CVE-2025-40885

A SQL Injection vulnerability was discovered in the Smart Polling functionality due to improper validation of an input parameter. An authenticated user with limited privileges can execute arbitrary SELECT SQL statements on the DBMS used by the web application, potentially exposing unauthorized da...

EUVD-2025-32871

A SQL Injection vulnerability was discovered in the Alert functionality due to improper validation of an input parameter. An authenticated user with limited privileges can execute arbitrary SELECT SQL statements on the DBMS used by the web application, potentially exposing unauthorized data...

EUVD-2003-0393

Malware in sbrugna...

CVE-2023-26473 XWiki Platform allows unprivileged users to make arbitrary select queries using DatabaseListProperty and suggest.vm

XWiki Platform is a generic wiki platform. Starting in version 1.3-rc-1, any user with edit right can execute arbitrary database select and access data stored in the database. The problem has been patched in XWiki 13.10.11, 14.4.7, and 14.10. There is no workaround for this vulnerability other th...

OESA-2021-1252 sqlite security update

SQLite is a C-language library that implements a small, fast, self-contained, high-reliability, full-featured, SQL database engine. SQLite is the most used database engine in the world. SQLite is built into all mobile phones and most computers and comes bundled inside countless other applications...

ALPINE-CVE-2021-20227

A flaw was found in SQLite's SELECT query functionality src/select.c. This flaw allows an attacker who is capable of running SQL queries locally on the SQLite database to cause a denial of service or possible code execution by triggering a use-after-free. The highest threat from this vulnerabilit...

Denial Of Service (DoS)

mysql is vulnerable to denial of service. A flaw in the way MySQL processed EXPLAIN statements for some complex SELECT queries could allow a remote, authenticated attacker to crash mysqld...

Design/Logic Flaw

In Apache Fineract 0.4.0-incubating, 0.5.0-incubating, and 0.6.0-incubating, an authenticated user with client/loan/center/staff/group read permissions is able to inject malicious SQL into SELECT queries. The 'sqlSearch' parameter on a number of endpoints is not sanitized and appended directly to...

CVE-2017-5663

In Apache Fineract 0.4.0-incubating, 0.5.0-incubating, and 0.6.0-incubating, an authenticated user with client/loan/center/staff/group read permissions is able to inject malicious SQL into SELECT queries. The 'sqlSearch' parameter on a number of endpoints is not sanitized and appended directly to...

CVE-2017-5663

CVE-2017-5663 affects Apache Fineract 0.4.0-incubating, 0.5.0-incubating, and 0.6.0-incubating. An authenticated user with read permissions on client/loan/center/staff/group can inject malicious SQL into SELECT queries via the sqlSearch parameter across several endpoints where input is appended d...

Drupal Core - Moderately Critical - Multiple Vulnerabilities - SA-CORE-2016-005

Description Inconsistent name for term access query Less critical - Drupal 7 and Drupal 8 Drupal provides a mechanism to alter database SELECT queries before they are executed. Contributed and custom modules may use this mechanism to restrict access to certain entities by implementing...

LocatePC 1.05 (Ligatt Version + Others) - SQL Injection

LocatePC 1.05 Ligatt Version + Others - SQL Injection Affected Software: LocatePC 1.05 Consequences: Arbitrary SELECT queries against the LocatePC and "mysql" database. The LocatePC database contains enough information to stalk all users of the software. It may be possible to instruct the softwar...

GLSA-200705-11 : MySQL: Two Denial of Service vulnerabilities

The remote host is affected by the vulnerability described in GLSA-200705-11 MySQL: Two Denial of Service vulnerabilities mu-b discovered a NULL pointer dereference in itemcmpfunc.cc when processing certain types of SQL requests. Sec Consult also discovered another NULL pointer dereference when...

CVE-2003-0399

Vignette StoryServer 4 and 5, Vignette V/5, and possibly other versions allows remote attackers to perform unauthorized SELECT queries by setting the vgncreds cookie to an arbitrary value and directly accessing the save template...