216673 matches found
Red Hat Satellite SQL注入漏洞
Red Hat Satellite is a system management platform developed by Red Hat Inc. This platform can be used to expand Linux infrastructure and provides system management functions such as administration, configuration, and monitoring. Red Hat Satellite 6 has a SQL injection vulnerability, which stems...
SQL Injection
Overview Affected versions of this package are vulnerable to SQL Injection due to the AbstractFilterExpressionConverter's handling of operator characters, such as || and &&. This allows authenticated users to bypass metadata-based access controls by supplying arbitrary JSONPath queries to access...
PT-2026-25929
Name of the Vulnerable Software and Affected Versions GLPI versions 11.0.0 through 11.0.5 Description GLPI is a free Asset and IT management software package. An authenticated user can perform a SQL injection. The SQL injection can be performed through unspecified vectors. Recommendations Update ...
PT-2026-25899
Name of the Vulnerable Software and Affected Versions Red Hat Satellite Katello Plugin affected versions not specified Description A flaw exists in the Katello plugin for Red Hat Satellite due to improper sanitization of user-provided input. This allows a remote attacker to inject arbitrary SQL...
GLPI SQL注入漏洞
GLPI is an open-source IT and asset management software developed by GLPI. This software provides a comprehensive IT resource management interface, allowing you to create databases for managing various IT assets such as computers, monitors, servers, printers, network devices, telephones, and even...
WordPress plugin WowStore SQL注入漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...
PT-2026-25868
The WowStore – Store Builder & Product Blocks for WooCommerce plugin for WordPress is vulnerable to SQL Injection via the ‘search’ parameter in all versions up to, and including, 4.4.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing S...
PT-2026-25838
A weakness has been identified in Tiandy Easy7 Integrated Management Platform 7.17.0. The impacted element is an unknown function of the file /rest/devStatus/getDevDetailedInfo of the component Endpoint. Executing a manipulation of the argument ID can lead to sql injection. The attack can be...
PT-2026-25839
A security vulnerability has been detected in Tiandy Easy7 Integrated Management Platform up to 7.17.0. This affects an unknown function of the file /rest/preSetTemplate/getRecByTemplateId. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The explo...
PT-2026-25940
Name of the Vulnerable Software and Affected Versions Spring AI versions prior to 1.0.4 Spring AI versions prior to 1.1.3 Description A critical SQL injection flaw exists in Spring AI's MariaDBFilterExpressionConverter component. This issue allows attackers to bypass metadata-based access control...
CVE-2026-4287 Tiandy Easy7 Integrated Management Platform Endpoint queryResources sql injection
A security flaw has been discovered in Tiandy Easy7 Integrated Management Platform 7.17.0. The affected element is an unknown function of the file /rest/devStatus/queryResources of the component Endpoint. Performing a manipulation of the argument areaId results in sql injection. The attack can be...
CVE-2026-4287
A security flaw has been discovered in Tiandy Easy7 Integrated Management Platform 7.17.0. The affected element is an unknown function of the file /rest/devStatus/queryResources of the component Endpoint. Performing a manipulation of the argument areaId results in sql injection. The attack can be...
CVE-2026-4287
Tiandy Easy7 Integrated Management Platform Endpoint (version 7.17.0) has a SQL injection in the /rest/devStatus/queryResources function when areaId is manipulated. The vulnerability is exploitable remotely; a public exploit reportedly exists. The vendor was contacted but did not respond. No reme...
CVE-2026-4287 Tiandy Easy7 Integrated Management Platform Endpoint queryResources sql injection
A security flaw has been discovered in Tiandy Easy7 Integrated Management Platform 7.17.0. The affected element is an unknown function of the file /rest/devStatus/queryResources of the component Endpoint. Performing a manipulation of the argument areaId results in sql injection. The attack can be...
Admidio has a Second-Order SQL Injection via List Configuration (lsc_special_field, lsc_sort, lsc_filter)
Summary The MyList configuration feature in Admidio allows authenticated users to define custom list column layouts. User-supplied column names, sort directions, and filter conditions are stored in the admlistcolumns table via prepared statements safe storage, but are later read back and...
CVE-2026-30881
Chamilo LMS is a learning management system. Version 1.11.34 and prior contains a SQL Injection vulnerability in the statistics AJAX endpoint. The parameters datestart and dateend from $REQUEST are embedded directly into a raw SQL string without proper sanitization. Although Database::escapestrin...
CVE-2026-30881 Chamilo LMS: SQL Injection in the statistics AJAX endpoint
Chamilo LMS is a learning management system. Version 1.11.34 and prior contains a SQL Injection vulnerability in the statistics AJAX endpoint. The parameters datestart and dateend from $REQUEST are embedded directly into a raw SQL string without proper sanitization. Although Database::escapestrin...
CVE-2026-30881
Chamilo LMS (versions
CVE-2026-30881 Chamilo LMS: SQL Injection in the statistics AJAX endpoint
Chamilo LMS is a learning management system. Version 1.11.34 and prior contains a SQL Injection vulnerability in the statistics AJAX endpoint. The parameters datestart and dateend from $REQUEST are embedded directly into a raw SQL string without proper sanitization. Although Database::escapestrin...
EUVD-2026-12500
Chamilo LMS is a learning management system. Version 1.11.34 and prior contains a SQL Injection vulnerability in the statistics AJAX endpoint. The parameters datestart and dateend from $REQUEST are embedded directly into a raw SQL string without proper sanitization. Although Database::escapestrin...