1492 matches found
The vulnerability of the Ivanti EPM endpoint management software lies in the lack of protective measures for the SQL query structure, allowing a hacker to execute arbitrary code.
The vulnerability of the Ivanti EPM endpoint management software relates to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by injecting specially crafted SQL code remotely...
The vulnerability of the Ivanti EPM endpoint management software lies in the lack of protective measures for the SQL query structure, allowing a hacker to execute arbitrary code.
The vulnerability of the Ivanti EPM endpoint management software relates to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by injecting specially crafted SQL code remotely...
ROS-20240916-02
The vulnerability of the sql/itemcmpfunc.cc component of the MariaDB DBMS is related to a flaw in the use of the function assert. Exploitation of the vulnerability allows an attacker acting remotely to cause a denial of service The vulnerability of the Createtmptable::finalize component of the...
CVE-2024-8522 LearnPress – WordPress LMS Plugin <= 4.2.7 - Unauthenticated SQL Injection via 'c_only_fields'
The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to SQL Injection via the 'conlyfields' parameter of the /wp-json/learnpress/v1/courses REST API endpoint in all versions up to, and including, 4.2.7 due to insufficient escaping on the user supplied parameter and lack of...
VICIdial 2.14-917a SQL Injection
KL-001-2024-011: VICIdial Unauthenticated SQL Injection Title: VICIdial Unauthenticated SQL Injection Advisory ID: KL-001-2024-011 Publication Date: 2024-09-10 Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2024-011.txt 1. Vulnerability Details Affected Vendor: VICIdial Affect...
CVE-2024-29731
SQL injection vulnerabilities in SportsNET affecting version 4.0.1. These vulnerabilities could allow an attacker to retrieve, update and delete all information in the database by sending a specially crafted SQL query: https://XXXXXXX.saludydesafio.com/app/ax/checkBlindFields/ , parameters...
CVE-2024-29729
SQL injection vulnerabilities in SportsNET affecting version 4.0.1. These vulnerabilities could allow an attacker to retrieve, update and delete all information in the database by sending a specially crafted SQL query: https://XXXXXXX.saludydesafio.com/app/ax/generateShortURL/, parameter url...
CVE-2024-29728
SQL injection vulnerabilities in SportsNET affecting version 4.0.1. These vulnerabilities could allow an attacker to retrieve, update and delete all information in the database by sending a specially crafted SQL query: https://XXXXXXX.saludydesafio.com/app/ax/inscribeUsuario/ , parameter idDesafi...
CVE-2024-29724
SQL injection vulnerabilities in SportsNET affecting version 4.0.1. These vulnerabilities could allow an attacker to retrieve, update and delete all information in the database by sending a specially crafted SQL query: https://XXXXXXX.saludydesafio.com/ax/registerSp/, parameter idDesafio...
CVE-2024-29723
SQL injection vulnerabilities in SportsNET affecting version 4.0.1. These vulnerabilities could allow an attacker to retrieve, update and delete all information in the database by sending a specially crafted SQL query: https://XXXXXXX.saludydesafio.com/conexiones/ax/openTracExt/, parameter...
CVE-2024-29727
SQL injection vulnerabilities in SportsNET affecting version 4.0.1. These vulnerabilities could allow an attacker to retrieve, update and delete all information in the database by sending a specially crafted SQL query: https://XXXXXXX.saludydesafio.com/app/ax/sendParticipationRemember/ , paramete...
CVE-2024-29723 Multiple vulnerabilities in SportsNET
SQL injection vulnerabilities in SportsNET affecting version 4.0.1. These vulnerabilities could allow an attacker to retrieve, update and delete all information in the database by sending a specially crafted SQL query: https://XXXXXXX.saludydesafio.com/conexiones/ax/openTracExt/, parameter...
CVE-2024-29723 Multiple vulnerabilities in SportsNET
SQL injection vulnerabilities in SportsNET affecting version 4.0.1. These vulnerabilities could allow an attacker to retrieve, update and delete all information in the database by sending a specially crafted SQL query: https://XXXXXXX.saludydesafio.com/conexiones/ax/openTracExt/, parameter...
CVE-2024-29724 Multiple vulnerabilities in SportsNET
SQL injection vulnerabilities in SportsNET affecting version 4.0.1. These vulnerabilities could allow an attacker to retrieve, update and delete all information in the database by sending a specially crafted SQL query: https://XXXXXXX.saludydesafio.com/ax/registerSp/, parameter idDesafio...
CVE-2024-29726
CVE-2024-29726 concerns SportsNET, affected in version 4.0.1, with a SQL injection vulnerability in the application’s handling of the id parameter to /app/ax/setAsRead/. The root cause is improper input handling in the SQL query, enabling an attacker to retrieve, update, and delete all database i...
CVE-2024-29730 Multiple vulnerabilities in SportsNET
SQL injection vulnerabilities in SportsNET affecting version 4.0.1. These vulnerabilities could allow an attacker to retrieve, update and delete all information in the database by sending a specially crafted SQL query: https://XXXXXXX.saludydesafio.com/app/ax/consejoRandom/ , parameter idCat;...
CVE-2024-29730 Multiple vulnerabilities in SportsNET
SQL injection vulnerabilities in SportsNET affecting version 4.0.1. These vulnerabilities could allow an attacker to retrieve, update and delete all information in the database by sending a specially crafted SQL query: https://XXXXXXX.saludydesafio.com/app/ax/consejoRandom/ , parameter idCat;...
CVE-2024-45059
i-Educar is free, fully online school management software that can be used by school secretaries, teachers, coordinators, and area managers. A SQL Injection vulnerability was found prior to the 2.9 branch in the ieducar/intranet/funcionariovinculodet.php file, which creates the query by...
CVE-2024-45059
CVE-2024-45059 describes an authenticated SQL Injection in i-Educar prior to version 2.9, where the query in ieducar/intranet/funcionario_vinculo_det.php is built by concatenating the unsanitized GET parameter cod_func. This allows an attacker to access sensitive data such as emails and password ...
CVE-2024-8161
SQL injection vulnerability in ATISolutions CIGES affecting versions lower than 2.15.5. This vulnerability allows a remote attacker to send a specially crafted SQL query to the /modules/ajaxServiciosCentro.php point in the idCentro parameter and retrieve all the information stored in the database...