1492 matches found
CVE-2022-41142
This vulnerability allows remote attackers to escalate privileges on affected installations of Centreon. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of requests to configure poller resources. The issue results from the lack of proper...
The vulnerability of the setConfiguration component in the system for centralized control of network devices and ports of the Advantech iView model allows a hacker to gain unauthorized access to protected information.
The vulnerability of the setConfiguration component in the Advantech iView network device and port management system is related to the lack of measures taken to protect the SQL query structure during the processing of the ConfigurationServlet. Exploiting this vulnerability allows an attacker,...
PT-2023-6983 · WordPress · Survey Maker Wordpress Plugin
Name of the Vulnerable Software and Affected Versions: Survey Maker WordPress Plugin versions prior to 3.1.2 Description: The issue is related to a lack of protection against SQL query structure manipulation when handling the surveys ids parameter. This can allow a remote attacker to execute...
Sql injection
An issue was discovered in Archibus Web Central 2022.03.01.107. A service exposed by the application accepts a user-controlled parameter that is used to create an SQL query. It causes this service to be prone to SQL injection...
Apache Kylin Command Injection Vulnerability
Apache Kylin is an open source distributed analytic data warehouse from the Apache Foundation. The product mainly provides Hadoop/Spark on top of the SQL query interface and multidimensional analysis OLAP and other functions. kylin has a command injection vulnerability, the vulnerability stems fr...
PT-2023-7671 · WordPress · Cryptocurrency Widgets Pack
Name of the Vulnerable Software and Affected Versions: Cryptocurrency Widgets Pack WordPress plugin versions prior to 2.0 Description: The issue is related to a lack of sanitization and escaping of some parameters before using them in SQL statements via an AJAX action. This can lead to SQL...
CVE-2022-4160
The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the cgcopyid POST parameter before concatenating it to an SQL query in cg-copy-comments.php and cg-copy-rating.php. This may allow malicious users with at least author privileg...
CVE-2022-4165
The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the cgorder POST parameter before concatenating it to an SQL query in order-custom-fields-with-and-without-search.php. This may allow malicious users with at least author...
CVE-2022-4163
The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the cgdeactivate and cgactivate POST parameters before concatenating it to an SQL query in 2deactivate.php and 4activate.php, respectively. This may allow malicious users with ...
CVE-2022-4153
The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the upload POST parameter before concatenating it to an SQL query in get-data-create-upload-v10.php. This may allow malicious users with at least author privilege to leak...
Cross site request forgery (csrf)
The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the cgdeactivate and cgactivate POST parameters before concatenating it to an SQL query in 2deactivate.php and 4activate.php, respectively. This may allow malicious users with ...
Cross site request forgery (csrf)
The Contest Gallery WordPress plugin before 19.1.5, Contest Gallery Pro WordPress plugin before 19.1.5 do not escape the optionid POST parameter before concatenating it to an SQL query in edit-options.php. This may allow malicious users with at least author privilege to leak sensitive information...
Cross site request forgery (csrf)
The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the cgFields POST parameter before concatenating it to an SQL query in users-registry-check-registering-and-login.php. This may allow malicious visitors to leak sensitive...
Cross site request forgery (csrf)
The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the cgoptionid POST parameter before concatenating it to an SQL query in export-votes-all.php. This may allow malicious users with administrator privileges i.e. on multisite...
PT-2022-25916 · WordPress · Contest Gallery Pro +1
Name of the Vulnerable Software and Affected Versions: Contest Gallery WordPress plugin versions prior to 19.1.5.1 Contest Gallery Pro WordPress plugin versions prior to 19.1.5.1 Description: The issue allows malicious users with at least author privilege to leak sensitive information from the...
Privilege Escalation
puppetdb is vulnerable to privilege escalation. The vulnerability exists due to the lack of input query validation in the library, allowing an attacker to delete user tables via malicious sql query...
The vulnerability of the my_decimal::operator database component, which allows a hacker to trigger a service failure.
The vulnerability of the mydecimal::operator component of the MariaDB database lies in the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to trigger service failures through a specially crafted SQL query...
CVE-2022-1578 My wpdb < 2.5 - Arbitrary SQL Query via CSRF
The My wpdb WordPress plugin before 2.5 is missing CSRF check when running SQL queries, which could allow attacker to make a logged in admin run arbitrary SQL query via a CSRF attack...
CVE-2022-1578 My wpdb < 2.5 - Arbitrary SQL Query via CSRF
The My wpdb WordPress plugin before 2.5 is missing CSRF check when running SQL queries, which could allow attacker to make a logged in admin run arbitrary SQL query via a CSRF attack...
My wpdb < 2.5 - Arbitrary SQL Query via CSRF
The plugin is missing CSRF check when running SQL queries, which could allow attacker to make a logged in admin run arbitrary SQL query via a CSRF attack document.getElementById"test".submit;...