CVE-2020-26668

A SQL injection vulnerability was discovered in /core/feeds/custom.php in BigTree CMS 4.4.10 and earlier which allows an authenticated attacker to inject a malicious SQL query to the applications via the 'Create New Feed' function...

DIAEnergie 1.10 SQL Injection

DIAEnergie version 1.10 proof of concept remote SQL injection exploit. ============================================================================================================================================= | Title : DIAEnergie 1.10 PHP Code Injection Vulnerability | | Author : indoushka | ...

Devtron has SQL Injection in CreateUser API

Summary An authenticated user with minimum permission could utilize and exploit SQL Injection to allow the execution of malicious SQL queries via CreateUser API /orchestrator/user. Details The API is CreateUser /orchestrator/user. The function to read user input is:...

GHSA-Q78V-CV36-8FXJ Devtron has SQL Injection in CreateUser API

Summary An authenticated user with minimum permission could utilize and exploit SQL Injection to allow the execution of malicious SQL queries via CreateUser API /orchestrator/user. Details The API is CreateUser /orchestrator/user. The function to read user input is:...

LF Edge eKuiper has a SQL Injection in sqlKvStore

Summary A user could utilize and exploit SQL Injection to allow the execution of malicious SQL query via Get method in sqlKvStore. Details I will use explainRuleHandler "/rules/name/explain" as an example to illustrate. However, this vulnerability also exists in other methods such as...

SQL Injection

francoisjacquet/rosariosis is vulnerable to SQL injection. It does not escape the input DB identifier in RegistrationSave.fnc.php, Calendar.php, MarkingPeriods.php, SchoolFields.php, AddressFields.php, PeopleFields.php, StudentFields.php & UserFields.php, allowing an attacker to inject malicious...

CVE-2020-26668

A SQL injection vulnerability was discovered in /core/feeds/custom.php in BigTree CMS 4.4.10 and earlier which allows an authenticated attacker to inject a malicious SQL query to the applications via the 'Create New Feed' function...

Sql injection

A SQL injection vulnerability was discovered in /core/feeds/custom.php in BigTree CMS 4.4.10 and earlier which allows an authenticated attacker to inject a malicious SQL query to the applications via the 'Create New Feed' function...

CVE-2020-26668

A SQL injection vulnerability was discovered in /core/feeds/custom.php in BigTree CMS 4.4.10 and earlier which allows an authenticated attacker to inject a malicious SQL query to the applications via the 'Create New Feed' function...

Doctor Appointment System SQL Injection Vulnerability (CNVD-2021-39522)

Doctor Appointment System is a PHP/MySQLi based doctor appointment system. A SQL injection vulnerability exists in admin.php in Doctor Appointment System 1.0, which can be exploited to insert a malicious SQL query via the username parameter on the login page...