GruppoSCAI RealGimm SQL注入漏洞

GruppoSCAI RealGimm is a management solution for large property and real estate assets from SCAI. A security vulnerability exists in GruppoSCAI RealGimm version 1.1.37p38, which stems from the presence of an improper error handling vulnerability that could allow an attacker to obtain sensitive...

WordPress Core 5.6.2 XPath Injection

Exploit Title: WordPress Core 5.6.2 - Xpath Injection Date: 13/08/2023 Exploit Author: Behrouz Mansoori Vendor Homepage: https://wordpress.org Software Link: https://wordpress.org/download/releases Version: 5.6.2 Tested on: Mac VULNERABILITY DETAILS : This vulnerability allows remote attackers to...

SQL Injection

trytond is vulnerable to SQL Injection. The vulnerability is due to improper SQL sanitization in modelsql.py, allowing an authenticated attacker to inject and execute malicious SQL queries into the system when reading fields without an SQL type...

CVE-2022-48604

A SQL injection vulnerability exists in the “logging export” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database...

CVE-2023-22378 Authenticated Blind SQL Injection on sorting in Guardian/CMC before 22.6.2

A blind SQL Injection vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in the sorting parameter, allows an authenticated attacker to execute arbitrary SQL statements on the DBMS used by the web application. Authenticated users may be able to extract arbitrary...

CVE-2023-37372

A vulnerability has been identified in RUGGEDCOM CROSSBOW All versions V5.4. The affected applications is vulnerable to SQL injection. This could allow an unauthenticated remote attackers to execute arbitrary SQL queries on the server database...

SQL Injection

postgraasserver is vulnerable to SQL Injection attacks. A specifically crafted attack statement through the config parameter of the createpgconnection and createpostgresdb functions allows a malicious user to inject and execute arbitrary SQL queries on the target system...

CVE-2023-28019

Insufficient validation in Bigfix WebUI API App site version 14 allows an authenticated WebUI user to issue SQL queries via an unparameterized SQL query...

Input validation

Insufficient validation in Bigfix WebUI API App site version 14 allows an authenticated WebUI user to issue SQL queries via an unparameterized SQL query...

CVE-2023-28019 An SQL injection affects BigFix WebUI API

Insufficient validation in Bigfix WebUI API App site version 14 allows an authenticated WebUI user to issue SQL queries via an unparameterized SQL query...

CVE-2023-28019

CVE-2023-28019 concerns the Bigfix WebUI API App. The issue is described as insufficient validation in the WebUI API, affecting versions prior to 14, enabling an authenticated WebUI user to issue SQL queries via an unparameterized SQL query. The root cause is unparameterized queries/insufficient ...

PT-2023-21484 · Ibm · Bigfix Webui Api App

Name of the Vulnerable Software and Affected Versions: Bigfix WebUI API App versions prior to 14 Description: The issue is related to insufficient validation, allowing an authenticated WebUI user to issue SQL queries via an unparameterized SQL query. Recommendations: For versions prior to 14,...

SQL Injection

langchain is vulnerable to SQL Injection attacks. A specifically crafted attack statement through the call function in sqldatabase/base.py allows a malicious user to inject and execute arbitrary SQL queries on the target system via the SQLDatabaseChain component...

CVE-2023-36968

A SQL Injection vulnerability detected in Food Ordering System v1.0 allows attackers to run commands on the database by sending crafted SQL queries to the ID parameter...

CVE-2023-36968

A SQL Injection vulnerability detected in Food Ordering System v1.0 allows attackers to run commands on the database by sending crafted SQL queries to the ID parameter...

OWASP APIsec Top-10 2023 Is Here | API Security Newsletter

Welcome to our May API newsletter, recapping some of the events of last month. As the old proverb goes, April showers bring May flowers – and this means the bees at the Wallarm hive have been in full foraging mode and the honey is flowing: lots of updates & improvements to the platform, and much...

Online Fire Reporting System v1.0 - SQL injection

Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/admin/?page=teams/manageteam&id=. id: CVE-2022-31980 info: name: Online Fire Reporting System v1.0 - SQL injection author: theamanrawat severity: high description: | Online Fire Reporting System v1.0 is vulnerable to SQL...

PT-2023-4250 · Sap · Sap Business One

Name of the Vulnerable Software and Affected Versions: SAP Business One B1i module version 10.0 Description: The issue is related to the lack of protection of the SQL query structure in the B1i Layer component of SAP Business One. This allows a remote attacker to send specially crafted queries to...

SQL Injection

moodle/moodle is vulnerable to SQL Injection attacks. The vulnerability exists in getsubwikipages function of external.php due to lack of sanitization of user inputs which allows an attacker to inject and execute arbitrary sql queries...

Trend Micro Apex Central modTMMS SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trend Micro Apex Central. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of deletecertvec requests to the modTMMS endpoint. When parsing the ...