CVE-2023-42243

In Selesta Visual Access Manager 4.42.2, an authenticated user can access the administrative page /common/vamSql.php, which allows for arbitrary SQL queries...

SQL Injection

github.com/apache/trafficcontrol is vulnerable to SQL Injection. The vulnerability is due to improper input validation in Traffic Ops, allowing a privileged user with roles such as "admin," "federation," "operations," "portal," or "steering" to execute arbitrary SQL queries through...

[SECURITY] Fedora 41 Update: python-sql-1.5.2-3.fc41

python-sql is a library to write SQL queries in a pythonic way...

Improper Authorization

apachesuperset is vulnerable to Improper Authorization. The vulnerability is due to improper authorization checks, where SQL DML statements are incorrectly identified as read-only queries, allowing attackers to bypass security restrictions and execute potentially malicious SQL queries...

Trellix Data Loss Prevention SQL注入漏洞

Trellix Data Loss Prevention Trellix DLP is a data loss prevention solution from American FireEye Trellix. It provides a comprehensive scan of inbound and outbound network traffic for all ports, protocols, etc. Trellix Data Loss Prevention Trellix DLP version 11.11.1.3 suffers from a SQL injectio...

Hewlett Packard Enterprise AutoPass License Server SQL Injection Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Hewlett Packard Enterprise AutoPass License Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web service, which listens on TCP port 58...

CVE-2021-1470 Cisco SD-WAN SQL Injection Vulnerability

A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. This vulnerability is due to improper input validation of SQL queries to an affected system. An attacker cou...

CVE-2024-43415

An improper neutralization of special elements used in an SQL command in the papertrail/version- model of the decidimawesome-module 0.9.0 allows an authenticated admin user to manipulate sql queries to disclose information, read and write files or execute commands...

SQL Injection

Funadmin is vulnerable to SQL injection. The vulnerability is due to improper input sanitization in the /curd/table/list endpoint, which allows attackers to inject arbitrary SQL queries into the database...

SQL Injection

funadmin/funadmin is vulnerable to SQL injection. The vulnerability is due to improper input handling in the /curd/table/fieldlist endpoint, allowing attackers to inject malicious SQL queries...

CVE-2024-47487

CVE-2024-47487 affects HikCentral Professional. Evidence from connected documents shows a SQL injection vulnerability in HikCentral Professional versions prior to 2.6.0, exploitable by an authenticated user to execute arbitrary SQL queries. The flaw is a remote vulnerability with high impact on c...

CVE-2024-47487

There is a SQL injection vulnerability in some HikCentral Professional versions. This could allow an authenticated user to execute arbitrary SQL queries...

CVE-2024-7099

netease-youdao/qanything version 1.4.1 contains a vulnerability where unsafe data obtained from user input is concatenated in SQL queries, leading to SQL injection. The affected functions include getknowledgebasename, fromstatustostatus, deletefiles, and getfilebystatus. An attacker can exploit...

CVE-2024-7099

netease-youdao/qanything version 1.4.1 contains a vulnerability where unsafe data obtained from user input is concatenated in SQL queries, leading to SQL injection. The affected functions include getknowledgebasename, fromstatustostatus, deletefiles, and getfilebystatus. An attacker can exploit...

CVE-2024-7099 SQL Injection in netease-youdao/qanything

netease-youdao/qanything version 1.4.1 contains a vulnerability where unsafe data obtained from user input is concatenated in SQL queries, leading to SQL injection. The affected functions include getknowledgebasename, fromstatustostatus, deletefiles, and getfilebystatus. An attacker can exploit...

The vulnerability of the Palo Alto Networks Expedition configuration migration tool lies in the lack of security measures for SQL query structures. This allows attackers to access database contents, create, and read arbitrary files.

The vulnerability of the Palo Alto Networks Expedition configuration migration tool lies in the lack of security measures for SQL query structures. Exploiting this vulnerability allows a malicious actor to remotely access database contents, create and read arbitrary files by injecting specially...

WordPress plugin REST API TO MiniProgram 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

CVE-2024-47062

Navidrome (

CVE-2024-47062 Multiple SQL Injections and ORM Leak in navidrome

Navidrome is an open source web-based music collection server and streamer. Navidrome automatically adds parameters in the URL to SQL queries. This can be exploited to access information by adding parameters like password=... in the URL ORM Leak. Furthermore, the names of the parameters are not...

CVE-2024-8395

FlyCASS CASS and KCM systems did not correctly filter SQL queries, which made them vulnerable to attack by outside attackers with no authentication...