CVE-2018-25357

Dolibarr ERP CRM 7.0.3 contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary code by injecting PHP code through the dbname parameter. Attackers can send a POST request to install/step1.php with malicious PHP code in the dbname parameter, then...

UBUNTU-CVE-2018-25357

Dolibarr ERP CRM 7.0.3 contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary code by injecting PHP code through the dbname parameter. Attackers can send a POST request to install/step1.php with malicious PHP code in the dbname parameter, then...

CVE-2018-25357 Dolibarr ERP CRM 7.0.3 Remote Code Execution via install/step1.php

Dolibarr ERP CRM 7.0.3 contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary code by injecting PHP code through the dbname parameter. Attackers can send a POST request to install/step1.php with malicious PHP code in the dbname parameter, then...

CVE-2018-25357

Dolibarr ERP CRM 7.0.3 contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary code by injecting PHP code through the dbname parameter. Attackers can send a POST request to install/step1.php with malicious PHP code in the dbname parameter, then...

CVE-2018-25357

Dolibarr ERP CRM 7.0.3 contains a remote code execution vulnerability. An unauthenticated attacker can inject PHP into the db_name parameter via a POST to install/step1.php , then trigger code execution through the check.php endpoint using the cmd parameter. The CVE documents indicate a critical ...

EUVD-2018-21879

Dolibarr ERP CRM 7.0.3 contains a remote code evaluation vulnerability that allows unauthenticated attackers to execute arbitrary code by injecting PHP code through the dbname parameter. Attackers can send a POST request to install/step1.php with malicious PHP code in the dbname parameter, then...

EUVD-2020-11431

Malware in sbrugna...

EUVD-2023-57550

Malicious code in bioql PyPI...

CVE-2020-19527

iCMS 7.0.14 attackers to execute arbitrary OS commands via shell metacharacters in the DBNAME parameter to install/install.php...

CVE-2023-5221

ForU CMS contains a code injection vulnerability in /install/index.php via manipulation of the db_name argument. The issue allows remote code execution and has been publicly disclosed. Impact is tied to confidentiality, integrity, and availability at HIGH/CRITICAL levels per CVE-2023-5221, with m...

CVE-2023-30556

Archery is an open source SQL audit platform. The Archery project contains multiple SQL injection vulnerabilities, that may allow an attacker to query the connected databases. Affected versions are subject to SQL injection in the optimizesqltuningadvisor method of sqloptimize.py. User input comin...

Sql injection

Archery is an open source SQL audit platform. The Archery project contains multiple SQL injection vulnerabilities, that may allow an attacker to query the connected databases. Affected versions are subject to SQL injection in the datadictionary.py tableinfo. User input coming from the dbname in a...

Sql injection

Archery is an open source SQL audit platform. The Archery project contains multiple SQL injection vulnerabilities, that may allow an attacker to query the connected databases. Affected versions are subject to SQL injection in the optimizesqltuningadvisor method of sqloptimize.py. User input comin...

Sql injection

Archery is an open source SQL audit platform. The Archery project contains multiple SQL injection vulnerabilities, that may allow an attacker to query the connected databases.Affected versions are subject to SQL injection in the explain method in sqloptimize.py. User input coming from the dbname...

CVE-2023-30558

CVE-2023-30558 affects Archery, an open source SQL audit platform. The vulnerability arises from multiple SQL injection flaws in the sql/data_dictionary.py table_list endpoint, where untrusted input from the db_name parameter is concatenated into SQL queries and passed to database engines. Affect...

CVE-2023-30557 SQL injection in data_dictionary.py table_info method in Archery - GHSL-2022-106

Archery is an open source SQL audit platform. The Archery project contains multiple SQL injection vulnerabilities, that may allow an attacker to query the connected databases. Affected versions are subject to SQL injection in the datadictionary.py tableinfo. User input coming from the dbname in a...

CVE-2023-30557 SQL injection in data_dictionary.py table_info method in Archery - GHSL-2022-106

Archery is an open source SQL audit platform. The Archery project contains multiple SQL injection vulnerabilities, that may allow an attacker to query the connected databases. Affected versions are subject to SQL injection in the datadictionary.py tableinfo. User input coming from the dbname in a...

CVE-2023-30556 SQL injection in sql_optimize.py optimize_sqltuningadvisor method in Archery - GHSL-2022-107

Archery is an open source SQL audit platform. The Archery project contains multiple SQL injection vulnerabilities, that may allow an attacker to query the connected databases. Affected versions are subject to SQL injection in the optimizesqltuningadvisor method of sqloptimize.py. User input comin...

CVE-2020-19527

iCMS 7.0.14 attackers to execute arbitrary OS commands via shell metacharacters in the DBNAME parameter to install/install.php...

Design/Logic Flaw

iCMS 7.0.14 attackers to execute arbitrary OS commands via shell metacharacters in the DBNAME parameter to install/install.php...