CVE-2020-8887

Telestream Tektronix Medius before 10.7.5 and Sentry before 10.7.5 have a SQL injection vulnerability allowing an unauthenticated attacker to dump database contents via the page parameter in a page=login request to index.php aka the server login page...

PT-2020-16096 · Phpgurukul · Phpgurukul Zoo Management System

Name of the Vulnerable Software and Affected Versions: PHPGURUKUL Zoo Management System Using PHP and MySQL version 1.0 Description: The issue concerns SQL Injection via the "zms/animal-detail.php" endpoint. This allows for potential manipulation of database queries. Recommendations: For PHPGURUK...

ZZCMS 2020 Frontend SQL Injection Vulnerability

ZZCMS is a content management system for Webmaster Merchants. A SQL injection vulnerability exists in the ZZCMS 2020 frontend, which can be exploited by attackers to obtain sensitive information from the database...

GHSA-HXWC-5VW9-2W4W NoSQL Injection in loopback-connector-mongodb

Versions of loopback-connector-mongodb prior to 3.6.0 are vulnerable to NoSQL Injection. Filters passed to the database query are not properly sanitized which leads to execution of code on the database driver and data leak. Recommendation Upgrade to version 3.6.0 or later...

Remote code execution

Aerospike Community Edition 4.9.0.5 allows for unauthenticated submission and execution of user-defined functions UDFs, written in Lua, as part of a database query. It attempts to restrict code execution by disabling os.execute calls, but this is insufficient. Anyone with network access can use a...

CVE-2020-14068

An issue was discovered in MK-AUTH 19.01. The web login functionality allows an attacker to bypass authentication and gain client privileges via SQL injection in central/executarlogin.php...

PT-2020-14543 · Centos · Centos Web Panel

Name of the Vulnerable Software and Affected Versions: CentOS Web Panel version cwp-e17.0.9.8.923 Description: This issue allows remote attackers to disclose sensitive information on affected installations. Authentication is not required to exploit this issue. The specific flaw exists within the...

SQL Injection Vulnerability in the Frontend of waychar Enrollment System

Waychar Enrollment System is a PHP/MYSQL based enrollment system. A SQL injection vulnerability exists in the frontend of waychar enrollment system. An attacker can exploit this vulnerability to obtain sensitive information from the database...

SQL Injection Vulnerability in BEESCMS Backend ad***_bo***.php Page

BEESCMS is a scalable content management system CMS based on PHP and MySQL. A SQL injection vulnerability exists in the adbo.php page in the BEESCMS backend. An attacker can exploit the vulnerability to obtain sensitive database information...

SAP Master Data Governance SQL Injection Vulnerability

SAP Master Data Governance is a suite of data management tools from SAP Germany for maintaining, validating, and distributing master data. A SQL injection vulnerability exists in SAP Master Data Governance. An attacker could exploit this vulnerability by executing specially crafted database query...

The vulnerability of the template_id function in the Cacti server monitoring system, related to the lack of measures taken to protect the SQL query structure, allows attackers to access confidential data.

The vulnerability of the templateid function in the Cacti server monitoring system is related to an error in the processing of template identifiers when a composite value of a string and an identifier is used. Exploiting this vulnerability could allow an attacker to gain access to confidential da...

Open-AudIT Multiple Vulnerabilities

Advisory ID Internal CORE-2020-0009 1. Advisory Information Title: Open-AudIT Multiple Vulnerabilities Advisory ID: CORE-2020-0009 Advisory URL: https://www.coresecurity.com/advisories/open-audit-multiple-vulnerabilities Date published: 2020-04-27 Date of last update: 2020-04-24 Vendors...

PT-2020-17812 · Unknown · Ultralog Express

Name of the Vulnerable Software and Affected Versions: UltraLog Express affected versions not specified Description: The issue concerns the UltraLog Express device management interface, which fails to properly filter user-inputted strings in specific parameters. This allows attackers to inject...

Kodak Multimedia Recording and Playback System has SQL Injection Vulnerability

Ltd. is a provider of video and security products and solutions, dedicated to video conferencing, video surveillance and video application solutions to help various government and enterprise customers to solve visual communication and management challenges. A SQL injection vulnerability exists in...

CVE-2020-10365

LogicalDoc before 8.3.3 allows SQL Injection. LogicalDoc populates the list of available documents by querying the database. This list could be filtered by modifying some of the parameters. Some of them are not properly sanitized which could allow an authenticated attacker to perform arbitrary...

Sql injection

LogicalDoc before 8.3.3 allows SQL Injection. LogicalDoc populates the list of available documents by querying the database. This list could be filtered by modifying some of the parameters. Some of them are not properly sanitized which could allow an authenticated attacker to perform arbitrary...

CVE-2020-10365

LogicalDoc before 8.3.3 allows SQL Injection. LogicalDoc populates the list of available documents by querying the database. This list could be filtered by modifying some of the parameters. Some of them are not properly sanitized which could allow an authenticated attacker to perform arbitrary...

PT-2020-18345 · Parse · Parse Server

Name of the Vulnerable Software and Affected Versions: parser-server versions prior to 4.1.0 Description: The issue allows fetching all user objects by utilizing regex in the NoSQL query, specifically targeting the sessionToken. This can be achieved through the API endpoint "/parse/users/me" by...

Users able to query database metadata in Apache Superset

In Apache Incubator Superset before 0.31 user could query database metadata information from a database he has no access to, by using a specially crafted complex query...

Simplejobscript.com SJS SQL Injection Vulnerability

Simplejobscript.com SJS is a WEB based recruitment application service program. A SQL injection vulnerability exists in Simplejobscript.com SJS, which stems from a lack of validation of externally entered SQL statements in database-based applications and can be exploited by an attacker to execute...