CVE-2022-48596

A SQL injection vulnerability exists in the “ticket queue watchers” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database...

CVE-2022-48597

A SQL injection vulnerability exists in the “ticket event report” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database...

CVE-2022-48587

A SQL injection vulnerability exists in the “schedule editor” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database...

PT-2023-15861 · Sciencelogic · Sciencelogic Sl1

Name of the Vulnerable Software and Affected Versions: ScienceLogic SL1 affected versions not specified Description: A SQL injection issue exists in the “reporting job editor” feature of the ScienceLogic SL1. This feature takes unsanitized user-controlled input and passes it directly to a SQL...

PT-2023-15868 · Sciencelogic · Sciencelogic Sl1

Name of the Vulnerable Software and Affected Versions: ScienceLogic SL1 affected versions not specified Description: A SQL injection issue exists in the "ticket queue watchers" feature of the ScienceLogic SL1. This feature takes unsanitized user-controlled input and passes it directly to a SQL...

PT-2023-25195

Name of the Vulnerable Software and Affected Versions a2 License Portal System versions prior to 1.48 Description The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL Injection attacks. Recommendation...

BA Gallery SQL Injection Vulnerability in Joomla!

Joomla! is a set of forum components used in the Joomla! content management system. A security vulnerability exists in Joomla! BA Gallery that stems from improper neutralization of special elements, which can lead to SQL injection...

The vulnerability of the PHP platform pimcore, related to the lack of measures taken to protect the SQL query structure, allows attackers to carry out attacks based on SQL injections.

The vulnerability of the PHP platform pimcore is related to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to carry out attacks based on SQL injections...

CVE-2023-38684

Discourse (open source forum software) is vulnerable in versions prior to 3.0.6 (stable) and 3.1.0.beta7 (beta/tests-passed) where multiple controller actions accept limit parameters without an upper bound, potentially enabling arbitrary users to generate expensive DB queries and exhaust server r...

The vulnerability of the clearAlertByIds function in the system for managing, diagnosing, and optimizing the operation of network devices. The ProSafe Network Management NMS300 allows a hacker to increase their privileges.

The vulnerability of the clearAlertByIds function in the system for managing, diagnosing, and optimizing network device operations is related to the lack of protection for the SQL query structure. Exploiting this vulnerability can allow a malicious actor to increase their privileges remotely...

Biltay Technology Scienta SQL注入漏洞

Biltay Technology Scienta is a mobile application from Biltay Technology designed for enterprise management. Biltay Technology Scienta suffers from a SQL injection vulnerability that stems from not properly neutralizing special elements. An attacker can exploit this vulnerability to inject...

Campcodes Beauty Salon Management System SQL注入漏洞

Campcodes Beauty Salon Management System is a beauty salon management system from Campcodes. A SQL injection vulnerability exists in Campcodes Beauty Salon Management System version 1.0, which originates from an unknown function in the file /admin/admin-profile.php that can lead to SQL injection...

DedeBIZ 跨站脚本漏洞

DedeBIZ is a content management system from China Muyun Intelligent Technology DedeBIZ company. A cross-site scripting vulnerability exists in DedeBIZ version 6.2.10, which originates from the presence of an unknown function in the file /admin/syssqlquery.php, resulting in cross-site scripting...

CVE-2023-3793

A vulnerability was found in Weaver e-cology. It has been rated as critical. This issue affects some unknown processing of the file filelFileDownloadForOutDoc.class of the component HTTP POST Request Handler. The manipulation of the argument fileid with the input 1+WAITFOR+DELAY leads to sql...

Bylancer QuickOrder SQL注入漏洞

Bylancer QuickOrder is a WhatsApp food ordering plugin from Bylancer. A SQL injection vulnerability exists in Bylancer QuickOrder version 6.3.7, which stems from the presence of an unknown function in the blog in the component GET Parameter Handler, which leads to sql injection via parameter s. T...

The vulnerability of the software for processing and transmitting confidential data in Progress MOVEit Transfer arises from the lack of measures taken to protect the SQL query structure. This allows attackers to circumvent security restrictions, execute arbitrary SQL code, and gain unauthorized access to read, modify, or delete data.

The vulnerability of the software for processing and transmitting confidential data using Progress MOVEit Transfer is related to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows an attacker, operating remotely, to circumvent security restrictions...

CVE-2023-37303

An issue was discovered in the CheckUser extension for MediaWiki through 1.39.3. In certain situations, an attempt to block a user fails after a temporary browser hang and a DBQueryDisconnectedError error message...

UBUNTU-CVE-2023-37303

An issue was discovered in the CheckUser extension for MediaWiki through 1.39.3. In certain situations, an attempt to block a user fails after a temporary browser hang and a DBQueryDisconnectedError error message...

The vulnerability of the GLPI system’s handling of requests and incidents lies in the improper cancellation of input during the generation of web pages, allowing a malicious user to execute arbitrary SQL queries in the database.

The vulnerability of the GLPI system for handling requests and incidents is related to insufficient cleaning of user data on search pages. A malicious actor can trick a victim into clicking on a specially created link, allowing arbitrary HTML code and scripts to be executed in the user’s browser...

PHPOK SQL注入漏洞

PHPOK is an enterprise building system that supports expansion. PHPOK v.5.4 suffers from a SQL injection vulnerability that originates from allowing remote attackers to obtain sensitive information via the userlist function in the framerwork/phpokcall.php file. No detailed vulnerability details a...