CVE-2024-6456

AVEVA Historian Server has a vulnerability, if exploited, could allow a malicious SQL command to execute under the privileges of an interactive Historian REST Interface user who had been socially engineered by a miscreant into opening a specially crafted URL...

CVE-2024-54920

A SQL Injection vulnerability was found in /teachersignup.php of kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL command to get unauthorized database access via the firstname, lastname, and classid parameters...

CVE-2023-39980

A vulnerability that allows the unauthorized disclosure of authenticated information has been identified in MXsecurity versions prior to v1.0.1. This vulnerability arises when special elements are not neutralized correctly, allowing remote attackers to alter SQL commands...

CVE-2021-32590

Multiple improper neutralization of special elements used in an SQL command vulnerabilities in FortiPortal 6.0.0 through 6.0.4, 5.3.0 through 5.3.5, 5.2.0 through 5.2.5, and 4.2.2 and earlier may allow an attacker with regular user's privileges to execute arbitrary commands on the underlying SQL...

CVE-2021-3817

wbcecms is vulnerable to Improper Neutralization of Special Elements used in an SQL Command...

CVE-2021-24007

Multiple improper neutralization of special elements of SQL commands vulnerabilities in FortiMail before 6.4.4 may allow a non-authenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests...

CVE-2010-0139

Cisco Unified MeetingPlace 7 before 7.02.3 hotfix 5F, 6 before 6.0.639.2, and possibly 5 does not properly validate SQL commands, which allows remote attackers to create, modify, or delete data in a database via unspecified vectors, aka Bug ID CSCtc39691...

CVE-2012-3951

The MySQL component in Plixer Scrutinizer aka Dell SonicWALL Scrutinizer 9.0.1.19899 and earlier has a default password of admin for the 1 scrutinizer and 2 scrutremote accounts, which allows remote attackers to execute arbitrary SQL commands via a TCP session...

CVE-2011-4823

Multiple SQL injection vulnerabilities in Vik Real Estate comvikrealestate component 1.0 for Joomla! allow remote attackers to execute arbitrary SQL commands via the 1 contract parameter in a results action and 2 imm parameter in a show action to index.php...

CVE-2013-0123

Multiple SQL injection vulnerabilities in the administration interface in ASKIA askiaweb allow remote attackers to execute arbitrary SQL commands via 1 the nHistoryId parameter to WebProd/pages/pgHistory.asp or 2 the OrderBy parameter to WebProd/pages/pgadmin.asp...

CVE-2006-6414

Multiple SQL injection vulnerabilities in dettaglio.asp in dol storye allow remote attackers to execute arbitrary SQL commands via the 1 iddoc or 2 idaut parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information...

CVE-2008-7120

SQL injection vulnerability in Mr. CGI Guy Hot Links SQL-PHP 3 and earlier allows remote attackers to execute arbitrary SQL commands via the news.php parameter...

CVE-2009-3497

SQL injection vulnerability in viewlisting.php in Vastal I-Tech Agent Zone aka The Real Estate Script allows remote attackers to execute arbitrary SQL commands via the id parameter...

CVE-2025-48280

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Ruben Garcia AutomatorWP automatorwp allows Blind SQL Injection.This issue affects AutomatorWP: from n/a through = 5.2.1.3...

CVE-2025-46052

An error-based SQL Injection SQLi vulnerability in WebERP v4.15.2 allows attackers to execute arbitrary SQL command and extract sensitive data by injecting a crafted payload into the DEL form field in a POST request to /StockCounts.php...

CVE-2025-46052

An error-based SQL Injection SQLi vulnerability in WebERP v4.15.2 allows attackers to execute arbitrary SQL command and extract sensitive data by injecting a crafted payload into the DEL form field in a POST request to /StockCounts.php...

Alibaba Cloud Linux 3 : 0017: postgresql:12 (ALINUX3-SA-2021:0017)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2021:0017 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2020-14349: It was found that PostgreS...

CVE-2025-3707 Sunnet eHRD CTMS - SQL Injection

The eHDR CTMS from Sunnet has a SQL Injection vulnerability, allowing remote attackers with regular privileges to inject arbitrary SQL command to read database contents...

PT-2025-17907 · Easyvirt · Easyvirt Co2Scope +1

Name of the Vulnerable Software and Affected Versions: EasyVirt DCScope versions 8.6.4 and earlier EasyVirt CO2Scope versions 1.3.4 and earlier Description: The issue allows remote authenticated attackers to execute arbitrary SQL commands. This can be achieved via various parameters to specific A...

K000150943: PostgreSQL vulnerabilities CVE-2019-10164, CVE-2020-14349, and CVE-2020-14350

Security Advisory Description CVE-2019-10164 PostgreSQL versions 10.x before 10.9 and versions 11.x before 11.4 are vulnerable to a stack-based buffer overflow. Any authenticated user can overflow a stack-based buffer by changing the user's own password to a purpose-crafted value. This often...