CVE-2024-22280

CVE-2024-22280 affects VMware Aria Automation. The issue is an SQL injection due to improper input validation, enabling an authenticated attacker to perform unauthorized read/write operations in the database. Reported impact indicates network access with low privileges and no user interaction nee...

CVE-2024-22280 VMSA-2024-0017: VMware Aria Automation updates address SQL-injection vulnerability (CVE-2024-22280)

VMware Aria Automation does not apply correct input validation which allows for SQL-injection in the product. An authenticated malicious user could enter specially crafted SQL queries and perform unauthorised read/write operations in the database...

CVE-2024-22261

SQL-Injection in Harbor allows priviledge users to leak the task IDs...

CVE-2024-22261

Harbor (scan log API) is affected by a SQL Injection vulnerability described across OSV-BIT-HARBOR-2024-22261 and NVD CVE-2024-22261. The issue arises in the Harbor scan log API where privileged users (administrator, project_admin, project_maintainer) can trigger arbitrary SQL execution to leak t...

CVE-2024-22406

Shopware is an open headless commerce platform. The Shopware application API contains a search functionality which enables users to search through information stored within their Shopware instance. The searches performed by this function can be aggregated using the parameters in the “aggregations...

Sql injection

Shopware is an open headless commerce platform. The Shopware application API contains a search functionality which enables users to search through information stored within their Shopware instance. The searches performed by this function can be aggregated using the parameters in the “aggregations...

CVE-2024-22406

The CVE-2024-22406 issue concerns Shopware’s API search function, where the aggregations.name parameter enables time-based SQL injection. Affected product: Shopware (open headless commerce platform) with vulnerable code path in the application API search that aggregates results via the aggregatio...

CVE-2024-22406 Blind SQL-injection in DAL aggregations in Shopware

Shopware is an open headless commerce platform. The Shopware application API contains a search functionality which enables users to search through information stored within their Shopware instance. The searches performed by this function can be aggregated using the parameters in the “aggregations...

CVE-2024-22406 Blind SQL-injection in DAL aggregations in Shopware

Shopware is an open headless commerce platform. The Shopware application API contains a search functionality which enables users to search through information stored within their Shopware instance. The searches performed by this function can be aggregated using the parameters in the “aggregations...

CVE-2023-43144

Projectworldsl Assets-management-system-in-php 1.0 is vulnerable to SQL Injection via the "id" parameter in delete.php...

Online Fire Reporting System v1.0 - SQL injection

Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/admin/?page=teams/manageteam&id=. id: CVE-2022-31980 info: name: Online Fire Reporting System v1.0 - SQL injection author: theamanrawat severity: high description: | Online Fire Reporting System v1.0 is vulnerable to SQL...

CVE-2021-26644

SQL-Injection vulnerability caused by the lack of verification of input values for the table name of DB used by the Mangboard bulletin board. A remote attacker can use this vulnerability to execute arbitrary code on the server where the bulletin board is running...

Sql injection

SQL-Injection vulnerability caused by the lack of verification of input values for the table name of DB used by the Mangboard bulletin board. A remote attacker can use this vulnerability to execute arbitrary code on the server where the bulletin board is running...

CVE-2021-26644

SQL-Injection vulnerability caused by the lack of verification of input values for the table name of DB used by the Mangboard bulletin board. A remote attacker can use this vulnerability to execute arbitrary code on the server where the bulletin board is running...

CVE-2021-26644

Mangboard bulletin board is affected by CVE-2021-26644 through an SQL injection caused by input validation for the database table name. The vulnerability can allow a remote attacker to execute arbitrary code on the vulnerable server. Public sources indicate the issue exists in Mangboard versions ...

CVE-2022-22524

In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 an unauthenticated remote attacker could utilize a SQL-Injection vulnerability to gain full database access, modify users and stop services...

Sql injection

In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 an unauthenticated remote attacker could utilize a SQL-Injection vulnerability to gain full database access, modify users and stop services...

CVE-2022-22524 SQL-injection in Carlo Gavazzi UWP 3.0 allows for full database access

In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 an unauthenticated remote attacker could utilize a SQL-Injection vulnerability to gain full database access, modify users and stop services...

CVE-2022-22524

CVE-2022-22524 affects Carlo Gavazzi UWP3.0 and CPY Car Park Server (v2.8.3). Multiple sources describe a SQL injection that allows an unauthenticated remote attacker to gain full database access, modify users, and stop services. The affected components include UWP3.0 monitoring gateway/controlle...

CVE-2022-28813

CVE-2022-28813 affects Carlo Gavazzi UWP3.0 and CPY Car Park Server 2.8.3. A remote, unauthenticated SQL injection could access a volatile temporary database containing current device states. CVSSv3.1: 7.5 (HIGH); Attack Vector: NETWORK; Attack Complexity: LOW; Privileges Required: NONE; User Int...