The vulnerability of the member/getpassword.php?lang=cn&a=dovalid implementation in the CMS system Metinfo allows a perpetrator to execute arbitrary SQL code.

The vulnerability of the member/getpassword.php?lang=cn&a=dovalid script in the CMS system Metinfo is related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL code remotely...

The vulnerability of the exceedone/exment and exceedone/laravel-admin software lies in the possibility of introducing commands that allow attackers to execute arbitrary SQL queries against the application’s database.

The vulnerability of the exceedone/exment and exceedone/laravel-admin software lies in the possibility of executing commands. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL queries against the application’s database remotely...

Security Bulletin: IBM Sterling Connect:Direct for Microsoft Windows is vulnerable to remote SQL execution due to PostgreSQL (CVE-2022-1552)

Summary There is a vulnerability in PostgreSQL used by IBM Sterling Connect:Direct for Microsoft Windows. IBM Sterling Connect:Direct for Microsoft Windows has addressed the applicable CVE. Vulnerability Details CVEID: CVE-2022-1552 DESCRIPTION: PostgreSQL remote authenticated attacker to bypass...

WUZHI CMS SQL注入漏洞

WUZHI CMS is a PHP and MySQL-based open source content management system CMS from WUZHI. v4.1.0 of WUZHI CMS is vulnerable to SQL injection, which can be exploited to execute arbitrary SQL commands via the $keyValue parameter in /coreframe/app/pay/admin/index.php. parameter in...

WordPress plugin Export any WordPress data to XML/CSV SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection vulnerabili...

postgresql: Autovacuum, REINDEX, and others omit "security restricted operation" sandbox

A flaw was found in PostgreSQL. There is an issue with incomplete efforts to operate safely when a privileged user is maintaining another user's objects. The Autovacuum, REINDEX, CREATE INDEX, REFRESH MATERIALIZED VIEW, CLUSTER, and pgamcheck commands activated relevant protections too late or no...

GHSA-JF9J-HX2J-M9XH CSRF vulnerability in Jenkins Database Plugin

Database Plugin 1.6 and earlier does not require POST requests for the database console, resulting in a cross-site request forgery CSRF vulnerability. This vulnerability allows attackers to execute arbitrary SQL scripts. Database Plugin 1.7 removes the database console...

The vulnerability of the information system openSIS, related to the failure to protect the SQL query structure, allows a perpetrator to execute arbitrary SQL queries.

The vulnerability of the information system openSIS is related to the failure to implement measures to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL queries through the parameter /opensis/modules/users/Staff.php, Staff TITLE...

ED01-CMS SQL注入漏洞

Ed01-Cms is a Cms project in the Udemy course. version 20180505 of ED01-CMS is vulnerable to a SQL injection vulnerability that stems from a lack of validation of externally entered SQL statements in post.php. An attacker could use this vulnerability to execute illegal SQL commands to steal...

Vulnerability fixed in Microsoft Dynamics

A vulnerability has been fixed in Microsoft Dynamics. The vulnerability potentially allows an authenticated user to to execute arbitrary SQL code on the Dynamics database. Microsoft Dynamics: |----------------|------|-------------------------------------| | CVE ID | CVSS | Impact |...

The vulnerability of the SyliusGridBundle e-commerce platform for Symfony applications, related to the lack of protection for SQL query structures, allows attackers to execute arbitrary SQL queries.

The vulnerability of the SyliusGridBundle e-commerce platform for Symfony applications is related to the lack of protective measures for SQL query structures. Exploiting this vulnerability allows an attacker to execute arbitrary SQL queries remotely...

CVE-2020-24770

SQL injection vulnerability in modrules.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the id parameter...

CVE-2021-27464

The ArchiveService.rem service in Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier exposes functions lacking proper authentication. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary SQL statements...

cyrus-sasl: failure to properly escape SQL input allows an attacker to execute arbitrary SQL commands

A flaw was found in the SQL plugin shipped with Cyrus SASL. The vulnerability occurs due to failure to properly escape SQL input and leads to an improper input validation vulnerability. This flaw allows an attacker to execute arbitrary SQL commands and the ability to change the passwords for othe...

CLSA-2022-1646061219 Fixed CVE-2022-24407 in cyrus-sasl

CVE-2022-24407: Fix failure to properly escape SQL input allows an attacker to execute arbitrary SQL commands...

[SECURITY] Fedora 35 Update: phpMyAdmin-5.1.3-1.fc35

phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the Web. Currently it can create and drop databases, create/drop/alter tables, delete/edit/add fields, execute any SQL statement, manage keys on fields, manage privileges,export data into various formats and i...

CVE-2021-41659

SQL injection vulnerability in Sourcecodester Banking System v1 by oretnom23, allows attackers to execute arbitrary SQL commands via the username or password field...

Online Reviewer System SQL注入漏洞

Online Reviewer System is a software application. An Online Reviewer System. A SQL injection vulnerability exists in Online Reviewer System, which originates from the product's password parameter not effectively filtering user input data for special characters. The vulnerability can be exploited ...

CVE-2021-34684

Hitachi Vantara Pentaho Business Analytics through 9.1 allows an unauthenticated user to execute arbitrary SQL queries on any Pentaho data source and thus retrieve data from the related databases, as demonstrated by an api/repos/dashboards/editor URI...

The vulnerability of the information system openSIS, related to the failure to protect the SQL query structure, allows a perpetrator to execute arbitrary SQL queries.

The vulnerability of the information system openSIS is related to the failure to implement measures to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL queries using the NamesList.php parameter...