CVE-2023-28424 Soko SQL Injection vulnerability

Soko if the code that powers packages.gentoo.org. Prior to version 1.0.2, the two package search handlers, Search and SearchFeed, implemented in pkg/app/handler/packages/search.go, are affected by a SQL injection via the q parameter. As a result, unauthenticated attackers can execute arbitrary SQ...

CVE-2023-28424 Soko SQL Injection vulnerability

Soko if the code that powers packages.gentoo.org. Prior to version 1.0.2, the two package search handlers, Search and SearchFeed, implemented in pkg/app/handler/packages/search.go, are affected by a SQL injection via the q parameter. As a result, unauthenticated attackers can execute arbitrary SQ...

CVE-2023-27463

A vulnerability has been identified in RUGGEDCOM CROSSBOW All versions V5.3. The audit log form of affected applications is vulnerable to SQL injection. This could allow authenticated remote attackers to execute arbitrary SQL queries on the server database...

SQL Injection

jeecg-boot-base-core is vulnerable to SQL Injection. The vulnerability is due to improper SQL sanitization in the building block report component, allowing an authenticated attacker to inject and execute malicious SQL queries, leading to Sensitive Information Disclosure...

The vulnerability of the microprogrammed network interface controllers from SonicWall, models SMA 210, SMA 410, SMA 500v, allows attackers to execute arbitrary SQL queries.

The vulnerability of SonicWall’s SMA 210, SMA 410, and SMA 500v network firewall microprogramming systems lies in the lack of security measures for handling SQL query structures. Exploiting this vulnerability allows an attacker to execute arbitrary SQL queries remotely...

Music Gallery Site 1.0 SQL Injection Vulnerability

Music Gallery Site - SQL Injection on page musiclist.php and parameter cid is vulnerable, application url is ?page=musiclist&cid=?. Any remote attacker can access this page to exploit the vulnerbility. CVE Assigned: CVE-2023-0938 mitre.org nvd.nist.org Author Name: Muhammad Navaid Zafar Ansari...

SUSE CVE-2011-4634

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 3.4.x before 3.4.8 allow remote attackers to inject arbitrary web script or HTML via 1 a crafted database name, related to the Database Synchronize panel; 2 a crafted database name, related to the Database rename panel; 3 a crafted S...

Special Element Injection

radare2, edge is vulnerable to Special Element Injection. The vulnerability exists due to improper implementation special elements into a different plane which allows an attacker to inject and execute malicious sql queries on the system...

SQL Injection

CakePHP is vulnerable to SQL Injection attacks. The vulnerability exists in limit and offset functions of Query.php due to unsantized user input which allows an attacker to inject and execute arbitrary SQL queries...

SQL Injection

liftkit/database is vulnerable to SQL Injection attacks. A specifically crafted attack statement through the processOrderBy function in Query.php allows a malicious user to inject and execute arbitrary SQL queries on the target system...

CVE-2022-41142

This vulnerability allows remote attackers to escalate privileges on affected installations of Centreon. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of requests to configure poller resources. The issue results from the lack of proper...

CVE-2022-41142

This vulnerability allows remote attackers to escalate privileges on affected installations of Centreon. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of requests to configure poller resources. The issue results from the lack of proper...

Cisco Unified Communications Manager SQLi (cisco-sa-cucm-sql-rpPczR8n)

The version of Cisco Unified Communications installed on the remote host is prior to tested version. It is, therefore, affected by an SQL injection vulnerability in the web-based management interface as referenced in the cisco-sa-cucm-sql-rpPczR8n advisory. An attacker authenticated as a...

Cisco Unified Communications Manager SQL Injection Vulnerability

A vulnerability in the web-based management interface of Cisco Unified Communications Manager Unified CM and Cisco Unified Communications Manager Session Management Edition Unified CM SME could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. This...

SQL Injection

github.com/square/squalor is vulnerable to SQL injection. The vulnerability exists due to improper argument handling of the database queries which allows an attacker to inject and execute arbitrary SQL queries...

CVE-2022-34324

Multiple SQL injections in Sage XRT Business Exchange 12.4.302 allow an authenticated attacker to inject malicious data in SQL queries: Add Currencies, Payment Order, and Transfer History...

The vulnerability of the Microsoft Dynamics CRM resource planning software lies in the lack of measures taken to protect the SQL query structure, allowing attackers to execute arbitrary code.

The vulnerability of the Microsoft Dynamics CRM resource planning software relates to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using specially created queries...

SQL Injection

cubejs-backend/api-gateway is vulnerable to SQL Injection attacks. A specifically crafted attack statement through the /v1/sql-runner endpoint allows a malicious authenticated user to inject and execute arbitrary SQL queries on the target system...

PostgreSQL JDBC Driver 42.2.x < 42.2.27 / 42.3.x < 42.3.8 / 42.4.x < 42.4.3 / 42.5.x < 42.5.1 Information Disclosure

The remote host contains a version of PostgreSQL JDBC Driver that is 42.2.x prior to 42.2.27, 42.3.x prior to 42.3.8, 42.4.x prior to 42.4.3 or 42.5.x prior to 42.5.1. It is, therefore, affected by an information disclosure vulnerability. SQL queries using prepared statements that total more than...

Sql injection

SQL injection in School Management System 1.0 allows remote attackers to modify or delete data, causing persistent changes to the application's content or behavior by using malicious SQL queries...