937 matches found
CVE-2021-26609
CVE-2021-26609 affects the WordPress Mang Board plugin (Mangboard) via a SQL injection in the order_type parameter, where unfiltered input is used to build a SQL query, enabling an attacker to potentially access user data. Multiple connected sources confirm the vulnerability in Mangboard (WordPre...
WooCommerce Multi Currency Bug Allows Shoppers to Change eCommerce Pricing
A security vulnerability in the WooCommerce Multi Currency plugin could allow any customer to change the pricing for products in online stores. WooCommerce is a popular eCommerce plugin for WordPress-powered websites; the Multi Currency plugin from Envato meanwhile allows e-tailers using...
CVE-2020-7819
A SQL-Injection vulnerability in the nTracker USB Enterprisesecure USB management solution allows a remote unauthenticated attacker to perform SQL query to access username password and other session related information...
CVE-2020-7819
CVE-2020-7819 corresponds to a SQL injection vulnerability in the nTracker USB Enterprise (secure USB management solution). Multiple connected sources confirm that a remote, unauthenticated attacker can exploit the flaw to run SQL queries and access session-related data, including usernames and p...
CVE-2020-7819 nTracker USB Enterprise SQL-Injection vulnerability
A SQL-Injection vulnerability in the nTracker USB Enterprisesecure USB management solution allows a remote unauthenticated attacker to perform SQL query to access username password and other session related information...
Tutor LMS for WordPress Open to Info-Stealing
Security vulnerabilities in Tutor LMS, a WordPress plugin installed on more than 20,000 sites, open the door to information theft and privilege escalation, according to researchers. Tutor LMS is a learning-management system for educators that allows them to digitally reach their students. It...
CVE-2021-20016
A SQL-Injection vulnerability in the SonicWall SSLVPN SMA100 product allows a remote unauthenticated attacker to perform SQL query to access username password and other session related information. This vulnerability impacts SMA100 build version 10.x...
Sql injection
A SQL-Injection vulnerability in the SonicWall SSLVPN SMA100 product allows a remote unauthenticated attacker to perform SQL query to access username password and other session related information. This vulnerability impacts SMA100 build version 10.x...
CVE-2021-20016
A SQL-Injection vulnerability in the SonicWall SSLVPN SMA100 product allows a remote unauthenticated attacker to perform SQL query to access username password and other session related information. This vulnerability impacts SMA100 build version 10.x. Recent assessments: wvu-r7 at February 05, 20...
CVE-2021-20016
CVE-2021-20016 is a SQL Injection vulnerability in SonicWall SSLVPN SMA100 (build 10.x). The description confirms remote unauthenticated access to usernames/passwords and session data. Connected sources reiterate SonicWall SSLVPN/SMA100 and CVE mention but provide no additional technical specific...
CVE-2021-20016
A SQL-Injection vulnerability in the SonicWall SSLVPN SMA100 product allows a remote unauthenticated attacker to perform SQL query to access username password and other session related information. This vulnerability impacts SMA100 build version 10.x...
PT-2021-2884
Name of the Vulnerable Software and Affected Versions SonicWall SSLVPN SMA100 versions 10.x Description The issue is related to a SQL Injection vulnerability in the SonicWall SSLVPN SMA100 product. This vulnerability allows a remote unauthenticated attacker to perform SQL queries to access...
CVE-2020-4003
VMware SD-WAN Orchestrator 3.3.2 prior to 3.3.2 P3, 3.4.x prior to 3.4.4, and 4.0.x prior to 4.0.1 was found to be vulnerable to SQL-injection attacks allowing for potential information disclosure. An authenticated SD-WAN Orchestrator user may inject code into SQL queries which may lead to...
CVE-2020-3984
The SD-WAN Orchestrator 3.3.2 prior to 3.3.2 P3 and 3.4.x prior to 3.4.4 does not apply correct input validation which allows for SQL-injection. An authenticated SD-WAN Orchestrator user may exploit a vulnerable API call using specially crafted SQL queries which may lead to unauthorized data acce...
CVE-2020-3984
The SD-WAN Orchestrator 3.3.2 prior to 3.3.2 P3 and 3.4.x prior to 3.4.4 does not apply correct input validation which allows for SQL-injection. An authenticated SD-WAN Orchestrator user may exploit a vulnerable API call using specially crafted SQL queries which may lead to unauthorized data acce...
CVE-2020-3984
The CVE-2020-3984 issue affects SD-WAN Orchestrator (versions 3.3.2 prior to 3.3.2 P3 and 3.4.x prior to 3.4.4) where insufficient input validation permits SQL injection via a vulnerable API call by an authenticated user, potentially leading to unauthorized data access. This is corroborated in Re...
CVE-2020-4003
VMware SD-WAN Orchestrator 3.3.2 prior to 3.3.2 P3, 3.4.x prior to 3.4.4, and 4.0.x prior to 4.0.1 was found to be vulnerable to SQL-injection attacks allowing for potential information disclosure. An authenticated SD-WAN Orchestrator user may inject code into SQL queries which may lead to...
CVE-2020-4003
CVE-2020-4003 affects VMware SD-WAN Orchestrator, with versions 3.3.2 prior to 3.3.2 P3, 3.4.x prior to 3.4.4, and 4.0.x prior to 4.0.1; it is a SQL injection flaw that allows an authenticated SD-WAN Orchestrator user to inject code into SQL queries and potentially disclose information. The CVE i...
GHSA-HVXQ-J2R4-4JM8 Regular Expression Denial of Service in sql-injection
All versions of sql-injection are vulnerable to Regular Expression Denial of Service. The package processes a request's body with regular expressions that may take exponentially longer to execute for large inputs. Recommendation No fix is currently available. Consider using an alternative package...
Regular Expression Denial of Service in sql-injection
All versions of sql-injection are vulnerable to Regular Expression Denial of Service. The package processes a request's body with regular expressions that may take exponentially longer to execute for large inputs. Recommendation No fix is currently available. Consider using an alternative package...