46063 matches found
Authentication Bypass by Primary Weakness
Overview mantisbt/mantisbt is a mantis bug tracker. Affected versions of this package are vulnerable to Authentication Bypass by Primary Weakness in the SOAP API due to improper type checking on the password parameter. An attacker can gain unauthorized access to user accounts by sending a crafted...
CVE-2026-30849
Mantis Bug Tracker MantisBT is an open source issue tracker. Versions prior to 2.28.1 running on MySQL family databases are affected by an authentication bypass vulnerability in the SOAP API, as a result of an improper type checking on the password parameter. Other database backends are not...
CVE-2026-30849 MantisBT SOAP API has an authentication bypass vulnerability on MySQL
Mantis Bug Tracker MantisBT is an open source issue tracker. Versions prior to 2.28.1 running on MySQL family databases are affected by an authentication bypass vulnerability in the SOAP API, as a result of an improper type checking on the password parameter. Other database backends are not...
CVE-2026-30849
Mantis Bug Tracker MantisBT is an open source issue tracker. Versions prior to 2.28.1 running on MySQL family databases are affected by an authentication bypass vulnerability in the SOAP API, as a result of an improper type checking on the password parameter. Other database backends are not...
CVE-2026-30849
The CVE affects MantisBT (open source issue tracker) prior to version 2.28.1 when run on MySQL databases. It enables an authentication bypass via the SOAP API due to improper type checking on the password parameter, allowing an attacker who knows a victim’s username to log in without the password...
CVE-2026-30849 MantisBT SOAP API has an authentication bypass vulnerability on MySQL
Mantis Bug Tracker MantisBT is an open source issue tracker. Versions prior to 2.28.1 running on MySQL family databases are affected by an authentication bypass vulnerability in the SOAP API, as a result of an improper type checking on the password parameter. Other database backends are not...
CVE-2026-30849 MantisBT SOAP API has an authentication bypass vulnerability on MySQL
Mantis Bug Tracker MantisBT is an open source issue tracker. Versions prior to 2.28.1 running on MySQL family databases are affected by an authentication bypass vulnerability in the SOAP API, as a result of an improper type checking on the password parameter. Other database backends are not...
PT-2026-27178
Name of the Vulnerable Software and Affected Versions Mantis Bug Tracker versions prior to 2.28.1 Description Mantis Bug Tracker is an open source issue tracker. Instances running on MySQL family databases are affected by an authentication bypass in the SOAP API due to improper type checking on t...
CVE-2019-25576
Kepler Wallpaper Script 1.1 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code into the category parameter. Attackers can send GET requests to the category endpoint with URL-encoded SQL UNION statements to...
CVE-2019-25576
CVE-2019-25576 affects Kepler Wallpaper Script 1.1 and is described as an SQL injection in the category parameter. An unauthenticated attacker can send GET requests with URL-encoded SQL UNION statements to retrieve data such as usernames, database names, and MySQL version details. The connected s...
PT-2026-26924
Kepler Wallpaper Script 1.1 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code into the category parameter. Attackers can send GET requests to the category endpoint with URL-encoded SQL UNION statements to...
Kysely has a MySQL SQL Injection via Insufficient Backslash Escaping in `sql.lit(string)` usage or similar methods that append string literal values into the compiled SQL strings
Summary Kysely's DefaultQueryCompiler.sanitizeStringLiteral only escapes single quotes by doubling them ' → '' but does not escape backslashes. When used with the MySQL dialect where NOBACKSLASHESCAPES is OFF by default, an attacker can use a backslash to escape the trailing quote of a string...
GHSA-8CPQ-38P9-67GX Kysely has a MySQL SQL Injection via Insufficient Backslash Escaping in `sql.lit(string)` usage or similar methods that append string literal values into the compiled SQL strings
Summary Kysely's DefaultQueryCompiler.sanitizeStringLiteral only escapes single quotes by doubling them ' → '' but does not escape backslashes. When used with the MySQL dialect where NOBACKSLASHESCAPES is OFF by default, an attacker can use a backslash to escape the trailing quote of a string...
SQL Injection
Overview kysely is a Type safe SQL query builder Affected versions of this package are vulnerable to SQL Injection via the sanitizeStringLiteral function. An attacker can execute arbitrary SQL commands by supplying specially crafted input containing backslashes and single quotes, which are not...
CVE-2026-32949 SQLBot: SSRF to Arbitrary File Read (AFR) via Rogue MySQL
SQLBot is an intelligent data query system based on a large language model and RAG. Versions prior to 1.7.0 contain a Server-Side Request Forgery SSRF vulnerability that allows an attacker to retrieve arbitrary system and application files from the server. An attacker can exploit the...
CVE-2026-32949 SQLBot: SSRF to Arbitrary File Read (AFR) via Rogue MySQL
SQLBot is an intelligent data query system based on a large language model and RAG. Versions prior to 1.7.0 contain a Server-Side Request Forgery SSRF vulnerability that allows an attacker to retrieve arbitrary system and application files from the server. An attacker can exploit the...
CVE-2026-32949
SQLBot is vulnerable prior to version 1.7.0 to an SSRF leading to arbitrary local-file reads. An attacker can abuse /api/v1/datasource/check by supplying a forged MySQL data source with extraJdbc="local_infile=1". During connectivity verification, a rogue MySQL server issues a malicious LOAD DATA...
EUVD-2026-13541
SQLBot is an intelligent data query system based on a large language model and RAG. Versions prior to 1.7.0 contain a Server-Side Request Forgery SSRF vulnerability that allows an attacker to retrieve arbitrary system and application files from the server. An attacker can exploit the...
PT-2026-26761
Name of the Vulnerable Software and Affected Versions Kysely versions 0.28.12 through 0.28.13 Description Kysely's sanitizeStringLiteral method inadequately handles backslashes when escaping single quotes, leading to potential SQL injection in MySQL databases with the default BACKSLASH ESCAPES SQ...
PT-2026-26762
Name of the Vulnerable Software and Affected Versions Kysely versions prior to 0.28.14 Description Kysely's DefaultQueryCompiler.sanitizeStringLiteral function inadequately escapes backslashes when handling string literals. Specifically, it only doubles single quotes but does not address...