CVE-2021-30459

A SQL Injection issue in the SQL Panel in Jazzband Django Debug Toolbar before 1.11.1, 2.x before 2.2.1, and 3.x before 3.2.1 allows attackers to execute SQL statements by changing the rawsql input field of the SQL explain, analyze, or select form...

Rockwell Automation FactoryTalk AssetCentre SQL Injection Vulnerability

Rockwell Automation FactoryTalk AssetCentre is an asset management software tool from Rockwell Automation that allows manufacturers and industrial companies to centrally manage controllers and other automation-related assets. An SQL injection vulnerability exists in Rockwell Automation FactoryTal...

mysql-connector-java: allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors which could result in unauthorized update, insert or delete

A flaw was found in the mysql-connector-java package. A complicated attack against the mysql Connector/J allows attackers on the local network to interfere with a user's connection and insert unauthorized SQL commands...

DEBIAN-CVE-2013-2018

Multiple SQL injection vulnerabilities in BOINC allow remote attackers to execute arbitrary SQL commands via unspecified vectors...

EUVD-2013-5777

Multiple SQL injection vulnerabilities in D-Link DSR-150 with firmware before 1.08B44; DSR-150N with firmware before 1.05B64; DSR-250 and DSR-250N with firmware before 1.08B44; and DSR-500, DSR-500N, DSR-1000, and DSR-1000N with firmware before 1.08B77 allow remote attackers to execute arbitrary...

CVE-2018-13350

SQL injection in logtable.php in TerraMaster TOS version 3.1.03 allows attackers to execute SQL queries via the "Event" parameter...

Interspire Email Marketer SQL Injection Vulnerability (CNVD-2018-26790)

BigCommerec Interspire Email Marketer IEM is a suite of email marketing software from BigCommerec, USA. A SQL injection vulnerability exists in the 'checkduplicatetags' function of Dynamiccontenttags.php in BigCommerec IEM 6.1.6 and earlier versions. A remote attacker can exploit this vulnerabili...

Sql injection

SQL Injection vulnerability in the Oturia Smart Google Code Inserter plugin before 3.5 for WordPress allows unauthenticated attackers to execute SQL queries in the context of the web server. The saveGoogleAdWords function in smartgooglecode.php did not use prepared statements and did not sanitize...

CVE-2017-17920

SQL injection vulnerability in the 'reorder' method in Ruby on Rails 5.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the 'name' parameter. NOTE: The vendor disputes this issue because the documentation states that this method is not intended for use with untrusted...

Sql injection

FusionSphere V100R006C00SPC102NFV has an SQL injection vulnerability. An authenticated, remote attacker could craft interface messages carrying malicious SQL statements and send them to a target device. Successful exploit could allow the attacker to launch an SQL injection attack and execute SQL...

CVE-2017-14703

SQL injection vulnerability in Cash Back Comparison Script 1.0 allows remote attackers to execute arbitrary SQL commands via the PATHINFO to search/...

CVE-2016-8906

SQL injection vulnerability in the "Site Browser Links pages" screen in dotCMS before 3.3.1 allows remote authenticated attackers to execute arbitrary SQL commands via the orderby parameter...

CVE-2016-8904

SQL injection vulnerability in the "Site Browser Containers pages" screen in dotCMS before 3.3.1 allows remote authenticated attackers to execute arbitrary SQL commands via the orderby parameter...

DedeCms use Csrf to create a file with the Execute sql statement getshell process with ideas-vulnerability warning-the black bar safety net

I from spring and autumn author: Szdny 00x01 ver. txt version 2 0 1 6 0 8 1 6 Due to the XAl3r submitted a patch day, so the latest version has been can not reproduce, so I specifically asked him to be a previous version of over to write this article ! Here is the Csrf trigger point, we create a...

miniMySQLAdmin 1.1.3 - Cross-Site Request Forgery (Execute SQL Query)

Exploit for php platform in category web applications document.forms.csrfpoc.submit; select from user order by User asc limit 20 Host User % exploituser1 -- 0day.today 2018-03-14...

los818 CMS SQL Injection Vulnerability

A sql injection vulnerability exists in los818 Content Management System, which allows remote attackers to execute their own sql commands on the web application or connect to dbms...

SQL Servers SQL Injection Characters Evasion Techniques

SQL injection techniques can allow remote attackers to execute SQL commands on SQL servers. Successful exploitation could allow attacker to disclose confidential information, modify or shut down the database or execute arbitrary code on affected servers...

CVE-2015-4634

SQL injection vulnerability in graphs.php in Cacti before 0.8.8e allows remote attackers to execute arbitrary SQL commands via the localgraphid parameter...

CVE-2013-5957

Multiple SQL injection vulnerabilities in CRM/Core/Page/AJAX/Location.php in CiviCRM before 4.2.12, 4.3.x before 4.3.7, and 4.4.x before 4.4.beta4 allow remote attackers to execute arbitrary SQL commands via the value parameter to 1 ajax/jqState or 2 ajax/jqcounty...

CVE-2011-4674

SQL injection vulnerability in popup.php in Zabbix 1.8.3 and 1.8.4, and possibly other versions before 1.8.9, allows remote attackers to execute arbitrary SQL commands via the onlyhostid parameter...