Improper Neutralization of Special Elements in Data Query Logic

Overview org.springframework.ai:spring-ai-milvus-store is a Spring AI Vector Store - Milvus Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Data Query Logic via the MilvusVectorStoredoDeleteList implementation. An attacker can inject filter...

CVE-2022-25406

Tongda2000 v11.10 was discovered to contain a SQL injection vulnerability in deletequery.php via the DELETESTR parameter...

CVE-2024-10601

A vulnerability has been found in Tongda OA 2017 up to 11.10 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /general/address/private/address/query/delete.php. The manipulation of the argument whererepeat leads to sql injection. The attack can be...

CVE-2023-5782

A vulnerability, which was classified as critical, was found in Tongda OA 2017 up to 11.10. Affected is an unknown function of the file /manage/deletequery.php of the component General News. The manipulation of the argument NEWSID leads to sql injection. The exploit has been disclosed to the publ...

TONGDA Office Anywhere SQL Injection Vulnerability

TONGDA Office Anywhere is a collaborative office OA system. A SQL injection vulnerability exists in TONGDA Office Anywhere V11.10 and earlier, v2017, which originates from an unknown function /manage/deletequery.php in the component General News, which causes an SQL injection via the parameter...

Video List Manager <= 1.7 - Admin+ SQL Injection

The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin SELECT query: 1. Log in as admin. 2. Visit the following path on the site:...

Tongda2000 SQL注入漏洞

Tongda2000 is a web-based intelligent office system from Tongda, China. a SQL injection vulnerability exists in Tongda2000 v11.10, which stems from the product's failure to effectively filter the special characters in the DELETESTR parameter data in the deletequery.php file. An attacker could...

ArangoDB Community Edition 3.4.2-1 - Cross-Site Scripting

ArangoDB Community Edition 3.4.2-1 - Cross-Site Scripting Exploit Title: ArangoDB Community Edition 3.4.2-1 | Cross-Site Scripting Date: 17.02.2019 Exploit Author: Ozer Goker Vendor Homepage: https://www.arangodb.com Software Link: https://www.arangodb.com/download-major/ Version: 3.4.2-1...

ArangoDB Community Edition 3.4.2-1 Cross Site Scripting

Exploit Title: ArangoDB Community Edition 3.4.2-1 | Cross-Site Scripting Date: 17.02.2019 Exploit Author: Ozer Goker Vendor Homepage: https://www.arangodb.com Software Link: https://www.arangodb.com/download-major/ Version: 3.4.2-1 Introduction ArangoDB is a native multi-model, open-source databa...

Joomla! VirtueMart component &lt;= 2.0.22a - SQL Injection

------------------------------------------------------------ Joomla! VirtueMart component = 2.0.22a - SQL Injection ------------------------------------------------------------ == Description == - Software link: http://www.virtuemart.net/ - Affected versions: All versions between 2.0.8 and 2.0.22...

Joomla! Component com_virtuemart 2.0.22a - SQL Injection

------------------------------------------------------------ Joomla! VirtueMart component = 2.0.22a - SQL Injection ------------------------------------------------------------ == Description == - Software link: http://www.virtuemart.net/ - Affected versions: All versions between 2.0.8 and 2.0.22...

Phoenix View CMS Pre Alpha2 - SQL Injection Local File Inclusion Cross-Site Scripting

Phoenix View CMS Pre Alpha2 - SQL Injection Local File Inclusion Cross-Site Scripting Phoenix View CMS = Pre Alpha2 Multiple Vulnerabilities LFISQLIXSS Found by : tw8 Date : 8.05.2008 Website && Forum : http://rstzone.org && http://rstzone.org/forum/ Bug type : LFI, SQLI & XSS Affected software...