CVE-2009-4217

SQL injection vulnerability in the Itamar Elharar MusicGallery commusicgallery component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in an itempage action to index.php. NOTE: the provenance of this information is unknown; the details are obtained...

CVE-2009-4104

SQL injection vulnerability in Lyften Designs LyftenBloggie comlyftenbloggie component 1.0.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the author parameter to index.php...

CVE-2024-34936

A SQL injection vulnerability in /view/event1.php in Campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the month parameter...

CVE-2021-27472

A vulnerability exists in the RunSearch function of SearchService service in Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier, which may allow for the execution of remote unauthenticated arbitrary SQL statements...

CVE-2025-61548

CVE-2025-61548 affects edu Business Solutions Print Shop Pro WebDesk 18.34. The hfInventoryDistFormID parameter in /PSP/appNET/Store/CartV12.aspx/GetUnitPrice is susceptible to SQL injection due to unsanitized input concatenated into queries. Impact is remote arbitrary SQL execution with high con...

CVE-2025-63948

A SQL Injection vulnerability exists in phpMsAdmin version 2.2 in the databasemode.php file. An attacker can execute arbitrary SQL commands via the dbname parameter, potentially leading to information disclosure or database manipulation...

CVE-2025-46268

Advantech WebAccess/SCADA is vulnerable to SQL injection, which may allow an attacker to execute arbitrary SQL commands...

Arbitrary SQL Execution

Neuron is vulnerable to arbitrary SQL execution. The vulnerability is due to the MySQLWriteTool executing caller‑provided SQL using PDO::prepare and execute without semantic restrictions, where an attacker can inject destructive statements such as DROP TABLE, TRUNCATE, DELETE, or ALTER via...

Neuron 访问控制错误漏洞

Neuron is an Industrial Internet of Things IIoT connectivity server open-sourced by EMQ. Used for modern Big Data and AI/ML technologies to harness the power of Industry 4.0. An Access Control Error vulnerability exists in Neuron 2.8.11 and earlier versions, which stems from a lack of semantic...

EUVD-2025-201278

dawa-pharma-1.0 allows unauthenticated attackers to execute SQL queries on the server, allowing them to access sensitive information and potentially gain administrative access...

CVE-2025-12819 Untrusted search path in auth_query connection in PgBouncer

Untrusted search path in authquery connection handler in PgBouncer before 1.25.1 allows an unauthenticated attacker to execute arbitrary SQL during authentication via a malicious searchpath parameter in the StartupMessage...

CVE-2025-12819 Untrusted search path in auth_query connection in PgBouncer

Untrusted search path in authquery connection handler in PgBouncer before 1.25.1 allows an unauthenticated attacker to execute arbitrary SQL during authentication via a malicious searchpath parameter in the StartupMessage...

USN-7903-1 python-django vulnerabilities

It was discovered that Django incorrectly handled certain characters in the FilteredRelation object. An attacker could possibly use this issue to execute arbitrary SQL commands. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 24.04 LTS, Ubuntu 25.04, and Ubuntu 25.10...

CVE-2025-51683

A blind SQL Injection SQLi vulnerability in mJobtime v15.7.2 allows unauthenticated attackers to execute arbitrary SQL statements via a crafted POST request to the /Default.aspx/updateprofileServer endpoint...

CVE-2025-51683

A blind SQL Injection SQLi vulnerability in mJobtime v15.7.2 allows unauthenticated attackers to execute arbitrary SQL statements via a crafted POST request to the /Default.aspx/updateprofileServer endpoint...

CVE-2025-12061

The TAX SERVICE Electronic HDM WordPress plugin before 1.2.1 does not authorization and CSRF checks in an AJAX action, allowing unauthenticated users to import and execute arbitrary SQL statements...

CVE-2025-12061

The CVE-2025-12061 entry concerns the TAX SERVICE Electronic HDM WordPress plugin prior to 1.2.1. Concretely, the vulnerability is a lack of authorization and CSRF checks in an AJAX action, enabling unauthenticated users to import and execute arbitrary SQL statements. This affects plugin versions...

CVE-2025-12061 Tax Service Electronic HDM < 1.2.1 - Unauthenticated Arbitrary SQL Execution

The TAX SERVICE Electronic HDM WordPress plugin before 1.2.1 does not authorization and CSRF checks in an AJAX action, allowing unauthenticated users to import and execute arbitrary SQL statements...

CVE-2025-12061 Tax Service Electronic HDM < 1.2.1 - Unauthenticated Arbitrary SQL Execution

The TAX SERVICE Electronic HDM WordPress plugin before 1.2.1 does not authorization and CSRF checks in an AJAX action, allowing unauthenticated users to import and execute arbitrary SQL statements...

CVE-2025-60798

phpPgAdmin 7.13.0 and earlier contains a SQL injection vulnerability in display.php at line 396. The application passes user-controlled input from $REQUEST'query' directly to the browseQuery function without proper sanitization. An authenticated attacker can exploit this vulnerability to execute...