Blockchain AltExchanger 1.2.1 SQL Injection

Information Vulnerability Name : Multiple Remote SQL Injections in Inout Blockchain AltExchanger Product : Inout Blockchain AltExchanger version : 1.2.1 Date : 2022-05-21 Vendor Site : https://www.inoutscripts.com/products/inout-blockchain-altexchanger/ Exploit Detail :...

CVE-2020-24770

SQL injection vulnerability in modrules.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the id parameter...

CVE-2021-39056

The IBM i 7.1, 7.2, 7.3, and 7.4 Extended Dynamic Remote SQL server EDRSQL could allow a remote authenticated user to send a specially crafted request and cause a denial of service. IBM X-Force ID: 214537...

Design/Logic Flaw

The IBM i 7.1, 7.2, 7.3, and 7.4 Extended Dynamic Remote SQL server EDRSQL could allow a remote authenticated user to send a specially crafted request and cause a denial of service. IBM X-Force ID: 214537...

CVE-2021-39056

The IBM i 7.1, 7.2, 7.3, and 7.4 Extended Dynamic Remote SQL server EDRSQL could allow a remote authenticated user to send a specially crafted request and cause a denial of service. IBM X-Force ID: 214537...

IBM i 安全漏洞

IBM i is a set of operating systems from IBM USA running in IBM Power Systems and IBM PureSystems. IBM i 7.1, 7.2, 7.3 and 7.4 Extended Dynamic Remote SQL server EDRSQL has a security vulnerability that could be exploited by an attacker to send specially designed requests to a remotely...

CVE-2021-42169

The Simple Payroll System with Dynamic Tax Bracket in PHP using SQLite Free Source Code by: oretnom23 is vulnerable from remote SQL-Injection-Bypass-Authentication for the admin account. The parameter username from the login form is not protected correctly and there is no security and escaping fr...

CVE-2021-40993

A remote SQL injection vulnerability was discovered in Aruba ClearPass Policy Manager versions: ClearPass Policy Manager 6.10.x prior to 6.10.2 - - ClearPass Policy Manager 6.9.x prior to 6.9.7-HF1 - - ClearPass Policy Manager 6.8.x prior to 6.8.9-HF1. Aruba has released patches for ClearPass...

CVE-2021-40992

A remote SQL injection vulnerability was discovered in Aruba ClearPass Policy Manager versions: ClearPass Policy Manager 6.10.x prior to 6.10.2 - - ClearPass Policy Manager 6.9.x prior to 6.9.7-HF1 - - ClearPass Policy Manager 6.8.x prior to 6.8.9-HF1. Aruba has released patches for ClearPass...

CVE-2021-40992

Aruba ClearPass Policy Manager (HPE Aruba) has a remote SQL injection vulnerability (CVE-2021-40992). Affected releases: 6.10.x before 6.10.2; 6.9.x before 6.9.7-HF1; 6.8.x before 6.8.9-HF1. The issue could allow an attacker to obtain and modify data in the underlying database. Aruba has released...

CVE-2021-37737

A remote SQL injection vulnerability was discovered in Aruba ClearPass Policy Manager versions: ClearPass Policy Manager 6.10.x prior to 6.10.2 - - ClearPass Policy Manager 6.9.x prior to 6.9.7-HF1 - - ClearPass Policy Manager 6.8.x prior to 6.8.9-HF1. Aruba has released patches for ClearPass...

CVE-2021-36624

Sourcecodester Phone Shop Sales Managements System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass...

Sql injection

PEEL Shopping version 9.4.0 allows remote SQL injection. A public user/guest unauthenticated can inject a malicious SQL query in order to affect the execution of predefined SQL commands. Upon a successful SQL injection attack, an attacker can read sensitive data from the database and possibly...

Vinades NukeViet SQL注入漏洞

Vinades NukeViet CMS is an open source content management system CMS from Vinades Vietnam.Vinades NukeViet CMS is vulnerable to SQL injection, which originates from the topicsid parameter of the product modules/news/admin/addtotopics.php page Fails to filter input special characters, and an...

CVE-2021-26229

SQL injection vulnerability in SourceCodester CASAP Automated Enrollment System v 1.0 allows remote attackers to execute arbitrary SQL statements, via the id parameter to editstud.php...

Liferay Portal 7.3.5 SQLi

Multiple SQL injection vulnerabilities in Liferay Portal 7.3.5 allow remote authenticated users to execute arbitrary SQL commands via the classPKField parameter to 1 CommerceChannelRelFinder.countByCC, or 2 CommerceChannelRelFinder.findByCC. Note that Nessus has not tested for this issue but has...

CVE-2021-33578

Echo ShareCare 8.15.5 is susceptible to SQL injection vulnerabilities when processing remote input from both authenticated and unauthenticated users, leading to the ability to bypass authentication, exfiltrate Structured Query Language SQL records, and manipulate data...

The vulnerability of the update_log function (lib/Cleantalk/ApbctWP/Firewall/SFW.php) in spam protection modules, including AntiSpam and CleanTalk firewall plugins, allows attackers to execute arbitrary SQL queries.

The vulnerability of the updatelog function in modules for spam protection, AntiSpam, and CleanTalk firewall plugins is related to the failure to protect the SQL query structure. Exploiting this vulnerability allows an attacker to execute arbitrary SQL queries remotely...

CVE-2021-35456

Online Pet Shop We App 1.0 is vulnerable to remote SQL injection and shell upload...

CVE-2021-35456

CVE-2021-35456 affects Online Pet Shop Web App 1.0. The issue comprises two flaws: a remote SQL injection vulnerability and a shell upload vulnerability. CNNVD attributes the SQLi to lack of validation of externally entered SQL statements in the application, enabling attackers to execute arbitrar...