The vulnerability of the microprogrammed network interface controllers from SonicWall, models SMA 210, SMA 410, SMA 500v, allows attackers to execute arbitrary SQL queries.

The vulnerability of SonicWall’s SMA 210, SMA 410, and SMA 500v network firewall microprogramming systems lies in the lack of security measures for handling SQL query structures. Exploiting this vulnerability allows an attacker to execute arbitrary SQL queries remotely...

Music Gallery Site 1.0 SQL Injection Vulnerability

Music Gallery Site - SQL Injection on page musiclist.php and parameter cid is vulnerable, application url is ?page=musiclist&cid=?. Any remote attacker can access this page to exploit the vulnerbility. CVE Assigned: CVE-2023-0938 mitre.org nvd.nist.org Author Name: Muhammad Navaid Zafar Ansari...

SUSE CVE-2011-4634

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 3.4.x before 3.4.8 allow remote attackers to inject arbitrary web script or HTML via 1 a crafted database name, related to the Database Synchronize panel; 2 a crafted database name, related to the Database rename panel; 3 a crafted S...

Special Element Injection

radare2, edge is vulnerable to Special Element Injection. The vulnerability exists due to improper implementation special elements into a different plane which allows an attacker to inject and execute malicious sql queries on the system...

SQL Injection

CakePHP is vulnerable to SQL Injection attacks. The vulnerability exists in limit and offset functions of Query.php due to unsantized user input which allows an attacker to inject and execute arbitrary SQL queries...

SQL Injection

liftkit/database is vulnerable to SQL Injection attacks. A specifically crafted attack statement through the processOrderBy function in Query.php allows a malicious user to inject and execute arbitrary SQL queries on the target system...

CVE-2022-41142

This vulnerability allows remote attackers to escalate privileges on affected installations of Centreon. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of requests to configure poller resources. The issue results from the lack of proper...

CVE-2022-41142

This vulnerability allows remote attackers to escalate privileges on affected installations of Centreon. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of requests to configure poller resources. The issue results from the lack of proper...

Cisco Unified Communications Manager SQLi (cisco-sa-cucm-sql-rpPczR8n)

The version of Cisco Unified Communications installed on the remote host is prior to tested version. It is, therefore, affected by an SQL injection vulnerability in the web-based management interface as referenced in the cisco-sa-cucm-sql-rpPczR8n advisory. An attacker authenticated as a...

Cisco Unified Communications Manager SQL Injection Vulnerability

A vulnerability in the web-based management interface of Cisco Unified Communications Manager Unified CM and Cisco Unified Communications Manager Session Management Edition Unified CM SME could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. This...

SQL Injection

github.com/square/squalor is vulnerable to SQL injection. The vulnerability exists due to improper argument handling of the database queries which allows an attacker to inject and execute arbitrary SQL queries...

CVE-2022-34324

Multiple SQL injections in Sage XRT Business Exchange 12.4.302 allow an authenticated attacker to inject malicious data in SQL queries: Add Currencies, Payment Order, and Transfer History...

The vulnerability of the Microsoft Dynamics CRM resource planning software lies in the lack of measures taken to protect the SQL query structure, allowing attackers to execute arbitrary code.

The vulnerability of the Microsoft Dynamics CRM resource planning software relates to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using specially created queries...

SQL Injection

cubejs-backend/api-gateway is vulnerable to SQL Injection attacks. A specifically crafted attack statement through the /v1/sql-runner endpoint allows a malicious authenticated user to inject and execute arbitrary SQL queries on the target system...

PostgreSQL JDBC Driver 42.2.x < 42.2.27 / 42.3.x < 42.3.8 / 42.4.x < 42.4.3 / 42.5.x < 42.5.1 Information Disclosure

The remote host contains a version of PostgreSQL JDBC Driver that is 42.2.x prior to 42.2.27, 42.3.x prior to 42.3.8, 42.4.x prior to 42.4.3 or 42.5.x prior to 42.5.1. It is, therefore, affected by an information disclosure vulnerability. SQL queries using prepared statements that total more than...

Sql injection

SQL injection in School Management System 1.0 allows remote attackers to modify or delete data, causing persistent changes to the application's content or behavior by using malicious SQL queries...

SQL Injection

jeecg-boot-base-core is vulnerable to sql injection. The vulnerability exists because the filterContent function of SqlInjectionUtil.java does not properly replace the value parameter, allowing an attacker to inject and execute malicious SQL queries...

WordPress My wpdb plugin cross-site request forgery vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...

The vulnerability of the Create_tmp_table::finalize component of the MariaDB database, which allows a hacker to trigger a service failure.

The vulnerability of the Createtmptable::finalize component in the MariaDB database lies in the lack of protective measures for SQL query structures. Exploiting this vulnerability allows a malicious actor to trigger service failures through a specially crafted SQL query...

Regular Expression Denial Of Service (ReDoS)

snowflake-connector-python is vulnerable to regular expression denial of service. The vulnerability is due to the getfiletransfertype function in cursor.py which does not properly validate the SQL queries, allowing an attacker to crash the application by providing a malicious input...