1300 matches found
CVE-2021-1225 Cisco SD-WAN vManage SQL Injection Vulnerabilities
Multiple vulnerabilities in the web-based management interface of Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to conduct SQL injection attacks on an affected system. These vulnerabilities exist because the web-based management interface improperly validates value...
The vulnerability of the Zoho ManageEngine Applications Manager software lies in its lack of protection against SQL query structures, allowing attackers to execute arbitrary SQL queries.
The vulnerability of the Zoho ManageEngine Applications Manager software relates to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL queries using the created JSP query within the SAP module...
CVE-2020-28860
OpenAssetDigital Asset Management DAM through 12.0.19 does not correctly sanitize user supplied input, incorporating it into its SQL queries, allowing for authenticated blind SQL injection...
The vulnerability of the KTS web interface “Mayak,” related to the failure to protect the SQL query structure, allows attackers to execute arbitrary SQL commands.
The vulnerability of the KTS “Lighthouse” web interface is related to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL commands using a specially crafted HTTP POST request...
The vulnerability of the REST API interface of the Cisco IoT Field Network Director software, which allows a hacker to access the internal database of the vulnerable device.
The vulnerability of the REST API interface of the Cisco IoT Field Network Director software management tool is related to the lack of security measures for SQL query structures. Exploiting this vulnerability can allow an attacker, operating remotely, to gain access to the internal database of th...
The vulnerability of the Magento Commerce software platform for developing and managing online stores lies in the lack of measures to protect SQL query structures. This allows attackers to execute arbitrary SQL queries against the database in the target system and gain access to protected information.
The vulnerability of the Magento Commerce development and management software platform lies in the lack of measures to protect SQL query structures. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL queries against the database in the target system by sending a...
The vulnerability of the GLPI system’s request, incident, and computer equipment inventory processes, related to the improper elimination of special elements used in SQL commands, allows a malicious actor to execute arbitrary SQL queries against the database in the target system.
The vulnerability of the GLPI system’s request, incident, and computer equipment inventory management functions is related to the improper elimination of certain elements used in SQL commands. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL queries against the targ...
Oracle E-Business Suite ozfVendorLov SQL Injection Information Disclosure Vulnerability
This vulnerability allows remote attackers to escalate privileges on affected installations of Oracle E-Business Suite. Authentication is not required to exploit this vulnerability. The specific flaw exists within ozfVendorLov.jsp. The issue results from the lack of proper validation of a...
phpMyAdmin SQL Injection Vulnerability (CNVD-2021-45286)
phpMyAdmin is a PHP written, Web-based MySQL and MariaDB open source management tools. A SQL injection vulnerability exists in SearchController in phpMyAdmin. An attacker can exploit this vulnerability to inject malicious SQL into queries...
SQL Injection in untitled-model
All versions of untitled-model re vulnerable to SQL Injection. Query parameters are not properly sanitized allowing attackers to inject SQL statements and execute arbitrary SQL queries. Recommendation No fix is currently available. Consider using an alternative package until a fix is made availab...
SQL Injection in sails-mysql
Versions of sails-mysql prior to 0.10.8 are vulnerable to SQL Injection. The sort keyword is not properly sanitized and may allow attackers to inject SQL statements and execute arbitrary SQL queries Recommendation Upgrade to version 0.10.8 or later...
Hyland OnBase SQL Injection
CVSSv3.1 Score ------------------------------------------------- AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H Vendor ------------------------------------------------- Hyland Software - https://www.hyland.com/en/ and https://www.onbase.com/en/ Product ------------------------------------------------- Hylan...
CVE-2020-7356
CAYIN xPost suffers from an unauthenticated SQL Injection vulnerability. Input passed via the GET parameter 'wayfinderseqid' in wayfindermeetinginput.jsp is not properly sanitized before being returned to the user or used in SQL queries. This can be exploited to manipulate SQL queries by injectin...
CVE-2020-15627
This vulnerability allows remote attackers to disclose sensitive information on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajaxmailautoreply.php. When parsing the account parameter, th...
CVE-2020-15625
This vulnerability allows remote attackers to disclose sensitive information on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajaxaddmailbox.php. When parsing the username parameter, the...
CVE-2020-15619
This vulnerability allows remote attackers to disclose sensitive information on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajaxlistaccounts.php. When parsing the type parameter, the...
CVE-2020-15616
This vulnerability allows remote attackers to disclose sensitive information on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajaxlistaccounts.php. When parsing the package parameter, the...
CVE-2020-15617
This vulnerability allows remote attackers to disclose sensitive information on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajaxlistaccounts.php. When parsing the status parameter, the...
CVE-2020-15620
This vulnerability allows remote attackers to disclose sensitive information on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajaxlistaccounts.php. When parsing the id parameter, the...
Design/Logic Flaw
This vulnerability allows remote attackers to disclose sensitive information on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajaxlistaccounts.php. When parsing the type parameter, the...