EUVD-2014-8174

Malware in sbrugna...

Subrion CMS: Authenticated administrators are able to gain escalated access through Run SQL Query tool

An issue was discovered in Subrion CMS 4.2.1, allowing authenticated adminitrators or moderators with access to the built-in Run SQL Query feature under the SQL Tool admin panel — to gain escalated privileges in the context of the SQL query tool...

Authorization Bypass Through User-Controlled SQL Primary Key

Overview intelliants/subrion is an open source php content management system. Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled SQL Primary Key via the Run SQL Query process. An attacker can obtain unauthorized access to restricted data or functions ...

GHSA-H8WV-VV58-468H Subrion CMS: Authenticated administrators are able to gain escalated access through Run SQL Query tool

An issue was discovered in Subrion CMS 4.2.1, allowing authenticated adminitrators or moderators with access to the built-in Run SQL Query feature under the SQL Tool admin panel — to gain escalated privileges in the context of the SQL query tool...

CVE-2025-56556

An issue was discovered in Subrion CMS 4.2.1, allowing authenticated adminitrators or moderators with access to the built-in Run SQL Query feature under the SQL Tool admin panel - to gain escalated privileges in the context of the SQL query tool...

Linux Distros Unpatched Vulnerability : CVE-2022-1552

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in PostgreSQL. There is an issue with incomplete efforts to operate safely when a privileged user is maintaining another user's objects. The...

Redash 安全漏洞

Redash is a suite of data integration and analysis solutions from Redash Israel. The product supports data integration, data visualization, query editing and data sharing. A security vulnerability exists in Redash 10.1.0 and 25.1.0 and earlier versions, which stems from a sandboxing issue with th...

Malicious Package

Overview helix-run-query is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this package w...

Malicious code in helix-run-query (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2f3bbd6572566ee67b93b08556dbb6c301091b2feb4e310ab55697867517d602 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2021-32664

CVE-2021-32664 (Combodo iTop) is an XSS vulnerability on the run query page when authenticated as administrator. The primary description notes affected versions and fixes: it was resolved in iTop versions 2.6.5 and 2.7.5. Connected sources corroborate iTop-specific issues and mitigations across m...

CVE-2021-32664 Reflected XSS in Combodo/iTop

Combodo iTop is an open source web based IT Service Management tool. In affected versions there is a XSS vulnerability on "run query" page when logged as administrator. This has been resolved in versions 2.6.5 and 2.7.5...

Combodo iTop 跨站脚本漏洞

Combodo iTop is a French company Combodo ITIL-based development and for the daily operation of the IT environment of open source Web applications. The program provides incident management, configuration management and problem management. A cross-site scripting vulnerability exists in Combodo iTop...

PT-2021-19842 · Comodo +1 · Itop +1

Name of the Vulnerable Software and Affected Versions: Combodo iTop versions prior to 2.6.5 Combodo iTop versions prior to 2.7.5 Description: The issue is related to a XSS vulnerability on the "run query" page when logged in as an administrator. This vulnerability has been resolved in versions...

WordPress WP-DBManager plugin Sql Run Query panel file download vulnerability

WordPress is the WordPress Software Foundation's set of blogging platform using PHP language development , the platform supports in PHP and MySQL server set up a personal blog site . WP-DBManager aka Database Manager is one of the database management plug-ins . Sql Run Query panel is one of the S...

Design/Logic Flaw

The "Sql Run Query" panel in WP-DBManager aka Database Manager plugin before 2.7.2 for WordPress allows remote attackers to read arbitrary files by leveraging failure to sufficiently limit queries, as demonstrated by use of LOADFILE in an INSERT statement...

CVE-2014-8336

The WP-DBManager WordPress plugin (pre-2.7.2) contains a vulnerability in the Sql Run Query panel that allows remote read of arbitrary files by exploiting insufficient query restriction, demonstrated via LOAD_FILE in an INSERT statement. Affected product: WP-DBManager plugin for WordPress. Impact...

CVE-2014-8336

The "Sql Run Query" panel in WP-DBManager aka Database Manager plugin before 2.7.2 for WordPress allows remote attackers to read arbitrary files by leveraging failure to sufficiently limit queries, as demonstrated by use of LOADFILE in an INSERT statement...