Fedora 38 : moodle (2023-0ab503de3d)

The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-0ab503de3d advisory. Fixes for CVE-2023-30943 and CVE-2023-30944. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note...

Fedora 37 : moodle (2023-60a90b6e6a)

The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-60a90b6e6a advisory. Fixes for CVE-2023-30943 and CVE-2023-30944. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note...

Moodle SQL Injection vulnerability

The vulnerability was found Moodle which exists due to insufficient sanitization of user-supplied data in external Wiki method for listing pages. A remote attacker can send a specially crafted request to the affected application and execute limited SQL commands within the application database...

CVE-2023-30944

The vulnerability was found Moodle which exists due to insufficient sanitization of user-supplied data in external Wiki method for listing pages. A remote attacker can send a specially crafted request to the affected application and execute limited SQL commands within the application database...

CVE-2023-30944

The vulnerability was found Moodle which exists due to insufficient sanitization of user-supplied data in external Wiki method for listing pages. A remote attacker can send a specially crafted request to the affected application and execute limited SQL commands within the application database...

Campcodes Advanced Online Voting System SQL Injection Vulnerability (CNVD-2023-29412)

Campcodes Advanced Online Voting System is an online voting system. Campcodes Advanced Online Voting System v1.0 is vulnerable to SQL injection. The vulnerability stems from the lack of validation of external input SQL statements in the parameter id of the file /admin/ballotup.php, which can be...

Campcodes Advanced Online Voting System SQL Injection Vulnerability (CNVD-2023-29414)

Campcodes Advanced Online Voting System is an online voting system. Campcodes Advanced Online Voting System v1.0 is vulnerable to SQL injection. The vulnerability stems from the lack of validation of external input SQL statements in the parameter voter of the file login.php, which can be exploite...

PT-2023-9511 · Openlink +4 · Openlink Virtuoso-Opensource +4

Name of the Vulnerable Software and Affected Versions: openlink virtuoso-opensource version 7.2.9 Description: The issue in the dv compare component of openlink virtuoso-opensource is related to the improper neutralization of special elements used in SQL commands, allowing attackers to cause a...

PT-2023-9506 · Openlink +4 · Openlink Virtuoso-Opensource +4

Name of the Vulnerable Software and Affected Versions: openlink virtuoso-opensource version 7.2.9 Description: The issue in the sqlo union scope component of openlink virtuoso-opensource is related to the improper neutralization of special elements used in SQL commands, allowing attackers to caus...

PT-2023-9530 · Openlink +4 · Openlink Virtuoso-Opensource +4

Name of the Vulnerable Software and Affected Versions: openlink virtuoso-opensource version 7.2.9 Description: The issue in the psiginfo component of openlink virtuoso-opensource is related to the improper neutralization of special elements used in SQL commands, which can be exploited by attacker...

PT-2023-9517 · Openlink +4 · Openlink Virtuoso-Opensource +4

Name of the Vulnerable Software and Affected Versions: openlink virtuoso-opensource version 7.2.9 Description: The issue is related to the dfe unit col loci component of openlink virtuoso-opensource, which is associated with the improper neutralization of special elements used in SQL commands. Th...

Online Computer and Laptop Store SQL Injection Vulnerability (CNVD-2023-29383)

Online Computer and Laptop Store is an online computer and laptop store from Carlo Montero's personal developer. Online Computer and Laptop Store v1.0 is vulnerable to SQL injection. The vulnerability stems from the lack of validation of external input SQL statements in the parameter id of the fi...

Debian: Security Advisory (DSA-2103-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

K8178: MySQL vulnerabilities CVE-2007-5925, CVE-2007-5969, and CVE-2007-6303

Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F...

K21009022: NGINX Controller insecure database transport vulnerability CVE-2020-5865

Security Advisory Description The NGINX Controller is configured to communicate with its Postgres database server over unencrypted channels, making the communicated data vulnerable to interception via man-in-the-middle MiTM attacks. CVE-2020-5865 Impact An attacker can modify user entered data or...

PT-2023-12281 · Unknown · Native-Php-Cms

Name of the Vulnerable Software and Affected Versions: native-php-cms version 1.0 Description: The issue allows remote attackers to execute arbitrary SQL commands. This is achieved by exploiting the cat parameter in the /list.php file, enabling attackers to inject malicious SQL code...

PT-2023-12273 · Jocms · Jocms

Name of the Vulnerable Software and Affected Versions: jocms version 0.8 Description: The issue allows remote attackers to execute arbitrary SQL commands and view sensitive information. This is achieved via the jo json check function in jocms/apps/mask/inc/getmask.php. Recommendations: For jocms...

PT-2023-12272 · Jocms · Jocms

Name of the Vulnerable Software and Affected Versions: jocms version 0.8 Description: The issue allows remote attackers to execute arbitrary SQL commands and view sensitive information. This is achieved via the jo delete mask function in jocms/apps/mask/mask.php. Recommendations: For jocms versio...

CVE-2023-22900

Efence login function has insufficient validation for user input. An unauthenticated remote attacker can exploit this vulnerability to inject arbitrary SQL commands to access, modify or delete database...

Lead Management System SQL Injection Vulnerability (CNVD-2023-05745)

Lead management system is a lead management system developed by Mayuri K. The Lead Management System v1.0 version is vulnerable to SQL injection, which stems from the lack of validation of external input SQL statements in the id parameter of removeProduct.php, which could be used by attackers to...