20 matches found
XWiki - HQL Injection
XWiki is vulnerable to Hibernate Query Language HQL injection in the wiki and space search REST API starting in version 4.3-milestone-1 and prior to versions 16.10.9, 17.4.2, and 17.5.0. The vulnerability allows attackers to inject malicious HQL queries through the orderField parameter, potential...
VulnCheck KEV: CVE-2025-52472
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Starting in version 4.3-milestone-1 and prior to versions 16.10.9, 17.4.2, and 17.5.0, the REST search URL is vulnerable to HQL injection via the orderField parameter. The specified value is...
CVE-2025-11912
A flaw has been found in Shenzhen Ruiming Technology Streamax Crocus 1.3.40. Affected is the function Query of the file /DeviceState.do?Action=Query. This manipulation of the argument orderField causes sql injection. The attack can be initiated remotely. The exploit has been published and may be...
CVE-2025-11909
A weakness has been identified in Shenzhen Ruiming Technology Streamax Crocus 1.3.40. The impacted element is the function queryLast of the file /RepairRecord.do?Action=QueryLast. Executing manipulation of the argument orderField can lead to sql injection. The attack may be performed from remote...
CVE-2025-11910
A security vulnerability has been detected in Shenzhen Ruiming Technology Streamax Crocus 1.3.40. This affects the function Query of the file /MemoryState.do?Action=Query. The manipulation of the argument orderField leads to sql injection. It is possible to initiate the attack remotely. The explo...
CVE-2025-11912
A flaw has been found in Shenzhen Ruiming Technology Streamax Crocus 1.3.40. Affected is the function Query of the file /DeviceState.do?Action=Query. This manipulation of the argument orderField causes sql injection. The attack can be initiated remotely. The exploit has been published and may be...
CVE-2025-11912
A flaw has been found in Shenzhen Ruiming Technology Streamax Crocus 1.3.40. Affected is the function Query of the file /DeviceState.do?Action=Query. This manipulation of the argument orderField causes sql injection. The attack can be initiated remotely. The exploit has been published and may be...
CVE-2025-11910
A security vulnerability has been detected in Shenzhen Ruiming Technology Streamax Crocus 1.3.40. This affects the function Query of the file /MemoryState.do?Action=Query. The manipulation of the argument orderField leads to sql injection. It is possible to initiate the attack remotely. The explo...
CVE-2025-11910 Shenzhen Ruiming Technology Streamax Crocus MemoryState.do query sql injection
A security vulnerability has been detected in Shenzhen Ruiming Technology Streamax Crocus 1.3.40. This affects the function Query of the file /MemoryState.do?Action=Query. The manipulation of the argument orderField leads to sql injection. It is possible to initiate the attack remotely. The explo...
SQL Injection
Overview org.xwiki.platform:xwiki-platform-oldcore is a generic wiki platform offering runtime services for applications built on top of it. Affected versions of this package are vulnerable to SQL Injection via the orderField parameter in the REST API. An attacker can execute arbitrary HQL...
EUVD-2025-32540
XWiki Platform is vulnerable to HQL injection via wiki and space search REST API...
SQL Injection
Overview Affected versions of this package are vulnerable to SQL Injection via the orderField parameter in the REST API. An attacker can execute arbitrary HQL statements by injecting crafted input, potentially leading to unauthorized data access or manipulation. Remediation Upgrade...
CVE-2025-52472
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Starting in version 4.3-milestone-1 and prior to versions 16.10.9, 17.4.2, and 17.5.0, the REST search URL is vulnerable to HQL injection via the orderField parameter. The specified value is...
CVE-2025-52472 XWiki Platform vulnerable to HQL injection via wiki and space search REST API
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Starting in version 4.3-milestone-1 and prior to versions 16.10.9, 17.4.2, and 17.5.0, the REST search URL is vulnerable to HQL injection via the orderField parameter. The specified value is...
CVE-2025-52472 XWiki Platform vulnerable to HQL injection via wiki and space search REST API
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Starting in version 4.3-milestone-1 and prior to versions 16.10.9, 17.4.2, and 17.5.0, the REST search URL is vulnerable to HQL injection via the orderField parameter. The specified value is...
CVE-2025-52472
XWiki Platform is vulnerable to Hibernate Query Language (HQL) injection in the wiki/space search REST API. Affected versions are 4.3-milestone-1 up to but not including 16.10.9, 17.4.2, and 17.5.0. The vulnerability arises from the orderField parameter, where the value is inserted twice in the q...
SUSE CVE-2020-11095
In FreeRDP before version 2.1.2, an out of bound reads occurs resulting in accessing a memory location that is outside of the boundaries of the static array PRIMARYDRAWINGORDERFIELDBYTES. This is fixed in version 2.1.2...
The vulnerability of the PRIMARY_DRAWING_ORDER_FIELD_BYTES function in the FreeRDP remote desktop protocol implementation involves reading data beyond the allowed buffer limit. This allows attackers to access confidential data and cause service interruptions.
The vulnerability of the PRIMARYDRAWINGORDERFIELDBYTES function in the FreeRDP remote desktop protocol implementation is related to reading data beyond the allowable buffer size. Exploiting this vulnerability can allow an attacker to access confidential data and also cause service interruptions...
MunkiReport SQL Injection Vulnerability (CNVD-2020-42246)
Munkireport is a reporting tool for the Munki software management program. A SQL injection vulnerability exists in the TableQuery.php file in MunkiReport versions prior to 5.6.3. The vulnerability can be exploited by an attacker to execute arbitrary SQL commands by sending a POST request to...
UBUNTU-CVE-2020-11097
In FreeRDP before version 2.1.2, an out of bounds read occurs resulting in accessing a memory location that is outside of the boundaries of the static array PRIMARYDRAWINGORDERFIELDBYTES. This is fixed in version 2.1.2...