107 matches found
Doctor Appointment System SQL Injection Vulnerability (CNVD-2021-22960)
Doctor Appointment System is a PHP/MySQLi based doctor appointment system. A SQL blind injection vulnerability exists in contactus.php in Doctor Appointment System 1.0. An attacker can exploit this vulnerability to insert malicious SQL queries via the firstname parameter...
Sql injection
Blind SQL injection in contactus.php in doctor appointment system 1.0 allows an unauthenticated attacker to insert malicious SQL queries via lastname parameter...
Sql injection
Blind SQL injection in contactus.php in Doctor Appointment System 1.0 allows an unauthenticated attacker to insert malicious SQL queries via email parameter...
CVE-2021-27319
Blind SQL injection in contactus.php in Doctor Appointment System 1.0 allows an unauthenticated attacker to insert malicious SQL queries via email parameter...
CVE-2021-27316
Blind SQL injection in contactus.php in doctor appointment system 1.0 allows an unauthenticated attacker to insert malicious SQL queries via lastname parameter...
CVE-2021-27315
Blind SQL injection in contactus.php in Doctor Appointment System 1.0 allows an unauthenticated attacker to insert malicious SQL queries via the comment parameter...
CVE-2021-27314
SQL injection in admin.php in doctor appointment system 1.0 allows an unauthenticated attacker to insert malicious SQL queries via username parameter at login page...
Sql injection
SQL injection in admin.php in doctor appointment system 1.0 allows an unauthenticated attacker to insert malicious SQL queries via username parameter at login page...
Doctor Appointment System SQL Injection Vulnerability (CNVD-2021-39522)
Doctor Appointment System is a PHP/MySQLi based doctor appointment system. A SQL injection vulnerability exists in admin.php in Doctor Appointment System 1.0, which can be exploited to insert a malicious SQL query via the username parameter on the login page...
CVE-2021-27314
SQL injection in admin.php in doctor appointment system 1.0 allows an unauthenticated attacker to insert malicious SQL queries via username parameter at login page...
CVE-2020-21180
Sql injection vulnerability in koa2-blog 1.0.0 allows remote attackers to Injecting a malicious SQL statement via the name parameter to the signup page...
Sql injection
Sql injection vulnerability in koa2-blog 1.0.0 allows remote attackers to Injecting a malicious SQL statement via the name parameter to the signup page...
Sql injection
Multiple vulnerabilities in the web-based management interface of Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to conduct SQL injection attacks on an affected system. These vulnerabilities exist because the web-based management interface improperly validates value...
phpMyAdmin SQL Injection Vulnerability (CNVD-2021-45286)
phpMyAdmin is a PHP written, Web-based MySQL and MariaDB open source management tools. A SQL injection vulnerability exists in SearchController in phpMyAdmin. An attacker can exploit this vulnerability to inject malicious SQL into queries...
Sql injection
An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to SQL Injection due to the fact that it is possible to inject malicious SQL statements in malformed parameter types. This can occur via /ajax/deviceentities.php?entitytype=netscalervsvr&devicei...
SQL Injection
Apache SkyWalking is vulnerable to SQL injection. The function getLinearIntValues in H2MetricsQueryDAO.java does not sanitize the user-provided ID parameter to the SQL query StringBuilder when H2/MySQL/TiDB is used as storage, allowing an attacker to provide arbitrary string to construct maliciou...
CVE-2020-9402
A SQL-injection flaw was found in python-django, where GIS functions and aggregates in Oracle did not correctly neutralize tolerance-parameter data. A remote attacker could use this flaw to submit crafted data to inject malicious SQL. Mitigation There is no known mitigation for this issue, the fl...
SQL injection in Django
Django 1.11 before 1.11.28, 2.2 before 2.2.10, and 3.0 before 3.0.3 allows SQL Injection if untrusted data is used as a StringAgg delimiter e.g., in Django applications that offer downloads of data as a series of rows with a user-specified column delimiter. By passing a suitably crafted delimiter...
Sql injection
Django 1.11 before 1.11.28, 2.2 before 2.2.10, and 3.0 before 3.0.3 allows SQL Injection if untrusted data is used as a StringAgg delimiter e.g., in Django applications that offer downloads of data as a series of rows with a user-specified column delimiter. By passing a suitably crafted delimiter...
SQLite report about CVE-2020-11655
Malicious SQL statement causes a read using an uninitialized pointer and denial-of-service. details...