20 matches found
EUVD-2017-17160
Malware in sbrugna...
CVE-2025-29649
SQL Injection vulnerability exists in the TP-Link TL-WR840N router s login dashboard version 1.0, allowing an unauthenticated attacker to inject malicious SQL statements via the username and password fields. NOTE: this is disputed because the issue can only be reproduced on a supplier-provided...
CVE-2025-29648
SQL Injection vulnerability exists in the TP-Link EAP120 router s login dashboard version 1.0, allowing an unauthenticated attacker to inject malicious SQL statements via the login fields. NOTE: this is disputed because the issue can only be reproduced on a supplier-provided emulator, where acces...
CVE-2025-29653
SQL Injection vulnerability exists in the TP-Link M7450 4G LTE Mobile Wi-Fi Router Firmware Version: 1.0.2 Build 170306 Rel.1015n, allowing an unauthenticated attacker to inject malicious SQL statements via the username and password fields...
CVE-2025-29653
...
CVE-2025-29648
CVE-2025-29648 is rejected/not used per the Initial Description.
CVE-2025-29653
TP-Link M7450 4G LTE Mobile Wi‑Fi Router is affected by CVE-2025-29653 as reported in multiple sources (Red Hat and PT-2025-16890). The vulnerability is a SQL Injection in firmware version 1.0.2 Build 170306 Rel.1015n, exploitable via the username and password fields. The PT-2025-16890 descriptio...
CVE-2025-29648
...
CVE-2024-48509
Learning with Texts LWT 2.0.3 is vulnerable to SQL Injection. This occurs when the application fails to properly sanitize user inputs, allowing attackers to manipulate SQL queries by injecting malicious SQL statements into URL parameters. By exploiting this vulnerability, an attacker could gain...
K000138733: BIG-IP Next Central Manager SQL Injection vulnerability CVE-2024-26026
Security Advisory Description An SQL injection vulnerability exists in the BIG-IP Next Central Manager API URI. CVE-2024-26026 Impact An unauthenticated attacker can exploit this vulnerability to execute malicious SQL statements through the BIG-IP Next Central Manager API URI. This vulnerability...
Mars: Blind SQL Injection on █████ via URI Path
The vulnerability involved a time-based SQL injection attack on the target system via the URI path. The attack capitalized on vulnerabilities in the application's interactions with the database, allowing the attacker to extract information by purposefully delaying database processing and observin...
Synology DiskStation Manager SQL Injection Vulnerability (CNVD-2022-27445)
Synology DiskStation Manager DSM is an operating system used on network storage servers NAS by Synology Inc. of Taiwan, China. A SQL injection vulnerability exists in Synology DiskStation Manager, which stems from the failure of the product's Log Management function to handle special characters i...
Victor CMS SQL Injection Vulnerability (CNVD-2022-18528)
Victor CMS is an open source content management system from Victor Alagwu, a personal developer in Nigeria.A SQL injection vulnerability exists in Victor CMS v1.0, which stems from the fact that the product does not effectively handle or escape special characters in user input data. An attacker...
Tongda2000 SQL Injection Vulnerability
A SQL injection vulnerability exists in Tongda2000, a web-based intelligent office system from China Tongda, which originates from the dname parameter in the product's exportdata.php file that does not securely handle special characters in user input data. An attacker can execute malicious SQL...
SourceCodester Employee and Visitor Gate Pass Logging System SQL注入漏洞
SourceCodester Employee and Visitor Gate Pass Logging System is a simple web-based employee and visitor pass logging system that provides companies with an automated platform to track or log the daily records of employees and visitors entering a company building or premises. A SQL injection...
SQL Injection
Apache SkyWalking is vulnerable to SQL injection. The function getLinearIntValues in H2MetricsQueryDAO.java does not sanitize the user-provided ID parameter to the SQL query StringBuilder when H2/MySQL/TiDB is used as storage, allowing an attacker to provide arbitrary string to construct maliciou...
CVE-2019-15995
A vulnerability in the web UI of Cisco DNA Spaces: Connector could allow an authenticated, remote attacker to execute arbitrary SQL queries. The vulnerability exists because the web UI does not properly validate user-supplied input. An attacker could exploit this vulnerability by entering malicio...
Sql injection
FusionSphere V100R006C00SPC102NFV has an SQL injection vulnerability. An authenticated, remote attacker could craft interface messages carrying malicious SQL statements and send them to a target device. Successful exploit could allow the attacker to launch an SQL injection attack and execute SQL...
Cisco Unified Communications Manager Interactive Voice Response Interface SQL Injection Vulnerability
A vulnerability in the Interactive Voice Response IVR interface of Cisco Unified Communications Manager UCM could allow an unauthenticated, remote attacker to conduct SQL injection attacks. The vulnerability is due to a lack of input validation on user-supplied input within SQL queries. An attack...
Comersus Cart 5.0 - SQL Injection
Comersus Cart 5.0 - SQL Injection source: https://www.securityfocus.com/bid/10824/info Comersus Cart is reportedly affected by a remote SQL injection vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied URI parameter input before using it in an SQL...