Elastic Elasticsearch 安全漏洞

Elastic Elasticsearch is a search engine based on the Lucene library from the Dutch company Elastic. A security vulnerability exists in Elastic Elasticsearch that stems from the presence of unrestricted or throttled resource allocation, which could lead to a crash through the use of specially...

Exploit for SQL Injection in Microsoft

CVE-2024-43468 SCCM SQL Injection Exploit mTLS client certs f...

CVE-2024-55593

A improper neutralization of special elements used in an sql command 'sql injection' in Fortinet FortiWeb versions 6.3.17 through 7.6.1 allows attacker to gain information disclosure via crafted SQL queries...

CVE-2023-42243

In Selesta Visual Access Manager 4.42.2, an authenticated user can access the administrative page /common/vamSql.php, which allows for arbitrary SQL queries...

CVE-2023-42243

In Selesta Visual Access Manager 4.42.2, an authenticated user can access the administrative page /common/vamSql.php, which allows for arbitrary SQL queries...

SQL Injection

github.com/apache/trafficcontrol is vulnerable to SQL Injection. The vulnerability is due to improper input validation in Traffic Ops, allowing a privileged user with roles such as "admin," "federation," "operations," "portal," or "steering" to execute arbitrary SQL queries through...

[SECURITY] Fedora 41 Update: python-sql-1.5.2-3.fc41

python-sql is a library to write SQL queries in a pythonic way...

Improper Authorization

apachesuperset is vulnerable to Improper Authorization. The vulnerability is due to improper authorization checks, where SQL DML statements are incorrectly identified as read-only queries, allowing attackers to bypass security restrictions and execute potentially malicious SQL queries...

Trellix Data Loss Prevention SQL注入漏洞

Trellix Data Loss Prevention Trellix DLP is a data loss prevention solution from American FireEye Trellix. It provides a comprehensive scan of inbound and outbound network traffic for all ports, protocols, etc. Trellix Data Loss Prevention Trellix DLP version 11.11.1.3 suffers from a SQL injectio...

Hewlett Packard Enterprise AutoPass License Server SQL Injection Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Hewlett Packard Enterprise AutoPass License Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web service, which listens on TCP port 58...

CVE-2021-1470 Cisco SD-WAN SQL Injection Vulnerability

A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. This vulnerability is due to improper input validation of SQL queries to an affected system. An attacker cou...

CVE-2024-43415

An improper neutralization of special elements used in an SQL command in the papertrail/version- model of the decidimawesome-module 0.9.0 allows an authenticated admin user to manipulate sql queries to disclose information, read and write files or execute commands...

SQL Injection

Funadmin is vulnerable to SQL injection. The vulnerability is due to improper input sanitization in the /curd/table/list endpoint, which allows attackers to inject arbitrary SQL queries into the database...

SQL Injection

funadmin/funadmin is vulnerable to SQL injection. The vulnerability is due to improper input handling in the /curd/table/fieldlist endpoint, allowing attackers to inject malicious SQL queries...

CVE-2024-47487

CVE-2024-47487 affects HikCentral Professional. Evidence from connected documents shows a SQL injection vulnerability in HikCentral Professional versions prior to 2.6.0, exploitable by an authenticated user to execute arbitrary SQL queries. The flaw is a remote vulnerability with high impact on c...

CVE-2024-47487

There is a SQL injection vulnerability in some HikCentral Professional versions. This could allow an authenticated user to execute arbitrary SQL queries...

CVE-2024-7099

netease-youdao/qanything version 1.4.1 contains a vulnerability where unsafe data obtained from user input is concatenated in SQL queries, leading to SQL injection. The affected functions include getknowledgebasename, fromstatustostatus, deletefiles, and getfilebystatus. An attacker can exploit...

CVE-2024-7099

netease-youdao/qanything version 1.4.1 contains a vulnerability where unsafe data obtained from user input is concatenated in SQL queries, leading to SQL injection. The affected functions include getknowledgebasename, fromstatustostatus, deletefiles, and getfilebystatus. An attacker can exploit...

CVE-2024-7099 SQL Injection in netease-youdao/qanything

netease-youdao/qanything version 1.4.1 contains a vulnerability where unsafe data obtained from user input is concatenated in SQL queries, leading to SQL injection. The affected functions include getknowledgebasename, fromstatustostatus, deletefiles, and getfilebystatus. An attacker can exploit...

The vulnerability of the Palo Alto Networks Expedition configuration migration tool lies in the lack of security measures for SQL query structures. This allows attackers to access database contents, create, and read arbitrary files.

The vulnerability of the Palo Alto Networks Expedition configuration migration tool lies in the lack of security measures for SQL query structures. Exploiting this vulnerability allows a malicious actor to remotely access database contents, create and read arbitrary files by injecting specially...