Server-Side Request Forgery (SSRF)

apacheairflow is vulnerable to server-side request forgery SSRF. The vulnerability exists through the lack of sanitization of exception messages when SQL execution fails...

The vulnerability of the KTS web interface “Mayak,” related to the failure to protect the SQL query structure, allows attackers to execute arbitrary SQL commands.

The vulnerability of the KTS “Lighthouse” web interface is related to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL commands using a specially crafted HTTP POST request...

DEBIAN-CVE-2020-25695

A flaw was found in PostgreSQL versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. An attacker having permission to create non-temporary objects in at least one schema can execute arbitrary SQL functions under the identity of a superuser. The highest...

CVE-2020-12147

In Silver Peak Unity Orchestrator versions prior to 8.9.11+, 8.10.11+, or 9.0.1+, an authenticated user can make unauthorized MySQL queries against the Orchestrator database using the /sqlExecution REST API, which had been used for internal testing...

Medium: postgresql94

Issue Overview: A flaw was discovered in postgresql where arbitrary SQL statements can be executed given a suitable SECURITY DEFINER function. An attacker, with EXECUTE permission on the function, can execute arbitrary SQL as the owner of the function. CVE-2019-10208 Affected Packages: postgresql...

PT-2020-4512 · Adobe · Magento

Name of the Vulnerable Software and Affected Versions: Magento versions 2.4.0 and 2.3.5 and earlier Description: The issue is related to a lack of protection for SQL query structures, which could allow a remote attacker to execute arbitrary SQL queries on the target system's database by sending a...

It was found that PostgreSQL versions before 12.4 before 11.9 and before 10.14 did not properly sanitize the search_path during logical replication. An authenticated attacker could use this flaw in an attack similar to CVE-2018-1058 in order to execute arbitrary SQL command in the context of the user used for replication.

...

Munkireport reportdata SQL Injection Vulnerability

Munkireport is a reporting tool for the Munki software management program. reportdata is one of the widget modules. A SQL injection vulnerability exists in the reportdatacontroller.php file in MunkiReport prior to version 3.5. The vulnerability can be exploited to execute arbitrary SQL commands...

CVE-2020-3378

A vulnerability in the web-based management interface for Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to impact the integrity of an affected system by executing arbitrary SQL queries. The vulnerability is due to insufficient validation of user-supplied input. An...

PHP-Fusion has multiple vulnerabilities Vulnerabilities

PHP-Fusion is a lightweight open source content management system . It uses mySQL database to store site content and provide a simple , comprehensive back-end management system . PHP-Fusion includes most of the CMS system has the functionality . PHP-Fusion has PHP object injection and SQL injecti...

SQL execution vulnerability in imcat backend

Intimate cat imcat is a PHP + MySQL architecture and design of a general-purpose website system, simple, lightweight, practical, sharing, permanent open source free of charge. There is a SQL execution vulnerability in the imcat backend. Attackers can use the vulnerability to obtain sensitive...

Wordpress LearnPress SQL Injection Vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.LearnPress is a learning management system plugin used in it. A SQL injection vulnerability exists in Wordpress LearnPress...

The vulnerability of Cisco Cloud Web Security’s web interface allows attackers to execute arbitrary SQL queries.

The vulnerability of Cisco Cloud Web Security’s web interface relates to the lack of protection for SQL query structures. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL queries remotely...

CVE-2019-10208

A flaw was discovered in postgresql versions 9.4.x before 9.4.24, 9.5.x before 9.5.19, 9.6.x before 9.6.15, 10.x before 10.10 and 11.x before 11.5 where arbitrary SQL statements can be executed given a suitable SECURITY DEFINER function. An attacker, with EXECUTE permission on the function, can...

CVE-2019-18344

Sourcecodester Online Grading System 1.0 is vulnerable to unauthenticated SQL injection and can allow remote attackers to execute arbitrary SQL commands via the student, instructor, department, room, class, or user page id or classid parameter...

SUSE SLED15 / SLES15 Security Update : postgresql10 (SUSE-SU-2019:2707-1)

This update for postgresql10 fixes the following issues : Security issue fixed : CVE-2019-10208: Fixed arbitrary SQL execution via suitable SECURITY DEFINER function under the identity of the function owner bsc1145092. Note that Tenable Network Security has extracted the preceding description blo...

SUSE-SU-2019:2707-1 Security update for postgresql10

This update for postgresql10 fixes the following issues: Security issue fixed: - CVE-2019-10208: Fixed arbitrary SQL execution via suitable SECURITY DEFINER function under the identity of the function owner bsc1145092...

WordPress searchterms-tagging-2 plugin SQL injection vulnerability

WordPress is the WordPress Foundation's set of blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. searchterms-tagging-2 is an SEO Search Engine Optimization plugin used in it. The WordPress searchterms-tagging-2 plugin suffers...

SUSE-SU-2019:2159-1 Security update for postgresql96

This update for postgresql96 fixes the following issues: Security issue fixed: - CVE-2019-10208: Fixed arbitrary SQL execution via suitable SECURITY DEFINER function under the identity of the function owner bsc1145092...

SUSE-SU-2019:2158-1 Security update for postgresql94

This update for postgresql94 fixes the following issues: Security issue fixed: - CVE-2019-10208: Fixed arbitrary SQL execution via suitable SECURITY DEFINER function under the identity of the function owner bsc1145092...