216301 matches found
CVE-2026-6562
A flaw has been found in dameng100 muucmf 1.9.5.20260309. Impacted is the function getListByPage of the file /index/Search/index.html. Executing a manipulation of the argument keyword can lead to sql injection. The attack may be performed from remote. The exploit has been published and may be use...
CVE-2026-6562
A flaw has been found in dameng100 muucmf 1.9.5.20260309. Impacted is the function getListByPage of the file /index/Search/index.html. Executing a manipulation of the argument keyword can lead to sql injection. The attack may be performed from remote. The exploit has been published and may be use...
CVE-2026-6562
CVE-2026-6562 affects dameng100 muucmf 1.9.5.20260309. The vulnerable component is getListByPage in /index/Search/index.html. Manipulating the keyword argument enables SQL injection from remote, with exploit published. Vendor was contacted but did not respond.
CVE-2026-6562 dameng100 muucmf index.html getListByPage sql injection
A flaw has been found in dameng100 muucmf 1.9.5.20260309. Impacted is the function getListByPage of the file /index/Search/index.html. Executing a manipulation of the argument keyword can lead to sql injection. The attack may be performed from remote. The exploit has been published and may be use...
CVE-2026-6562 dameng100 muucmf index.html getListByPage sql injection
A flaw has been found in dameng100 muucmf 1.9.5.20260309. Impacted is the function getListByPage of the file /index/Search/index.html. Executing a manipulation of the argument keyword can lead to sql injection. The attack may be performed from remote. The exploit has been published and may be use...
PT-2026-33620
A flaw has been found in dameng100 muucmf 1.9.5.20260309. Impacted is the function getListByPage of the file /index/Search/index.html. Executing a manipulation of the argument keyword can lead to sql injection. The attack may be performed from remote. The exploit has been published and may be use...
PT-2026-33643
Name of the Vulnerable Software and Affected Versions Apache Doris MCP Server versions prior to 0.6.1 Description An improper neutralization flaw in query context handling within the MCP query execution interface may allow the execution of unintended SQL statements. This can lead to the bypass of...
tachyon
Tachyon Tachyon is a Go-based command-line web vulnerability...
CVE-2026-37343
SourceCodester Vehicle Parking Area Management System v1.0 is vulnerable to SQL Injection in the file /parking/manageuser.php...
CVE-2026-37344
SourceCodester Vehicle Parking Area Management System v1.0 is vulnerable to SQL Injection in the file /parking/managelocation.php...
CVE-2026-37340
SourceCodester Simple Music Cloud Community System v1.0 is vulnerable to SQL Injection in the file /music/editmusic.php...
CVE-2026-37342
SourceCodester Vehicle Parking Area Management System v1.0 is vulnerable to SQL Injection in the file /parking/viewparkeddetails.php...
CVE-2026-37341
SourceCodester Vehicle Parking Area Management System v1.0 is vulnerable to SQL Injection in the file /parking/managecategory.php...
CVE-2026-33084
DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a SQL injection vulnerability in the sort parameter of the /de2api/datasetData/enumValueObj endpoint. The DatasetDataManage service layer directly transfers the user-supplied sort value to the...
GHSA-MJW2-V2HM-WJ34 Dagster Vulnerable to SQL Injection via Dynamic Partition Keys in Database I/O Manager Integrations
Summary The DuckDB, Snowflake, BigQuery, and DeltaLake I/O managers constructed SQL WHERE clauses by interpolating dynamic partition key values into queries without escaping. A user with the Add Dynamic Partitions permission could create a partition key that injects arbitrary SQL, which would...
SQL Injection
Overview dagster is a Dagster is an orchestration platform for the development, production, and observation of data assets. Affected versions of this package are vulnerable to SQL Injection via the construction of SQL WHERE clauses in database I/O manager integrations. An attacker can execute...
SQL Injection
Overview dagster-deltalake is a Package for Deltalake-specific Dagster framework op and resource components. Affected versions of this package are vulnerable to SQL Injection via the construction of SQL WHERE clauses in database I/O manager integrations. An attacker can execute arbitrary SQL...
SQL Injection
Overview dagster-duckdb is a Package for DuckDB-specific Dagster framework op and resource components. Affected versions of this package are vulnerable to SQL Injection via the construction of SQL WHERE clauses in database I/O manager integrations. An attacker can execute arbitrary SQL commands b...
SQL Injection
Overview dagster-snowflake is a Package for Snowflake Dagster framework components. Affected versions of this package are vulnerable to SQL Injection via the construction of SQL WHERE clauses in database I/O manager integrations. An attacker can execute arbitrary SQL commands by creating speciall...
SQL Injection
Overview dagster-gcp is a Package for GCP-specific Dagster framework op and resource components. Affected versions of this package are vulnerable to SQL Injection via the construction of SQL WHERE clauses in database I/O manager integrations. An attacker can execute arbitrary SQL commands by...