CVE-2009-0431

SQL injection vulnerability in Default.asp in LinksPro Standard Edition allows remote attackers to execute arbitrary SQL commands via the OrderDirection parameter...

Advisory ROSA-SA-2025-2813

Software: net-snmp 5.8 OS: ROSA Virtualization 3.0 packageevrstring: net-snmp-5.8-30.0.1.rv30 CVE-ID: CVE-2022-24805 BDU-ID: 2024-06509 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the NET-SNMP-VACM-MIB function of the Net-SNMP software suite of the Linux operating system is related to buffer...

CVE-2025-30886

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in JoomSky JS Help Desk js-support-ticket allows SQL Injection.This issue affects JS Help Desk: from n/a through = 2.9.2...

CVE-2025-30364

WeGIA is a Web manager for charitable institutions. A SQL Injection vulnerability was identified in versions prior to 3.2.8 in the endpoint /WeGIA/html/funcionario/remuneracao.php, in the idfuncionario parameter. This vulnerability allows the execution of arbitrary SQL commands, which can...

CVE-2024-6841

A Cross-Site Request Forgery CSRF vulnerability exists in the latest commit 56b782bcefd2e59b19cd7ba7878b95f54884f502 of the vanna-ai/vanna repository. Two endpoints in the built-in web app that provide SQL functionality are implemented as simple GET requests, making them susceptible to CSRF...

CVE-2024-6841 CSRF in vanna-ai/vanna

A Cross-Site Request Forgery CSRF vulnerability exists in the latest commit 56b782bcefd2e59b19cd7ba7878b95f54884f502 of the vanna-ai/vanna repository. Two endpoints in the built-in web app that provide SQL functionality are implemented as simple GET requests, making them susceptible to CSRF...

Linux Distros Unpatched Vulnerability : CVE-2012-0868

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - CRLF injection vulnerability in pgdump in PostgreSQL 8.3.x before 8.3.18, 8.4.x before 8.4.11, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 allows user-assisted...

WordPress plugin Smart Manager SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection vulnerabili...

CVE-2024-20536

Cisco Nexus Dashboard Fabric Controller (NDFC) SQL Injection vulnerability affects REST API endpoint and web-based management interface. Root cause: insufficient validation of user input enables authenticated, read-only attackers to cause arbitrary SQL commands, potentially reading, modifying, or...

The vulnerability of the sqlc_union_dt_wrap component in the Virtuoso-opensource web application development platform allows a attacker to cause a service failure.

The vulnerability of the sqlcuniondtwrap component in the Virtuoso-opensource web application development platform is related to improper elimination of special elements used in SQL commands. Exploiting this vulnerability can allow an attacker to trigger a service failure using specially created...

CVE-2024-47911

In SonarSource SonarQube 10.4 through 10.5 before 10.6, a vulnerability was discovered in the authorizations/group-memberships API endpoint that allows SonarQube users with the administrator role to inject blind SQL commands...

CVE-2024-7871 Huachu Easytest Online Learning Test Platform - SQL Injection

SQL Injection in online dictionary function of Easytest Online Test Platform ver.24E01 and earlier allow remote authenticated users to execute arbitrary SQL commands via the word parameter...

TYPO3 News Module SQL Injection

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'TYPO3 News Module SQL Injection', 'Description' = %q This module exploits a SQL Injection vulnerability In TYPO3 NewsController.php in the news...

CVE-2024-7732 SECOM Dr.ID Attendance system - Unrestricted File Upload

Dr.ID Access Control System from SECOM does not properly validate a specific page parameter, allowing unauthenticated remote attackers to inject SQL commands to read, modify, and delete database contents...

CVE-2024-7201

The CVE-2024-7201 entry concerns Simopro Technology’s WinMatrix3 Web package. Affects the login functionality where input validation is missing, enabling SQL injection by unauthenticated remote attackers to read, modify, and delete database contents. The vulnerability is confirmed by multiple sou...

GHSA-2Q6J-VPVR-6PVJ Apache Superset vulnerable to improper SQL authorization

An SQL Injection vulnerability in Apache Superset exists due to improper neutralization of special elements used in SQL commands. Specifically, certain engine-specific functions are not checked, which allows attackers to bypass Apache Superset's SQL authorization. To mitigate this, a new...

CVE-2024-37840

SQL injection vulnerability in processscore.php in Itsourcecode Learning Management System Project In PHP With Source Code v1.0 allows remote attackers to execute arbitrary SQL commands via the LessonID parameter...

CVE-2024-29169

Dell SCG, versions prior to 5.22.00.00, contain a SQL Injection Vulnerability in the SCG UI for an internal audit REST API. A remote authenticated attacker could potentially exploit this vulnerability, leading to the execution of certain SQL commands on the application's backend database causing...

CVE-2024-35475

A Cross-Site Request Forgery CSRF vulnerability was discovered in OpenKM Community Edition on or before version 6.3.12. The vulnerability exists in /admin/DatabaseQuery, which allows an attacker to manipulate a victim with administrative privileges to execute arbitrary SQL commands...

CVE-2024-35475

OpenKM Community Edition versions 6.3.12 and earlier are affected by CVE-2024-35475, a CSRF vulnerability in the /admin/DatabaseQuery endpoint. The issue allows an attacker with administrative privileges to instruct the victim to execute arbitrary SQL commands. Impact is described as potential ma...