exploit a flaw in a generic function module call and execute unauthorized critical functionalities...
CVE-2020-37116
GUnet OpenEclass 1.7.3 includes phpMyAdmin 2.10.0.2 by default, which allows remote logins. Attackers with access to the platform can remotely access phpMyAdmin and, after uploading a shell, view the config.php file to obtain the MySQL password, leading to full database compromise...
CVE-2020-37116 GUnet OpenEclass 1.7.3 E-learning platform - phpMyAdmin Remote Access
GUnet OpenEclass 1.7.3 includes phpMyAdmin 2.10.0.2 by default, which allows remote logins. Attackers with access to the platform can remotely access phpMyAdmin and, after uploading a shell, view the config.php file to obtain the MySQL password, leading to full database compromise...
PT-2026-5861
GUnet OpenEclass 1.7.3 includes phpMyAdmin 2.10.0.2 by default, which allows remote logins. Attackers with access to the platform can remotely access phpMyAdmin and, after uploading a shell, view the config.php file to obtain the MySQL password, leading to full database compromise...
Openbiz Cubi SQL Injection
Multiple SQL injection vulnerabilities exist in Openbiz Cubi. These vulnerabilities allow remote attackers to execute arbitrary SQL commands and potentially compromise the entire database. This issue is older research added to the archive...
Plikli CMS 4.0.0 Blind SQL Injection
A blind SQL injection vulnerability exists in Plikli CMS version 4.0.0. The vulnerability allows remote attackers to execute arbitrary SQL commands and potentially compromise the database. This is older research added to the archive...
TestLink 1.9.13 SQL Injection
A SQL injection vulnerability exists in TestLink version 1.9.13. The vulnerability allows remote attackers to execute arbitrary SQL commands and potentially compromise the database. This issue is older research added to the archive...
CVE-2021-47918 Simple CMS 2.1 SQL Injection Vulnerability via Users Module
Simple CMS 2.1 contains a remote SQL injection vulnerability that allows privileged attackers to inject unfiltered SQL commands in the users module. Attackers can exploit unvalidated input parameters in the admin.php file to compromise the database management system and web application...
EUVD-2021-34753
Simple CMS 2.1 contains a remote SQL injection vulnerability that allows privileged attackers to inject unfiltered SQL commands in the users module. Attackers can exploit unvalidated input parameters in the admin.php file to compromise the database management system and web application...
CVE-2021-47916
...
EUVD-2021-34756
PHP Melody version 3.0 contains a remote SQL injection vulnerability in the video edit module that allows authenticated attackers to inject malicious SQL commands. Attackers can exploit the unvalidated 'vid' parameter to execute arbitrary database queries and potentially compromise the web...
CVE-2021-47916
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...
EUVD-2021-34761
Mult-E-Cart Ultimate 2.4 contains multiple SQL injection vulnerabilities in inventory, customer, vendor, and order modules. Remote attackers with privileged vendor or admin roles can exploit the 'id' parameter to execute malicious SQL commands and compromise the database management system...
PT-2026-5561
Simple CMS 2.1 contains a remote SQL injection vulnerability that allows privileged attackers to inject unfiltered SQL commands in the users module. Attackers can exploit unvalidated input parameters in the admin.php file to compromise the database management system and web application...
PT-2026-5555
Name of the Vulnerable Software and Affected Versions Mult-E-Cart Ultimate version 2.4 Description The software contains multiple SQL injection flaws within the inventory, customer, vendor, and order modules. Attackers with vendor or administrator privileges can exploit the id parameter to execut...
CVE-2022-23694
Vulnerabilities in the web-based management interface of ClearPass Policy Manager could allow an authenticated remote attacker to conduct SQL injection attacks against the ClearPass Policy Manager instance. An attacker could exploit these vulnerabilities to obtain and modify sensitive information...
CVE-2020-7114
A vulnerability exists allowing attackers, when present in the same network segment as ClearPass' management interface, to make changes to certain databases in ClearPass by crafting HTTP packets. As a result of this attack, a possible complete cluster compromise might occur. Resolution: Fixed in...
CVE-2020-12429
Online Course Registration 2.0 has multiple SQL injections that would can lead to a complete database compromise and authentication bypass in the login pages: admin/change-password.php, admin/checkavailability.php, admin/index.php, change-password.php, checkavailability.php, includes/header.php,...
CVE-2024-41915
A vulnerability in the web-based management interface of ClearPass Policy Manager could allow an authenticated remote attacker to conduct SQL injection attacks against the ClearPass Policy Manager instance. An attacker could exploit this vulnerability to obtain and modify sensitive information in...