CVE-2023-46097

A vulnerability has been identified in SIMATIC PCS neo All versions V4.1. The PUD Manager of affected products does not properly neutralize user provided inputs. This could allow an authenticated adjacent attacker to execute SQL statements in the underlying database...

CVE-2023-46097

A vulnerability has been identified in SIMATIC PCS neo All versions V4.1. The PUD Manager of affected products does not properly neutralize user provided inputs. This could allow an authenticated adjacent attacker to execute SQL statements in the underlying database...

The vulnerability of the ajaxHandler function (ucp/Cdr.class.php) in the web interface for managing IP telephony systems FreePBX allows a hacker to execute arbitrary SQL commands.

The vulnerability of the ajaxHandler function ucp/Cdr.class.php in the web interface for managing IP telephony systems called FreePBX is related to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows a remote attacker to execute arbitrary SQL comman...

The vulnerability of the Paid Memberships Pro plugin of the WordPress content management system allows a hacker to execute arbitrary SQL queries.

The vulnerability of the Paid Memberships Pro plugin of the WordPress content management system is related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL queries remotely...

The vulnerability of the JDBCAppender adapter in the Log4j Java logging library allows a malicious actor to execute arbitrary SQL queries against the database.

The vulnerability of the JDBCAppender component in Log4j, a Java logging library, relates to the lack of security measures for SQL query structures. Exploiting this vulnerability allows an attacker to execute arbitrary SQL queries against the database remotely...

The vulnerability of the WP Live Chat Shoutbox plugin of the WordPress content management system allows a hacker to execute arbitrary SQL code.

The vulnerability of the WP Live Chat Shoutbox plugin of the WordPress content management system is related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL code remotely...

PT-2023-6880 · Nagios Xi · Nagios Xi

Name of the Vulnerable Software and Affected Versions: NagiosXI affected versions not specified Description: The issue is related to the Bulkmodifications component of NagiosXI software, which fails to properly protect the SQL query structure. This allows a remote attacker to execute arbitrary SQ...

PT-2023-15866 · Sciencelogic · Sciencelogic Sl1

Name of the Vulnerable Software and Affected Versions: ScienceLogic SL1 affected versions not specified Description: A SQL injection issue exists in the "ticket watchers email" feature, where unsanitized user-controlled input is passed directly to a SQL query, allowing the injection of arbitrary...

CVE-2023-26217

The Data Exchange Add-on component of TIBCO Software Inc.'s TIBCO EBX Add-ons contains an easily exploitable vulnerability that allows a low privileged user with import permissions and network access to the EBX server to execute arbitrary SQL statements on the affected system. Affected releases a...

Nozomi Networks Guardian SQL注入漏洞

Nozomi Networks Guardian is an IoT device and software inspection system from US-based Nozomi Networks. A security vulnerability exists in Nozomi Networks Guardian and CMC that stems from improper input validation in the Alerts Controller. An attacker could exploit the vulnerability to execute...

The vulnerability of the microprogrammed network interface controllers from SonicWall, models SMA 210, SMA 410, SMA 500v, allows attackers to execute arbitrary SQL queries.

The vulnerability of SonicWall’s SMA 210, SMA 410, and SMA 500v network firewall microprogramming systems lies in the lack of security measures for handling SQL query structures. Exploiting this vulnerability allows an attacker to execute arbitrary SQL queries remotely...

CVE-2023-26034 ZoneMinder SQL Injection

ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 are affected by a SQL Injection vulnerability. The blind SQL Injection vulnerability is present within the...

SUSE CVE-2009-3165

SQL injection vulnerability in the Bug.create WebService function in Bugzilla 2.23.4 through 3.0.8, 3.1.1 through 3.2.4, and 3.3.1 through 3.4.1 allows remote attackers to execute arbitrary SQL commands via unspecified parameters...

SUSE CVE-2018-10188

phpMyAdmin 4.8.0 before 4.8.0-1 has CSRF, allowing an attacker to execute arbitrary SQL statements, related to js/dboperations.js, js/tbloperations.js, libraries/classes/Operations.php, and sql.php...

SUSE CVE-2020-2240

A cross-site request forgery CSRF vulnerability in Jenkins database Plugin 1.6 and earlier allows attackers to execute arbitrary SQL scripts...

CVE-2022-45889

Planet eStream before 6.72.10.07 allows a remote attacker who is a publisher or admin to obtain access to all records stored in the database, and achieve the ability to execute arbitrary SQL commands, via Search the StatisticsResults.aspx flt parameter...

CVE-2022-45889

Planet eStream

The vulnerability in the web interface for controlling the Cisco AsyncOS operating system of the Cisco Email Security Appliance, as well as in the Cisco Secure Email and Web Manager, allows a perpetrator to execute arbitrary SQL queries.

The vulnerability in the web interface for controlling the Cisco AsyncOS operating system of the Cisco Email Security Appliance ESA and the Cisco Secure Email and Web Manager devices relates to the lack of protection for the SQL query structure. Exploiting this vulnerability allows a malicious...

The vulnerability of the MTA email message checking module and the file checksum search module of the FortiSandbox threat detection and removal system allows a perpetrator to execute arbitrary SQL code.

The vulnerability of the MTA email message checking module and the file checksum search module of the FortiSandbox threat detection and removal system is related to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute...

CVE-2022-39362 Metabase vulnerable to arbitrary SQL execution from queryhash

Metabase is data visualization software. Prior to versions 0.44.5, 1.44.5, 0.43.7, 1.43.7, 0.42.6, 1.42.6, 0.41.9, and 1.41.9, unsaved SQL queries are auto-executed, which could pose a possible attack vector. This issue is patched in versions 0.44.5, 1.44.5, 0.43.7, 1.43.7, 0.42.6, 1.42.6, 0.41.9...