The vulnerability of the information system openSIS, related to the failure to protect the SQL query structure, allows a perpetrator to execute arbitrary SQL queries.

The vulnerability of the information system openSIS is related to the failure to implement measures to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL queries using the ResetUserInfo.php passwordstnid parameter...

CVE-2021-40842

Proofpoint Insider Threat Management Server contains a SQL injection vulnerability in the Web Console. The vulnerability exists due to improper input validation on the database name parameter required in certain unauthenticated APIs. A malicious URL visited by anyone with network access to the...

The vulnerability of the software for selling tickets at theme parks, the Theme Park Ticketing System, arises from the lack of measures taken to protect the SQL query structure. This allows a hacker to execute arbitrary SQL code.

The vulnerability of the software for selling tickets at theme parks, the Theme Park Ticketing System, is related to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL code by executing the viewuser.php...

Vinades NukeViet SQL注入漏洞

Vinades NukeViet CMS is an open source content management system CMS from Vinades Vietnam.Vinades NukeViet CMS is vulnerable to SQL injection, which originates from the topicsid parameter of the product modules/news/admin/addtotopics.php page Fails to filter input special characters, and an...

CVE-2021-26229

SQL injection vulnerability in SourceCodester CASAP Automated Enrollment System v 1.0 allows remote attackers to execute arbitrary SQL statements, via the id parameter to editstud.php...

PT-2021-7654

Name of the Vulnerable Software and Affected Versions SonicWall Secure Remote Access SRA appliances versions 8.x through 9.0.0.9-26sv Description The issue is related to improper neutralization of a SQL command, leading to a SQL injection vulnerability. This vulnerability impacts end-of-life Secu...

Important: postgresql92

Issue Overview: A flaw was discovered in postgresql where arbitrary SQL statements can be executed given a suitable SECURITY DEFINER function. An attacker, with EXECUTE permission on the function, can execute arbitrary SQL as the owner of the function. CVE-2019-10208 A flaw was found in postgresq...

Metinfo MetInfo SQL注入漏洞

Metinfo MetInfo is a content management system CMS developed by China Mito Metinfo using PHP and Mysql. A SQL injection vulnerability exists in index.php in Metinfo 7.0.0beta, which arises from a database-based application that lacks validation of externally entered SQL statements. An attacker ca...

The vulnerability of the update_log function (lib/Cleantalk/ApbctWP/Firewall/SFW.php) in spam protection modules, including AntiSpam and CleanTalk firewall plugins, allows attackers to execute arbitrary SQL queries.

The vulnerability of the updatelog function in modules for spam protection, AntiSpam, and CleanTalk firewall plugins is related to the failure to protect the SQL query structure. Exploiting this vulnerability allows an attacker to execute arbitrary SQL queries remotely...

Important: postgresql

Issue Overview: A flaw was discovered in postgresql where arbitrary SQL statements can be executed given a suitable SECURITY DEFINER function. An attacker, with EXECUTE permission on the function, can execute arbitrary SQL as the owner of the function. CVE-2019-10208 A flaw was found in postgresq...

The vulnerability of the /core/feeds/custom.php component of the BigTree CMS content management system allows a hacker to execute arbitrary SQL queries.

The vulnerability of the /core/feeds/custom.php component of the BigTree CMS content management system is related to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL queries remotely...

SUSE: Security Advisory (SUSE-SU-2019:2228-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2019:2707-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Synology Media Server SQL Injection Vulnerability (CNVD-2021-39027)

Synology Media Server is a media server. A SQL injection vulnerability exists in the cgi component of Synology Media Server before 1.8.1-2876, which can be exploited by an attacker to execute arbitrary SQL commands via an unspecified vector...

Rockwell Automation FactoryTalk AssetCentre SQL注入漏洞

Rockwell Automation FactoryTalk AssetCentre is an asset management software tool from Rockwell Automation that allows manufacturers and industrial companies to centrally manage controllers and other automation-related assets. An SQL injection vulnerability exists in Rockwell Automation FactoryTal...

CVE-2020-35337

ThinkSAAS before 3.38 contains a SQL injection vulnerability through app/topic/action/admin/topic.php via the title parameter, which allows remote attackers to execute arbitrary SQL commands...

Online BookStore SQL Injection Vulnerability

Online BookStore is an online bookstore program. There is a sql injection vulnerability in Online Book Store v1.0. The vulnerability is caused by the id parameter in detail.php not filtering special characters, and an attacker can execute arbitrary SQL statements through this vulnerability...

Sourcecodester Seat-Reservation-System SQL注入漏洞

Seat-Reservation-System is a seat reservation system. A sql injection vulnerability exists in Seat-Reservation-System 1.0. The vulnerability is caused due to the id and file parameters in the index.php file not being input/output filtered for special characters. An attacker can exploit this...

CVE-2020-29015

A blind SQL injection in the user interface of FortiWeb 6.3.0 through 6.3.7 and version before 6.2.4 may allow an unauthenticated, remote attacker to execute arbitrary SQL queries or commands by sending a request with a crafted Authorization header containing a malicious SQL statement...

HGiga MailSherlock SQL Injection Vulnerability

HGiga MailSherlock is an email archiving and auditing system that provides a complete email security solution. HGiga MailSherlock suffers from a SQL injection vulnerability. An attacker can use this vulnerability to inject and execute SQL commands in the URL parameters of a specific cgi page...