CVE-2023-22378 Authenticated Blind SQL Injection on sorting in Guardian/CMC before 22.6.2

A blind SQL Injection vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in the sorting parameter, allows an authenticated attacker to execute arbitrary SQL statements on the DBMS used by the web application. Authenticated users may be able to extract arbitrary...

CVE-2023-37372

A vulnerability has been identified in RUGGEDCOM CROSSBOW All versions V5.4. The affected applications is vulnerable to SQL injection. This could allow an unauthenticated remote attackers to execute arbitrary SQL queries on the server database...

SQL Injection

postgraasserver is vulnerable to SQL Injection attacks. A specifically crafted attack statement through the config parameter of the createpgconnection and createpostgresdb functions allows a malicious user to inject and execute arbitrary SQL queries on the target system...

CVE-2023-28019

Insufficient validation in Bigfix WebUI API App site version 14 allows an authenticated WebUI user to issue SQL queries via an unparameterized SQL query...

Input validation

Insufficient validation in Bigfix WebUI API App site version 14 allows an authenticated WebUI user to issue SQL queries via an unparameterized SQL query...

CVE-2023-28019 An SQL injection affects BigFix WebUI API

Insufficient validation in Bigfix WebUI API App site version 14 allows an authenticated WebUI user to issue SQL queries via an unparameterized SQL query...

CVE-2023-28019

CVE-2023-28019 concerns the Bigfix WebUI API App. The issue is described as insufficient validation in the WebUI API, affecting versions prior to 14, enabling an authenticated WebUI user to issue SQL queries via an unparameterized SQL query. The root cause is unparameterized queries/insufficient ...

PT-2023-21484 · Ibm · Bigfix Webui Api App

Name of the Vulnerable Software and Affected Versions: Bigfix WebUI API App versions prior to 14 Description: The issue is related to insufficient validation, allowing an authenticated WebUI user to issue SQL queries via an unparameterized SQL query. Recommendations: For versions prior to 14,...

SQL Injection

langchain is vulnerable to SQL Injection attacks. A specifically crafted attack statement through the call function in sqldatabase/base.py allows a malicious user to inject and execute arbitrary SQL queries on the target system via the SQLDatabaseChain component...

CVE-2023-36968

A SQL Injection vulnerability detected in Food Ordering System v1.0 allows attackers to run commands on the database by sending crafted SQL queries to the ID parameter...

CVE-2023-36968

A SQL Injection vulnerability detected in Food Ordering System v1.0 allows attackers to run commands on the database by sending crafted SQL queries to the ID parameter...

OWASP APIsec Top-10 2023 Is Here | API Security Newsletter

Welcome to our May API newsletter, recapping some of the events of last month. As the old proverb goes, April showers bring May flowers – and this means the bees at the Wallarm hive have been in full foraging mode and the honey is flowing: lots of updates & improvements to the platform, and much...

Online Fire Reporting System v1.0 - SQL injection

Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/admin/?page=teams/manageteam&id=. id: CVE-2022-31980 info: name: Online Fire Reporting System v1.0 - SQL injection author: theamanrawat severity: high description: | Online Fire Reporting System v1.0 is vulnerable to SQL...

PT-2023-4250 · Sap · Sap Business One

Name of the Vulnerable Software and Affected Versions: SAP Business One B1i module version 10.0 Description: The issue is related to the lack of protection of the SQL query structure in the B1i Layer component of SAP Business One. This allows a remote attacker to send specially crafted queries to...

SQL Injection

moodle/moodle is vulnerable to SQL Injection attacks. The vulnerability exists in getsubwikipages function of external.php due to lack of sanitization of user inputs which allows an attacker to inject and execute arbitrary sql queries...

Trend Micro Apex Central modTMMS SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trend Micro Apex Central. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of deletecertvec requests to the modTMMS endpoint. When parsing the ...

Trend Micro Apex Central modTMMS SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trend Micro Apex Central. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of setcertificatesconfig requests to the modTMMS endpoint. When...

Sql injection

Due to improper input validation in the Alerts controller, a SQL injection vulnerability in Nozomi Networks Guardian and CMC allows an authenticated attacker to execute arbitrary SQL queries on the DBMS used by the web application...

PT-2023-14141 · Nozomi Networks · Nozomi Networks Guardian +1

Name of the Vulnerable Software and Affected Versions: Nozomi Networks Guardian and CMC affected versions not specified Description: The issue is caused by improper input validation in the Alerts controller, allowing an authenticated attacker to execute arbitrary SQL queries on the DBMS used by t...

SQL Injection

com.baomidou:mybatis-plus-extension is vulnerable to SQL Injection attacks. A specifically crafted attack statement through the tenant ID parameter in TenantLineInnerInterceptor.java allows a malicious user to inject and execute arbitrary SQL queries on the target system...