Lucene search
K

62 matches found

NVD
NVD
added 5 days ago6 views

CVE-2026-47199

Frappe is a full-stack web application framework. Prior to 16.18.3 and 15.108.0, checksafesqlquery permitted SELECT INTO OUTFILE queries, which could potentially work on self-hosted sites if database permissions are not well aligned and MySQL FILE privileges are available. This issue is fixed in...

2.3CVSS0.00401EPSS
Exploits0References7
CVE
CVE
added 5 days ago6 views

CVE-2026-47199

Frappe’s check_safe_sql_query could allow SELECT INTO OUTFILE on self-hosted deployments if database permissions align and MySQL FILE privileges are present. Affected versions: prior to 16.18.3 and 15.108.0. Fixed in 16.18.3 and 15.108.0. CVSS v4.0 base score 2.3 (LOW). Impact is limited to confi...

2.3CVSS6.1AI score0.00401EPSS
Exploits0References7
Cvelist
Cvelist
added 5 days ago30 views

CVE-2026-47199 Frappe: check_safe_sql_query Permits SELECT INTO OUTFILE

Frappe is a full-stack web application framework. Prior to 16.18.3 and 15.108.0, checksafesqlquery permitted SELECT INTO OUTFILE queries, which could potentially work on self-hosted sites if database permissions are not well aligned and MySQL FILE privileges are available. This issue is fixed in...

2.3CVSS0.00401EPSS
Exploits0References7
OSV
OSV
added 5 days ago2 views

CVE-2026-47199 Frappe: check_safe_sql_query Permits SELECT INTO OUTFILE

Frappe is a full-stack web application framework. Prior to 16.18.3 and 15.108.0, checksafesqlquery permitted SELECT INTO OUTFILE queries, which could potentially work on self-hosted sites if database permissions are not well aligned and MySQL FILE privileges are available. This issue is fixed in...

2.3CVSS6.1AI score0.00401EPSS
Exploits0References9
OSV
OSV
added 2026/06/16 11:47 a.m.6 views

BIT-MARIADB-MIN-2026-44173 MariaDB: FILE privilege was not checked for subqueries in the FROM clause

MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.26, 10.11.1 to before 10.11.17, 11.4.1 to before 11.4.11, 11.8.1 to before 11.8.7, and 12.3.1, MariaDB allowed SELECT ... INTO OUTFILE and SELECT ... INTO DUMPFILE without verifying the FILE privileg...

8.1CVSS5.2AI score0.00399EPSS
Exploits0References13
OSV
OSV
added 2026/06/16 11:47 a.m.4 views

BIT-MARIADB-2026-44173 MariaDB: FILE privilege was not checked for subqueries in the FROM clause

MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.26, 10.11.1 to before 10.11.17, 11.4.1 to before 11.4.11, 11.8.1 to before 11.8.7, and 12.3.1, MariaDB allowed SELECT ... INTO OUTFILE and SELECT ... INTO DUMPFILE without verifying the FILE privileg...

8.1CVSS5.2AI score0.00399EPSS
Exploits0References13
OSV
OSV
added 2026/06/12 6:16 p.m.9 views

ALPINE-CVE-2026-44173

MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.26, 10.11.1 to before 10.11.17, 11.4.1 to before 11.4.11, 11.8.1 to before 11.8.7, and 12.3.1, MariaDB allowed SELECT ... INTO OUTFILE and SELECT ... INTO DUMPFILE without verifying the FILE privileg...

5.3CVSS5.2AI score0.00399EPSS
Exploits0References1
NVD
NVD
added 2026/06/12 6:16 p.m.13 views

CVE-2026-44173

MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.26, 10.11.1 to before 10.11.17, 11.4.1 to before 11.4.11, 11.8.1 to before 11.8.7, and 12.3.1, MariaDB allowed SELECT ... INTO OUTFILE and SELECT ... INTO DUMPFILE without verifying the FILE privileg...

8.1CVSS0.00399EPSS
Exploits0References12
OSV
OSV
added 2026/06/12 5:34 p.m.3 views

CVE-2026-44173 MariaDB: FILE privilege was not checked for subqueries in the FROM clause

MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.26, 10.11.1 to before 10.11.17, 11.4.1 to before 11.4.11, 11.8.1 to before 11.8.7, and 12.3.1, MariaDB allowed SELECT ... INTO OUTFILE and SELECT ... INTO DUMPFILE without verifying the FILE privileg...

5CVSS5.9AI score0.00399EPSS
Exploits0References14
Vulnrichment
Vulnrichment
added 2026/06/12 5:34 p.m.14 views

CVE-2026-44173 MariaDB: FILE privilege was not checked for subqueries in the FROM clause

MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.26, 10.11.1 to before 10.11.17, 11.4.1 to before 11.4.11, 11.8.1 to before 11.8.7, and 12.3.1, MariaDB allowed SELECT ... INTO OUTFILE and SELECT ... INTO DUMPFILE without verifying the FILE privileg...

