SQL Injection

snowflakeconnectorpython is vulnerable to SQL Injection. The vulnerability is due to improper input sanitization in a function from the snowflake.connector.pandastools module, allowing malicious SQL code to be injected and executed...

CVE-2024-57238

Prolink 4G LTE Mobile Wi-Fi DL-7203E V4.0.0B05 is vulnerable to SQL Injection in in the /reqproc/procget endpoint. The vulnerability allows an attacker to manipulate SQL queries by injecting malicious SQL code into the orderby parameter...

CVE-2024-57328

A SQL Injection vulnerability exists in the login form of Online Food Ordering System v1.0. The vulnerability arises because the input fields username and password are not properly sanitized, allowing attackers to inject malicious SQL queries to bypass authentication and gain unauthorized access...

Devtron has SQL Injection in CreateUser API

Summary An authenticated user with minimum permission could utilize and exploit SQL Injection to allow the execution of malicious SQL queries via CreateUser API /orchestrator/user. Details The API is CreateUser /orchestrator/user. The function to read user input is:...

GHSA-Q78V-CV36-8FXJ Devtron has SQL Injection in CreateUser API

Summary An authenticated user with minimum permission could utilize and exploit SQL Injection to allow the execution of malicious SQL queries via CreateUser API /orchestrator/user. Details The API is CreateUser /orchestrator/user. The function to read user input is:...

SQL Injection

funadmin/funadmin is vulnerable to SQL injection. The vulnerability is due to improper input handling in the /curd/table/fieldlist endpoint, allowing attackers to inject malicious SQL queries...

CVE-2024-48509

Learning with Texts LWT 2.0.3 is vulnerable to SQL Injection. This occurs when the application fails to properly sanitize user inputs, allowing attackers to manipulate SQL queries by injecting malicious SQL statements into URL parameters. By exploiting this vulnerability, an attacker could gain...

LF Edge eKuiper has a SQL Injection in sqlKvStore

Summary A user could utilize and exploit SQL Injection to allow the execution of malicious SQL query via Get method in sqlKvStore. Details I will use explainRuleHandler "/rules/name/explain" as an example to illustrate. However, this vulnerability also exists in other methods such as...

SQL Injection

zendframework/zendframework1 is vulnerable to SQL Injection. The vulnerability is due to the improper handling of SQL expressions and comments in the ORDER BY and GROUP BY clauses. Attackers can exploit this vulnerability by injecting malicious SQL code that can alter the intended SQL query and...

CVE-2024-36673

CVE-2024-36673 affects Sourcecodester Pharmacy/Medical Store Point of Sale System 1.0. The vulnerability is an SQL Injection in login.php caused by inadequate validation of the email and password inputs, enabling injection of malicious SQL queries. Documented impact is high for confidentiality, i...

K000138733: BIG-IP Next Central Manager SQL Injection vulnerability CVE-2024-26026

Security Advisory Description An SQL injection vulnerability exists in the BIG-IP Next Central Manager API URI. CVE-2024-26026 Impact An unauthenticated attacker can exploit this vulnerability to execute malicious SQL statements through the BIG-IP Next Central Manager API URI. This vulnerability...

SQL Injection

Cacti is vulnerable to SQL Injection. The vulnerability is due to a lack of input sanitization in pollers.php script. This allows an attacker to potentially execute malicious SQL code, resulting in a SQL injection...

Sql injection

SEMCMS 3.9 is vulnerable to SQL Injection. Due to the lack of security checks on the input of the application, the attacker uses the existing application to inject malicious SQL commands into the background database engine for execution, and sends some attack codes as commands or query statements...

Mars: Blind SQL Injection on █████ via URI Path

The vulnerability involved a time-based SQL injection attack on the target system via the URI path. The attack capitalized on vulnerabilities in the application's interactions with the database, allowing the attacker to extract information by purposefully delaying database processing and observin...

Hospital Management System SQL Injection Vulnerability (CNVD-2023-64629)

A Hospital Management System HMS is a computerized system that helps manage healthcare-related information and helps healthcare providers do their jobs effectively. A SQL injection vulnerability exists in Hospital Management System version V1.0, which stems from the application's inability to...

SQL Injection

trytond is vulnerable to SQL Injection. The vulnerability is due to improper SQL sanitization in modelsql.py, allowing an authenticated attacker to inject and execute malicious SQL queries into the system when reading fields without an SQL type...

SQL Injection

jeecg-boot-base-core is vulnerable to SQL Injection. The vulnerability is due to improper SQL sanitization in the building block report component, allowing an authenticated attacker to inject and execute malicious SQL queries, leading to Sensitive Information Disclosure...

Sql injection

SQL injection in School Management System 1.0 allows remote attackers to modify or delete data, causing persistent changes to the application's content or behavior by using malicious SQL queries...

SQL Injection

jeecg-boot-base-core is vulnerable to sql injection. The vulnerability exists because the filterContent function of SqlInjectionUtil.java does not properly replace the value parameter, allowing an attacker to inject and execute malicious SQL queries...

SQL Injection

francoisjacquet/rosariosis is vulnerable to SQL injection. It does not escape the input DB identifier in RegistrationSave.fnc.php, Calendar.php, MarkingPeriods.php, SchoolFields.php, AddressFields.php, PeopleFields.php, StudentFields.php & UserFields.php, allowing an attacker to inject malicious...