CVE-2021-24858

The Cookie Notification Plugin for WordPress plugin before 1.0.9 does not sanitise or escape the id GET parameter before using it in a SQL statement, when retrieving the setting to edit in the admin dashboard, leading to an authenticated SQL Injection...

CVE-2022-22055

The Le-yan dental management system contains an SQL-injection vulnerability. An unauthenticated remote attacker can inject SQL commands into the input field of the login page to acquire administrator’s privilege and perform arbitrary operations on the system or disrupt service...

Sql injection

An exploitable SQL injection vulnerability exist in the ‘grouplist’ page of the Advantech R-SeeNet 2.4.15 30.07.2021. A specially-crafted HTTP request at '‘ord’ parameter. An attacker can make authenticated HTTP requests to trigger this vulnerability. This can be done as any authenticated user or...

CVE-2021-43157

Projectsworlds Online Shopping System PHP 1.0 is vulnerable to SQL injection via the id parameter in cartremove.php...

Projectworlds Hospital Management System SQL注入漏洞

Projectworlds Hospital Management System is a hospital management system from Projectworlds Austria. version 1.0 of Projectworlds Hospital Management System is vulnerable to SQL injection, which can be exploited by attackers to compromise database system and in some cases use this vulnerability t...

Jackalope Doctrine-DBAL SQL注入漏洞

Jackalope Doctrine-DBAL is an implementation of the PHP Content Repository API PHPCR that uses a relational database to persist data. Jackalope Doctrine-DBAL suffers from a SQL injection vulnerability that stems from the software's lack of effective filtering for the $property parameter. In the...

PayPal Free Source Code SQL注入漏洞

PayPal Free Source Code is an online registration management system. A security vulnerability exists in PayPal Free Source Code 1.0 online registration management system, which allows attackers to obtain sensitive information and execute arbitrary SQL commands via the IDNO parameter...

Esri Arcgis Server SQL注入漏洞

Esri Arcgis Server is a Web-oriented, enterprise-class software platform that can be used to provide geolocation services from Esri, Inc. Esri ArcGIS Server suffers from a SQL injection vulnerability that stems from a lack of validation of externally entered SQL statements in database-based...

The vulnerability of the ePolicy Orchestrator extension of the McAfee Data Loss protection software allows a hacker to execute arbitrary SQL code.

The vulnerability of the ePolicy Orchestrator extension of the McAfee Data Loss Prevention software lies in the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows an attacker to execute arbitrary SQL code remotely, using the user management section...

WordPress 插件 SQL注入漏洞

WordPress Plugin is an open source application plugin for WordPress. The WordPress plugin suffers from a SQL injection vulnerability that stems from the hmwp get user ip function attempting to retrieve an ip address from multiple headers, including ip address headers that the user can spoof, such...

Advantech R-SeeNet SQL注入漏洞

Advantech R-SeeNet is an industrial monitoring software from Advantech Taiwan, China. The software is based on the snmp protocol for monitoring platforms and is available for Linux and Windows platforms.Advantech R-SeeNet is vulnerable to SQL injection, which can be exploited by remote attackers ...

Roundcube Webmail SQL注入漏洞

Roundcube Webmail is an open source browser-based IMAP client that supports address book management, message searching, spell checking, and more. A SQL injection vulnerability exists in Roundcube Webmail, which can be exploited to perform SQL injection via "search" or "searchparams". The followin...

CVE-2021-24772

The Stream WordPress plugin before 3.8.2 does not sanitise and validate the order GET parameter from the Stream Records admin dashboard before using it in a SQL statement, leading to an SQL injection issue...

USN-5145-1 postgresql-10, postgresql-12, postgresql-13 vulnerabilities

Jacob Champion discovered that PostgreSQL incorrectly handled SSL certificate verification and encryption. A remote attacker could possibly use this issue to inject arbitrary SQL queries when a connection is first established...

CVE-2020-22223

Stivasoft Phpjabbers Fundraising Script v1.0 was discovered to contain a SQL injection vulnerability via the pjActionLoad function...

Hitachi Vantara Pentaho SQL注入漏洞

Hitachi Vantara Pentaho is a service from Hitachi, Japan, for storing and managing data in big data environments. Hitachi Vantara Pentaho suffers from a SQL injection vulnerability that could allow an unauthenticated user to execute arbitrary SQL queries on a Pentaho data source to retrieve data...

Online Student Admission System SQL注入漏洞

Online Student Admission System is an online student admission system. It is used to computerize all pre- and post-admission activities of an institution. A security vulnerability exists in Online Student Admission System version 1.0, which stems from the software's lack of effective restrictions...

CVE-2021-38481

The scheduler service running on a specific TCP port enables the user to start and stop jobs. There is no sanitation of the supplied JOB ID provided to the function. An attacker may send a malicious payload that can enable the user to execute another SQL expression by sending a specific string...

POC-EXP

It is an offensive tool for vulnerability exploitation. The repository contains a collection of exploits and proof-of-concept PoC code for various vulnerabilities. No specific CVE or GHSA IDs are mentioned, but the repository is likely focused on demonstrating exploitation techniques rather than...

SAP Business One SQL注入漏洞

SAP Business One is a suite of enterprise management software from SAP, a German company. SAP Business One version 10.0 has a SQL injection vulnerability that stems from the lack of effective validation and escaping of SQL statements, which can be exploited by an attacker with business privileges...