The vulnerability of the “Maxima Praidex” electronic queue management system lies in the lack of measures taken to protect the SQL query structure, allowing attackers to execute arbitrary code.

The vulnerability of the “Maxima Praidex” electronic queue management system is related to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by sending a specially crafted SQL query remotely...

The vulnerability of the “Accent” platform, related to the failure to protect the SQL query structure, allows unauthorized access to protected information.

The vulnerability of the “Accent” platform lies in the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability can allow an attacker operating remotely to gain unauthorized access to protected information...

The vulnerability of the centreon-web component of the Centreon software for monitoring IT infrastructure allows a perpetrator to enhance their privileges and execute arbitrary code.

The vulnerability of the centreon-web component of the IT infrastructure monitoring software relates to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor to enhance their privileges and execute arbitrary code using a specially...

The vulnerability of the adodb library, related to the lack of protective measures for the SQL query structure, allows attackers to execute arbitrary code.

The vulnerability of the adodb library is related to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

The vulnerability of the Service Account Auditing service of the Windows Active Directory management and reporting software Zoho ManageEngine ADAudit Plus allows a perpetrator to execute arbitrary code.

The vulnerability of the Service Account Auditing service in the Windows Active Directory management and reporting software Zoho ManageEngine ADAudit Plus is related to the lack of security measures for the SQL query structure. Exploitation of this vulnerability could allow a malicious actor to...

BIT-MARIADB-MIN-2022-24048

MariaDB CONNECT Storage Engine Stack-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the...

The vulnerabilities of web servers OZW672 and OZW772 involve a lack of protection for SQL query structures, allowing attackers to circumvent existing security restrictions.

The vulnerabilities of web servers OZW672 and OZW772 are related to the lack of measures taken to protect the SQL query structure. Exploiting these vulnerabilities allows a malicious actor to bypass existing security restrictions remotely...

The vulnerability of the ExportCertificate method in the software for managing and monitoring deleted objects in telemetry and telemechanics systems, such as the TeleControl Server Basic, allows a hacker to circumvent security restrictions, read and write arbitrary files, and execute arbitrary code.

The vulnerability of the ExportCertificate method in the software for managing and monitoring deleted objects in telemetry and telemechanics systems, such as the TeleControl Server Basic, is related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allo...

The vulnerability of the UnlockOpcSettings method in the software for managing and monitoring remote devices in telemetering and telemechanics systems allows a hacker to circumvent security restrictions, read and write arbitrary files, and execute arbitrary code.

The vulnerability of the UnlockOpcSettings method in the software for managing and monitoring remote devices in telemetering and telemechanics systems is related to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to bypass...

The vulnerability of the CreateBackup method in the software for managing and monitoring deleted objects in telemetry and telemechanics systems, such as the TeleControl Server Basic, allows a hacker to circumvent security restrictions, read and write arbitrary files, and execute arbitrary code.

The vulnerability of the CreateBackup method in the software for managing and monitoring deleted objects in telemetry and telemechanics systems related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows an attacker to bypass security restrictions,...

The vulnerability of the GetTraces method in the software for managing and monitoring remote devices in telemetry and telemechanics systems allows a hacker to bypass security restrictions, read and write arbitrary files, and execute arbitrary code.

The vulnerability of the GetTraces method in software for managing and monitoring remote devices in telemetry and telemechanics systems related to the lack of security measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor to bypass security restrictions, rea...

The vulnerability of the LockUser method in software for managing and monitoring deleted objects in telemetry and telemechanics systems, such as the TeleControl Server Basic, allows a hacker to circumvent security restrictions, read and write arbitrary files, and execute arbitrary code.

The vulnerability of the LockUser method in software for managing and monitoring removed objects in telemetry and telemechanics systems related to the TeleControl Server Basic is associated with the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows a...

CVE-2024-31455

Minder by Stacklok is an open source software supply chain security platform. A refactoring in commit 5c381cf added the ability to get GitHub repositories registered to a project without specifying a specific provider. Unfortunately, the SQL query for doing so was missing parenthesis, and would...

CVE-2024-53007

Bentley Systems ProjectWise Integration Server before 10.00.03.288 allows unintended SQL query execution by an authenticated user via an API call...

CVE-2023-26021

IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server 11.1 and 11.5 is vulnerable to a denial of service as the server may crash when compiling a specially crafted SQL query using a LIMIT clause. IBM X-Force ID: 247864...

CVE-2023-41640

An improper error handling vulnerability in the component ErroreNonGestito.aspx of GruppoSCAI RealGimm 1.1.37p38 allows attackers to obtain sensitive technical information via a crafted SQL query...

CVE-2023-3197

The MStore API plugin for WordPress is vulnerable to Unauthenticated Blind SQL Injection via the 'id' parameter in versions up to, and including, 4.0.1 due to insufficient escaping on the user supplied parameters and lack of sufficient preparation on the existing SQL query. This makes it possible...

CVE-2023-2111

The Fast & Effective Popups & Lead-Generation for WordPress plugin before 2.1.4 concatenates user input into an SQL query without escaping it first in the plugin's report API endpoint, which could allow administrators in multi-site configuration to leak sensitive information from the site's...

CVE-2023-3416

The tagDiv Opt-In Builder plugin is vulnerable to Blind SQL Injection via the 'subscriptionCouponId' parameter via the 'createstripesubscription' REST API endpoint in versions up to, and including, 1.4.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparatio...

CVE-2022-4770

Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.0 and 9.3.0.2, including 8.3.x display the full parametrized SQL query in an error message when an invalid character is used within a Pentaho Report .prpt...