CVE-2021-47853

phpPgAdmin 7.13.0 contains a remote command execution vulnerability that allows authenticated attackers to execute arbitrary system commands through SQL query manipulation. Attackers can create a custom table, upload a malicious .txt file, and use the COPY FROM PROGRAM command to execute operatin...

GHSA-86GH-C8R8-XWHQ phpPgAdmin contains a remote command execution vulnerability

phpPgAdmin 7.13.0 contains a remote command execution vulnerability that allows authenticated attackers to execute arbitrary system commands through SQL query manipulation. Attackers can create a custom table, upload a malicious .txt file, and use the COPY FROM PROGRAM command to execute operatin...

CVE-2021-47748

Hasura GraphQL 1.3.3 contains a remote code execution vulnerability that allows attackers to execute arbitrary shell commands through SQL query manipulation. Attackers can inject commands into the runsql endpoint by crafting malicious GraphQL queries that execute system commands through...

PT-2026-3794

Name of the Vulnerable Software and Affected Versions Hasura GraphQL version 1.3.3 Description Hasura GraphQL version 1.3.3 contains a remote code execution issue. Attackers can execute arbitrary shell commands through SQL query manipulation. The issue allows command injection into the run sql...

EUVD-2022-41794

Malicious code in bioql PyPI...

CVE-2025-30015

Due to incorrect memory address handling in ABAP SQL of SAP NetWeaver and ABAP Platform Application Server ABAP, an authenticated attacker with high privileges could execute certain forms of SQL queries leading to manipulation of content in the output variable. This vulnerability has a low impact...

CVE-2025-30015 Memory Corruption vulnerability in SAP NetWeaver and ABAP Platform (Application Server ABAP)

Due to incorrect memory address handling in ABAP SQL of SAP NetWeaver and ABAP Platform Application Server ABAP, an authenticated attacker with high privileges could execute certain forms of SQL queries leading to manipulation of content in the output variable. This vulnerability has a low impact...

CVE-2024-45059

i-Educar is free, fully online school management software that can be used by school secretaries, teachers, coordinators, and area managers. A SQL Injection vulnerability was found prior to the 2.9 branch in the ieducar/intranet/funcionariovinculodet.php file, which creates the query by...

Flashcard Quiz App 1.0 SQL Injection

Exploit Title: Flashcard Quiz App - SQL Injection Google Dork: N/A Application: Flashcard Quiz App Date: 25.02.2024 Bugs: SQL Injection Exploit Author: SoSPiro Vendor Homepage: https://www.sourcecodester.com/ Software Link:...

PT-2023-6983 · WordPress · Survey Maker Wordpress Plugin

Name of the Vulnerable Software and Affected Versions: Survey Maker WordPress Plugin versions prior to 3.1.2 Description: The issue is related to a lack of protection against SQL query structure manipulation when handling the surveys ids parameter. This can allow a remote attacker to execute...

Joomla Component XMap SQL Injection Vulnerability

Joomla is an open source content management system CMS. A SQL injection vulnerability exists in the Joomla component XMap. The flaw is due to input passed to 'index.php' via the 'view=' and 'itemID=' parameters failing to be properly filtered before being used in SQL queries. An attacker could...

Sql injection

SQL injection vulnerability in the "Users management" functionality in SeedDMS formerly LetoDMS and MyDMS before 5.1.8 allows authenticated attackers to manipulate an SQL query within the application by sending additional SQL commands to the application server. An attacker can use this...

Multiple vulnerabilities in MantisBT

High-Tech Bridge Security Research Lab has discovered multiple vulnerabilities in MantisBT, which can be exploited to perform Cross-Site Scripting XSS and SQL injection attacks. Improper access control vulnerability discloses database's credentials login and password in plaintext. 1 Cross-Site...

Outfront Spooky 2.x Login SQL Query Manipulation Password Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/4661/info Spooky Login is a commerical web access control and account management software package. It is distributed and maintained by Outfront, and is designed for Microsoft IIS Webservers. Under some circumstances, it m...

WebHost Automation Helm Control Panel 3.1.x Multiple Input Validation Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/11586/info Helm Control Panel is reported prone to multiple vulnerabilities. These include an SQL injection issue and an HTML injection vulnerability. A remote attacker can execute arbitrary HTML and script code in a user...

Zix Forum <= 1.12 (layid) SQL Injection Vulnerability

No description provided by source. Zix Forum = 1.12 layid SQL Injection Vulnerability Vulnerability: -------------------- SQLInjection: Input passed to the layid parameter in 'settings.asp' not properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by...

phpCheckZ 1.1.0 - Blind SQL Injection Vulnerability

No description provided by source. phpCheckZ 1.1.0 Blind SQL Injection Vulnerability Name phpCheckZ Vendor http://www.phpcheckz.com Versions Affected 1.1.0 Author Salvatore Fresta aka Drosophila Website http://www.salvatorefresta.net Contact salvatorefresta at gmail dot com Date 2010-10-19 X. IND...

Debian: Security Advisory (DSA-2787-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian DSA-2609-1 : rails - SQL query manipulation

An interpretation conflict can cause the Active Record component of Rails, a web framework for the Ruby programming language, to truncate queries in unexpected ways. This may allow attackers to elevate their privileges. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and...

[SECURITY] [DSA 2609-1] rails security update

------------------------------------------------------------------------- Debian Security Advisory DSA-2609-1 [email protected] http://www.debian.org/security/ Florian Weimer January 16, 2013 http://www.debian.org/security/faq -...