Astra Linux - уязвимость в mariadb-10.3

MariaDB before 10.6.2 allows an application crash because of mishandling of a pushdown from a HAVING clause to a WHERE clause...

CVE-2026-32888

Open Source Point of Sale is a web based point-of-sale application written in PHP using CodeIgniter framework. Versions contain an SQL Injection in the Items search functionality. When the custom attribute search feature is enabled searchcustom filter, user-supplied input from the search GET...

CVE-2026-32888

CVE-2026-32888 affects Open Source Point of Sale (PHP, CodeIgniter). A SQL Injection exists in the Items search functionality when the custom attribute search feature (search_custom) is enabled: user input from the search GET parameter is interpolated directly into a HAVING clause without paramet...

BIT-MARIADB-MIN-2021-46666

MariaDB before 10.6.2 allows an application crash because of mishandling of a pushdown from a HAVING clause to a WHERE clause...

BIT-MYSQL-CLIENT-2021-46666

MariaDB before 10.6.2 allows an application crash because of mishandling of a pushdown from a HAVING clause to a WHERE clause...

BIT-MARIADB-2021-46666

MariaDB before 10.6.2 allows an application crash because of mishandling of a pushdown from a HAVING clause to a WHERE clause...

mariadb: Crash caused by mishandling of a pushdown from a HAVING clause to a WHERE clause

MariaDB before 10.6.2 allows an application crash because of mishandling of a pushdown from a HAVING clause to a WHERE clause...

mariadb: crash when using HAVING with NOT EXIST predicate in an equality

A flaw was found in the MariaDB Server. It contains a segmentation fault via the component, sql/itemsubselect.cc, affecting availability...

mariadb: crash when using HAVING with IS NULL predicate in an equality

A flaw was found in the MariaDB Server. It contains a segmentation fault via the component, sql/itemcmpfunc.h, impacting availability...

mariadb: use-after-free when WHERE has subquery with an outer reference in HAVING

A flaw was found in the MariaDB Server. It contains a use-after-free in the component, mywildcmp8bitimpl at /strings/ctype-simple.c, affecting availability...

SUSE CVE-2021-46666

MariaDB before 10.6.2 allows an application crash because of mishandling of a pushdown from a HAVING clause to a WHERE clause...

Medium: mariadb

Issue Overview: getsortbytable in MariaDB before 10.6.2 allows an application crash via certain subquery uses of ORDER BY. CVE-2021-46657 MariaDB before 10.7.2 allows an application crash because it does not recognize that SELECTLEX::nestlevel is local to each VIEW. CVE-2021-46659 MariaDB through...

Information Disclosure

apachesuperset is vulnerable to Information Disclosure. A remote authenticated attacker with read access to a specific database can add subqueries to the WHERE and HAVING fields, resulting in references to tables on the same database that the attacker should not have access to. The perimeter to...

PT-2023-14020 · Apache · Apache Superset

Name of the Vulnerable Software and Affected Versions: Apache Superset versions 1.5.2 and prior Apache Superset version 2.0.0 Description: A vulnerability in the SQL Alchemy connector of Apache Superset allows an authenticated user with read access to a specific database to add subqueries to the...

CVE-2022-40826

B.C. Institute of Technology CodeIgniter =3.1.13 is vulnerable to SQL Injection via system\database\DBquerybuilder.php orhaving function. Note: Multiple third parties have disputed this as not a valid vulnerability...

CVE-2022-40826

B.C. Institute of Technology CodeIgniter =3.1.13 is vulnerable to SQL Injection via system\database\DBquerybuilder.php orhaving function. Note: Multiple third parties have disputed this as not a valid vulnerability...

CVE-2022-40832

B.C. Institute of Technology CodeIgniter =3.1.13 is vulnerable to SQL Injection via system\database\DBquerybuilder.php having function. Note: Multiple third parties have disputed this as not a valid vulnerability...

CVE-2022-40832

B.C. Institute of Technology CodeIgniter =3.1.13 is vulnerable to SQL Injection via system\database\DBquerybuilder.php having function. Note: Multiple third parties have disputed this as not a valid vulnerability...

CodeIgniter SQL注入漏洞

CodeIgniter is an open source web framework written in PHP. A SQL injection vulnerability exists in CodeIgniter version 3.1.13 and earlier versions, which stems from a SQL injection problem in the having method in the systemdatabaseDBquerybuilder.php location...

PT-2022-25565 · Unknown · Codeigniter

Name of the Vulnerable Software and Affected Versions: CodeIgniter versions =3.1.13 Description: The issue concerns SQL Injection via the having function in the system/database/DB query builder.php file. Note that the validity of this issue has been disputed by multiple third parties...