PT-2024-2074 · Unknown · Subrion Cms

Name of the Vulnerable Software and Affected Versions: Subrion CMS version 4.2.1 Description: The issue is related to a potential SQL injection vulnerability in the ia.core.mysqli.php component of the Subrion CMS system. This could allow a remote attacker to execute arbitrary SQL queries. However...

Flashcard Quiz App v1.0 - (card) SQL Injection Vulnerability

Exploit Title: Flashcard Quiz App v1.0 - 'card' SQL Injection Application: Flashcard Quiz App Bugs: SQL Injection Exploit Author: SoSPiro Vendor Homepage: https://www.sourcecodester.com/ Software Link: https://www.sourcecodester.com/php/17160/flashcard-quiz-app-using-php-and-mysql-source-code.htm...

Sante PACS Server Token Endpoint SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sante PACS Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of HTTP requests on port 3000. When parsing the token parameter, the...

Siemens SINEC NMS SQL Injection Vulnerability (CNVD-2024-09309)

SINEC NMS is a new generation network management system NMS for digital enterprises. Siemens SINEC NMS suffers from a SQL injection vulnerability that can be exploited by an attacker to execute arbitrary SQL queries on the server database...

SolarWinds Orion Platform AppendCreatePrimary SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Orion Platform. Authentication is required to exploit this vulnerability. The specific flaw exists within the AppendCreatePrimary method. The issue results from the lack of proper validati...

SolarWinds Orion Platform AppendUpdate SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Orion Platform. Authentication is required to exploit this vulnerability. The specific flaw exists within the AppendUpdate method. The issue results from the lack of proper validation of a...

CVE-2024-23810

A vulnerability has been identified in SINEC NMS All versions V2.0 SP1. The affected application is vulnerable to SQL injection. This could allow an unauthenticated remote attacker to execute arbitrary SQL queries on the server database...

CVE-2024-23810

Siemens SINEC NMS is affected by CVE-2024-23810: all versions prior to 2.0 SP1 are vulnerable to SQL injection in the server database, potentially allowing an unauthenticated attacker to run arbitrary SQL queries. Sources consistently identify this CVE as a SQL-injection issue impacting SINEC NMS...

Centreon updateLCARelation SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Centreon. Authentication is required to exploit this vulnerability. The specific flaw exists within the updateLCARelation function. The issue results from the lack of proper validation of a...

Centreon updateContactHostCommands SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Centreon. Authentication is required to exploit this vulnerability. The specific flaw exists within the updateContactHostCommands function. The issue results from the lack of proper validation of a...

The vulnerability of the microprogrammed software of the BUFFALO VR-S1000 routers lies in the lack of measures to neutralize the special elements used in the operating system’s command set. This allows a perpetrator to execute arbitrary commands of the operating system.

The vulnerability of the Cacti network monitoring software is related to the lack of protection for the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using the pollers.php script...

CVE-2023-4797

The Newsletters WordPress plugin before 4.9.3 does not properly escape user-controlled parameters when they are appended to SQL queries and shell commands, which could enable an administrator to run arbitrary commands on the server...

CVE-2023-4797 Newsletter Lite < 4.9.3 - Admin+ Command Injection

The Newsletters WordPress plugin before 4.9.3 does not properly escape user-controlled parameters when they are appended to SQL queries and shell commands, which could enable an administrator to run arbitrary commands on the server...

Security Bulletin: IBM DB2 used by IBM Security Verify Governance has multiple vulnerabilities

Summary IBM Security Verify Governance supports IBM DB2 database. Information about security vulnerabilities affecting IBM DB2 has been published in security bulletins. Vulnerability Details CVEID:CVE-2023-29257 DESCRIPTION: IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server 10.5,...

CVE-2023-39336

An unspecified SQL Injection vulnerability in Ivanti Endpoint Manager released prior to 2022 SU 5 allows an attacker with access to the internal network to execute arbitrary SQL queries and retrieve output without the need for authentication. Under specific circumstances, this may also lead to RC...

CVE-2023-39336

An unspecified SQL Injection vulnerability in Ivanti Endpoint Manager released prior to 2022 SU 5 allows an attacker with access to the internal network to execute arbitrary SQL queries and retrieve output without the need for authentication. Under specific circumstances, this may also lead to RC...

CVE-2023-44088 SQL Injection in Visual Console

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Pandora FMS on all allows SQL Injection. Arbitrary SQL queries were allowed to be executed using any account with low privileges. This issue affects Pandora FMS: from 700 through 774...

WordPress WooPayments Plugin < 5.9.1 Multiple Vulnerabilities

The WordPress plugin SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:automattic:woopayments"; if description...

(0Day) Voltronic Power ViewPower Pro selectDeviceListBy SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Voltronic Power ViewPower Pro. Authentication is not required to exploit this vulnerability. The specific flaw exists within the selectDeviceListBy method. The issue results from the lack of proper...

Sql injection

A SQL injection vulnerability in Zultys MX-SE, MX-SE II, MX-E, MX-Virtual, MX250, and MX30 with firmware versions prior to 17.0.10 patch 17161 and 16.04 patch 16109 allows an authenticated attacker to execute arbitrary SQL queries on the backend database via the filter parameter in requests to th...