4 matches found
CVE-2023-26443
Full-text autocomplete search allows user-provided SQL syntax to be injected to SQL statements. With existing sanitization in place, this can be abused to trigger benign SQL Exceptions but could potentially be escalated to a malicious SQL injection vulnerability. We now properly encode single...
CVE-2023-26443
Full-text autocomplete search allows user-provided SQL syntax to be injected to SQL statements. With existing sanitization in place, this can be abused to trigger benign SQL Exceptions but could potentially be escalated to a malicious SQL injection vulnerability. We now properly encode single...
Sql injection
Full-text autocomplete search allows user-provided SQL syntax to be injected to SQL statements. With existing sanitization in place, this can be abused to trigger benign SQL Exceptions but could potentially be escalated to a malicious SQL injection vulnerability. We now properly encode single...
PT-2023-20636 · Ox Software Gmbh +1 · Ox App Suite +1
Name of the Vulnerable Software and Affected Versions: Software affected versions not specified Description: The issue concerns a full-text autocomplete search that allows user-provided SQL syntax to be injected into SQL statements. Despite existing sanitization, this can be exploited to trigger...