WordPress Core WP_Query SQL Injection Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of WordPress Core. Authentication is not required to exploit this vulnerability. The specific flaw exists within the WPQuery class. The issue results from the lack of proper validation of a...

DEBIAN-CVE-2022-21664

WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. Due to lack of proper sanitization in one of the classes, there's potential for unintended SQL queries to be executed. This has been patched in WordPress version 5.8.3. Older affected...

The vulnerability of the “name_filter” parameter in the “company_list” component of the Advantech R-SeeNet monitoring software allows a malicious actor to execute arbitrary SQL queries.

The vulnerability of the “namefilter” parameter in the “companylist” component of the Advantech R-SeeNet monitoring software for routers is related to incorrect validation of input data. Exploiting this vulnerability could allow an attacker to execute arbitrary SQL queries remotely...

SolarWinds Network Performance Monitor CustomProperty Exposed Dangerous Function Privilege Escalation Vulnerability

This vulnerability allows remote attackers to escalate privileges on affected installations of SolarWinds Network Performance Monitor. Authentication is required to exploit this vulnerability. The specific flaw exists within the SolarWinds.Orion.Core.Actions.dll module. A crafted request can...

SolarWinds Network Performance Monitor SendHttpRequest Exposed Dangerous Function Privilege Escalation Vulnerability

This vulnerability allows remote attackers to escalate privileges on affected installations of SolarWinds Network Performance Monitor. Authentication is required to exploit this vulnerability. The specific flaw exists within the SolarWinds.Orion.Core.Actions.dll module. A crafted request can...

SolarWinds Network Performance Monitor WriteToEventLog Exposed Dangerous Function Privilege Escalation Vulnerability

This vulnerability allows remote attackers to escalate privileges on affected installations of SolarWinds Network Performance Monitor. Authentication is required to exploit this vulnerability. The specific flaw exists within the SolarWinds.Orion.Core.Actions.dll module. A crafted request can...

SolarWinds Network Performance Monitor PlaySound Exposed Dangerous Function Privilege Escalation Vulnerability

This vulnerability allows remote attackers to escalate privileges on affected installations of SolarWinds Network Performance Monitor. Authentication is required to exploit this vulnerability. The specific flaw exists within the PlaySound class. A crafted request can trigger execution of SQL...

SolarWinds Network Performance Monitor Email Exposed Dangerous Function Privilege Escalation Vulnerability

This vulnerability allows remote attackers to escalate privileges on affected installations of SolarWinds Network Performance Monitor. Authentication is required to exploit this vulnerability. The specific flaw exists within the Email class. A crafted request can trigger execution of SQL queries...

SolarWinds Network Performance Monitor CustomStatus Exposed Dangerous Function Privilege Escalation Vulnerability

This vulnerability allows remote attackers to escalate privileges on affected installations of SolarWinds Network Performance Monitor. Authentication is required to exploit this vulnerability. The specific flaw exists within the SolarWinds.Orion.Core.Actions.dll module. A crafted request can...

SolarWinds Network Performance Monitor TextToSpeech Exposed Dangerous Function Privilege Escalation Vulnerability

This vulnerability allows remote attackers to escalate privileges on affected installations of SolarWinds Network Performance Monitor. Authentication is required to exploit this vulnerability. The specific flaw exists within the TextToSpeech class. A crafted request can trigger execution of SQL...

SEMCMS SQL Injection Vulnerability

SEMCMS is a foreign trade web content management system CMS that supports multiple languages. SEMCMS suffers from an Access Control Error vulnerability, which stems from a vulnerability found in the checkuser function, which can be exploited by an attacker to obtain passwords in plaintext via a S...

The vulnerability of the “device_list” component of the monitoring software for Advantech R-SeeNet routers allows a perpetrator to carry out cross-site scripting attacks.

The vulnerability of the “devicelist” component of the monitoring software for Advantech R-SeeNet routers involves incorrect processing of the macfilter parameter. Exploiting this vulnerability allows a remote attacker to perform cross-site scripting attacks by sending specially crafted SQL queri...

Enalean Tuleap SQL Injection Vulnerability (CNVD-2021-103507)

Enalean Tuleap is a set of open source software development and project management tools from the French company Enalean. The tool provides enterprise application lifecycle management, as well as project tracking, source code management and team collaboration.Enalean Tuleap is vulnerable to SQL...

CVE-2021-43806

Tuleap is a Libre and Open Source tool for end to end traceability of application and system developments. In affected versions Tuleap does not sanitize properly user settings when constructing the SQL query to browse and search commits in the CVS repositories. A authenticated malicious user with...

Genesys Intelligent Workload Distribution SQL Injection Vulnerability (CNVD-2022-05704)

Genesys Intelligent Workload Distribution is an application from Genesys, Inc. Genesys intelligent Workload Distribution is vulnerable to SQL injection in 9.0.013.11, which can be exploited by attackers to execute arbitrary SQL queries via the "ql expression" parameter to execute arbitrary SQL...

CVE-2021-40861

A SQL Injection in the custom filter query component in Genesys intelligent Workload Distribution IWD 9.0.017.07 allows an attacker to execute arbitrary SQL queries via the value attribute, with which all data in the database can be extracted and OS command execution is possible depending on the...

Sql injection

A SQL Injection in the custom filter query component in Genesys intelligent Workload Distribution IWD before 9.0.013.11 allows an attacker to execute arbitrary SQL queries via the qlexpression parameter, with which all data in the database can be extracted and OS command execution is possible...

CVE-2021-40861

A SQL Injection in the custom filter query component in Genesys intelligent Workload Distribution IWD 9.0.017.07 allows an attacker to execute arbitrary SQL queries via the value attribute, with which all data in the database can be extracted and OS command execution is possible depending on the...

CVE-2021-40860

A SQL Injection in the custom filter query component in Genesys intelligent Workload Distribution IWD before 9.0.013.11 allows an attacker to execute arbitrary SQL queries via the qlexpression parameter, with which all data in the database can be extracted and OS command execution is possible...

Advantech R-SeeNet SQL Injection Vulnerability (CNVD-2021-93830)

Advantech R-SeeNet is an industrial monitoring software from Advantech Taiwan. The software is based on the snmp protocol for monitoring platforms and is available for Linux and Windows platforms.Advantech R-SeeNet is vulnerable to a SQL injection vulnerability due to insufficient cleaning of...