1666 matches found
CVE-2023-21412 Non-sanitized user input could lead to SQL injections in AXIS License Plate Verifier
User provided input is not sanitized on the AXIS License Plate Verifier specific “search.cgi” allowing for SQL injections...
CVE-2023-21412 Non-sanitized user input could lead to SQL injections in AXIS License Plate Verifier
User provided input is not sanitized on the AXIS License Plate Verifier specific “search.cgi” allowing for SQL injections...
POST SMTP Mailer < 2.5.7 - Account Takeover via CSRF
The plugin does not have proper CSRF checks in some AJAX actions, which could allow attackers to make logged in users with the managepostmansmtp capability resend an email to an arbitrary address for example a password reset email could be resent to an attacker controlled email, and allow them to...
POST SMTP Mailer < 2.5.7 - Account Takeover via CSRF
The plugin does not have proper CSRF checks in some AJAX actions, which could allow attackers to make logged in users with the managepostmansmtp capability resend an email to an arbitrary address for example a password reset email could be resent to an attacker controlled email, and allow them to...
CVE-2023-22578
CVE-2023-22578 affects the Sequelize JavaScript ORM. The issue is caused by improper attribute filtering, enabling a remote attacker to execute SQL injections via crafted queries that can view, add, modify, or delete data in the back-end database. Documented impacts in the IBM/Red Hat/OSS advisor...
CVE-2023-22578 Sequalize - Default support for “raw attributes” when using parentheses
Due to improper artibute filtering in the sequalize js library, can a attacker peform SQL injections...
Contec CONPROSYS HMI System (CHS) vulnerable to multiple SQL injections
Overview CONPROSYS HMI System CHS provided by CONTEC CO.,LTD. contains multiple SQL injection vulnerabilities CWE-89. Mosin from ELEX FEIGONG RESEARCH INSTITUTE of Elex CyberSecurity, Inc., reported these vulnerabilities to Contec Co., Ltd. Contec Co., Ltd. reported the issues to JPCERT/CC in ord...
CVE-2022-34324
Multiple SQL injections in Sage XRT Business Exchange 12.4.302 allow an authenticated attacker to inject malicious data in SQL queries: Add Currencies, Payment Order, and Transfer History...
CVE-2022-34324
Multiple SQL injections in Sage XRT Business Exchange 12.4.302 allow an authenticated attacker to inject malicious data in SQL queries: Add Currencies, Payment Order, and Transfer History...
phpIPAM < 1.5.0 Multiple Vulnerabilities
phpIPAM is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:phpipam:phpipam"; ifdescription...
CVE-2022-2840
The Zephyr Project Manager WordPress plugin before 3.2.5 does not sanitise and escape various parameters before using them in SQL statements via various AJAX actions available to both unauthenticated and authenticated users, leading to SQL injections...
CVE-2022-3142
The NEX-Forms WordPress plugin before 7.9.7 does not properly sanitise and escape user input before using it in SQL statements, leading to SQL injections. The attack can be executed by anyone who is permitted to view the forms statistics chart, by default administrators, however can be configured...
PT-2022-19001 · WordPress · Zephyr Project Manager
Name of the Vulnerable Software and Affected Versions: Zephyr Project Manager WordPress plugin versions prior to 3.2.5 Description: The issue concerns the Zephyr Project Manager WordPress plugin, which does not properly sanitise and escape various parameters before using them in SQL statements vi...
Vulnerabilities fixed in Microsoft Dynamics
Microsoft has fixed vulnerabilities in Microsoft Dynamics. A authenticated malicious person could exploit the vulnerabilities to execute SQL injections, and thus arbitrary code within the context of the database, with dbowner privileges. The tables below list the vulnerabilities fixed by Microsof...
CVE-2022-36198
Multiple SQL injections detected in Bus Pass Management System 1.0 via buspassms/admin/view-enquiry.php, buspassms/admin/pass-bwdates-reports-details.php, buspassms/admin/changeimage.php, buspassms/admin/search-pass.php, buspassms/admin/edit-category-detail.php, and...
CVE-2022-36198
Multiple SQL injections detected in Bus Pass Management System 1.0 via buspassms/admin/view-enquiry.php, buspassms/admin/pass-bwdates-reports-details.php, buspassms/admin/changeimage.php, buspassms/admin/search-pass.php, buspassms/admin/edit-category-detail.php, and...
PT-2022-23255 · Unknown · Bus Pass Management System
Name of the Vulnerable Software and Affected Versions: Bus Pass Management System version 1.0 Description: Multiple SQL injections were detected in the Bus Pass Management System. The issue affects several API endpoints, including "buspassms/admin/view-enquiry.php",...
China-backed APT41 Hackers Targeted 13 Organisations Worldwide Last Year
The Chinese advanced persistent threat APT actor tracked as Winnti has targeted at least 13 organizations geographically spanning across the U.S, Taiwan, India, Vietnam, and China against the backdrop of four different campaigns in 2021. "The targeted industries included the public sector,...
CVE-2022-2137
The affected product is vulnerable to two SQL injections that require high privileges for exploitation and may allow an unauthorized attacker to disclose information...
CVE-2022-2135
The affected product is vulnerable to multiple SQL injections, which may allow an unauthorized attacker to disclose information...