CVE-2025-56556

An issue was discovered in Subrion CMS 4.2.1, allowing authenticated adminitrators or moderators with access to the built-in Run SQL Query feature under the SQL Tool admin panel - to gain escalated privileges in the context of the SQL query tool...

ROS-20250912-01

Vulnerability of pgdump utility of PostgreSQL database management system is related to failure to take measures to protect SQL query structure. SQL query structure protection. Exploitation of the vulnerability could allow an attacker acting remotely, execute arbitrary code...

ROS-20250912-02

Vulnerability of pgdump utility of PostgreSQL database management system is related to failure to take measures to protect SQL query structure. SQL query structure protection. Exploitation of the vulnerability could allow an attacker acting remotely, execute arbitrary code...

ROS-20250912-04

Vulnerability of pgdump utility of PostgreSQL database management system is related to failure to take measures to protect SQL query structure. protection of SQL query structure. Exploitation of the vulnerability could allow an attacker acting remotely, execute arbitrary code...

ROS-20250912-05

Vulnerability of pgdump utility of PostgreSQL database management system is related to failure to take measures to protect SQL query structure. protection of SQL query structure. Exploitation of the vulnerability could allow an attacker acting remotely, execute arbitrary code...

CVE-2025-56556

An issue was discovered in Subrion CMS 4.2.1, allowing authenticated adminitrators or moderators with access to the built-in Run SQL Query feature under the SQL Tool admin panel - to gain escalated privileges in the context of the SQL query tool...

CVE-2025-56556

Subrion CMS 4.2.1 is affected. The issue arises from the Run SQL Query tool in the SQL Tool admin panel, where authenticated administrators or moderators can gain escalated privileges due to insufficient privilege checks in the SQL query context. The vulnerability affects the Run SQL Query functi...

CVE-2025-56556

An issue was discovered in Subrion CMS 4.2.1, allowing authenticated adminitrators or moderators with access to the built-in Run SQL Query feature under the SQL Tool admin panel - to gain escalated privileges in the context of the SQL query tool...

Subrion CMS 安全漏洞

Subrion CMS is a PHP-based content management system CMS from the Subrion team. The system can be integrated into websites and supports a variety of extensions plugins and more. A security vulnerability exists in Subrion CMS version 4.2.1, which stems from insufficient privilege control of the...

CVE-2025-56556

An issue was discovered in Subrion CMS 4.2.1, allowing authenticated adminitrators or moderators with access to the built-in Run SQL Query feature under the SQL Tool admin panel - to gain escalated privileges in the context of the SQL query tool...

ROS-20250828-04

A vulnerability in the Moodle virtual learning environment is related to insufficient cleanup of data provided by the by the user in the calendar event header when the event is deleted. Exploitation of the vulnerability could allow A remote attacker to perform cross-site scripting attacks A...

Linux Distros Unpatched Vulnerability : CVE-2016-2045

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Cross-site scripting XSS vulnerability in the SQL editor in phpMyAdmin 4.5.x before 4.5.4 allows remote authenticated users to inject arbitrary web script or HT...

The vulnerability of the REST API implementation of the monitoring and network equipment management system called Cisco Prime Infrastructure, as well as the Cisco Evolved Programmable Network Manager (EPNM) software for managing network services, allows a attacker to execute arbitrary code.

The vulnerability of the REST API interface of the Cisco Prime Infrastructure monitoring and network equipment management system, as well as the Cisco Evolved Programmable Network Manager EPNM, relates to the lack of security measures for SQL query structures. Exploiting this vulnerability allows...

The vulnerability in the WeGIA web manager’s script /html/funcionario/dependente_editarDoc.php allows a perpetrator to disclose confidential information, increase their privileges, or execute arbitrary code.

The vulnerability of the /html/funcionario/dependenteeditarDoc.php web manager of WeGIA is related to the failure to protect the SQL query structure when processing the parameter idatendidofamiliares. Exploiting this vulnerability can allow an attacker to disclose confidential information, enhanc...

The vulnerability of the /html/atendido/Profile_Atendido.php script of the WeGIA web manager allows a perpetrator to disclose confidential information or cause service denial.

The vulnerability of the WeGIA web manager’s /html/atendido/ProfileAtendido.php script is related to the failure to protect the SQL query structure when processing the idatendido parameter. Exploiting this vulnerability can allow an attacker to disclose confidential information or cause service...

CVE-2025-54790

Files is a module for managing files inside spaces and user profiles. In versions 0.16.9 and below, Files does not have logic to prevent the exploitation of backend SQL queries without direct output, potentially allowing unauthorized data access. This is fixed in version 0.16.10...

CVE-2025-54790 Files: Potential for SQL Injection through File Browse and List Operations

Files is a module for managing files inside spaces and user profiles. In versions 0.16.9 and below, Files does not have logic to prevent the exploitation of backend SQL queries without direct output, potentially allowing unauthorized data access. This is fixed in version 0.16.10...

UBUNTU-CVE-2025-8264

Versions of the package z-push/z-push-dev before 2.7.6 are vulnerable to SQL Injection due to unparameterized queries in the IMAP backend. An attacker can inject malicious commands by manipulating the username field in basic authentication. This allows the attacker to access and potentially modif...

The vulnerability of the online platform GarminConnect, related to the lack of measures taken to protect the SQL query structure, allows a perpetrator to access protected information.

The vulnerability of the online platform GarminConnect relates to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability could allow an attacker to access protected information...

The vulnerability of Microsoft Configuration Manager software for managing IT infrastructure lies in the lack of protective measures for the SQL query structure, allowing attackers to execute arbitrary code.

The vulnerability of Microsoft Configuration Manager software for managing IT infrastructure is related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...