5CVSS5.3AI score0.00399EPSS
Exploits0References2
CVE
CVE
added 2026/06/12 5:34 p.m.66 views

CVE-2026-44173

CVE-2026-44173 affects the MariaDB server (community fork of MySQL). From the provided data, the vulnerability allows the FILE privilege to be bypassed for SELECT ... INTO OUTFILE and SELECT ... INTO DUMPFILE when the FROM clause contains only subqueries. This behavior exists in MariaDB versions ...

8.1CVSS5.2AI score0.00399EPSS
Exploits0References12Affected Software1
EUVD
EUVD
added 2026/06/12 5:34 p.m.11 views

EUVD-2026-36518

MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.26, 10.11.1 to before 10.11.17, 11.4.1 to before 11.4.11, 11.8.1 to before 11.8.7, and 12.3.1, MariaDB allowed SELECT ... INTO OUTFILE and SELECT ... INTO DUMPFILE without verifying the FILE privileg...

5CVSS5.2AI score0.00399EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/12 5:34 p.m.49 views

CVE-2026-44173 MariaDB: FILE privilege was not checked for subqueries in the FROM clause

MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.26, 10.11.1 to before 10.11.17, 11.4.1 to before 11.4.11, 11.8.1 to before 11.8.7, and 12.3.1, MariaDB allowed SELECT ... INTO OUTFILE and SELECT ... INTO DUMPFILE without verifying the FILE privileg...

5CVSS0.00399EPSS
Exploits0References2
AlpineLinux
AlpineLinux
added 2026/06/12 5:34 p.m.10 views

CVE-2026-44173

MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.26, 10.11.1 to before 10.11.17, 11.4.1 to before 11.4.11, 11.8.1 to before 11.8.7, and 12.3.1, MariaDB allowed SELECT ... INTO OUTFILE and SELECT ... INTO DUMPFILE without verifying the FILE privileg...

8.1CVSS5.2AI score0.00399EPSS
Exploits0References12
NVD
NVD
added 2026/02/20 11:15 p.m.11 views

CVE-2019-25431

delpino73 Blue-Smiley-Organizer 1.32 contains an SQL injection vulnerability in the datetime parameter that allows unauthenticated attackers to manipulate database queries. Attackers can inject SQL code through POST requests to extract sensitive data using boolean-based blind and time-based blind...

8.8CVSS0.00262EPSS
Exploits0References3
CVE
CVE
added 2026/02/20 10:54 p.m.13 views

CVE-2019-25431

CVE-2019-25431 affects delpino73’s Blue-Smiley-Organizer 1.32. The issue is an SQL injection in the datetime parameter that allows unauthenticated attackers to manipulate queries. Attacks can inject SQL through POST requests to extract sensitive data using boolean-based blind or time-based blind ...

8.8CVSS6AI score0.00262EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/01/09 10:55 a.m.4 views

CVE-2022-38614

An issue in the IGB Files and OutfileService features of SmartVista Cardgen v3.28.0 allows attackers to list and download arbitrary files via modifying the PATH parameter...

7.5CVSS7.1AI score0.00905EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/12/10 11:5 p.m.5 views

CVE-2025-67509 MySQLSelectTool Read-Only Bypass via SELECT INTO OUTFILE Allows Arbitrary File Write

Neuron is a PHP framework for creating and orchestrating AI Agents. Versions 2.8.11 and below use MySQLSelectTool, which is vulnerable to Read-Only Bypass. MySQLSelectTool is intended to be a read-only SQL tool e.g., for LLM agent querying, however, validation based on the first keyword e.g.,...

8.2CVSS7.6AI score0.00253EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/12/10 11:5 p.m.24 views

CVE-2025-67509 MySQLSelectTool Read-Only Bypass via SELECT INTO OUTFILE Allows Arbitrary File Write

Neuron is a PHP framework for creating and orchestrating AI Agents. Versions 2.8.11 and below use MySQLSelectTool, which is vulnerable to Read-Only Bypass. MySQLSelectTool is intended to be a read-only SQL tool e.g., for LLM agent querying, however, validation based on the first keyword e.g.,...

8.2CVSS0.00253EPSS
Exploits0References3
EUVD
EUVD
added 2025/12/10 11:5 p.m.6 views

EUVD-2025-202171

Neuron is a PHP framework for creating and orchestrating AI Agents. Versions 2.8.11 and below use MySQLSelectTool, which is vulnerable to Read-Only Bypass. MySQLSelectTool is intended to be a read-only SQL tool e.g., for LLM agent querying, however, validation based on the first keyword e.g.,...

8.2CVSS7.4AI score0.00253EPSS
Exploits0References4
Rows per page
Query Builder