Lucene search
K

1666 matches found

Cvelist
Cvelist
added 2023/08/03 6:56 a.m.17 views

CVE-2023-21412 Non-sanitized user input could lead to SQL injections in AXIS License Plate Verifier

User provided input is not sanitized on the AXIS License Plate Verifier specific “search.cgi” allowing for SQL injections...

7.2CVSS8.9AI score0.00492EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/08/03 6:56 a.m.13 views

CVE-2023-21412 Non-sanitized user input could lead to SQL injections in AXIS License Plate Verifier

User provided input is not sanitized on the AXIS License Plate Verifier specific “search.cgi” allowing for SQL injections...

7.2CVSS7.9AI score0.00492EPSS
Exploits0References1
wpexploit
wpexploit
added 2023/06/26 12:0 a.m.508 views

POST SMTP Mailer < 2.5.7 - Account Takeover via CSRF

The plugin does not have proper CSRF checks in some AJAX actions, which could allow attackers to make logged in users with the managepostmansmtp capability resend an email to an arbitrary address for example a password reset email could be resent to an attacker controlled email, and allow them to...

8.8CVSS7.1AI score0.00321EPSS
Exploits2
WPVulnDB
WPVulnDB
added 2023/06/26 12:0 a.m.15 views

POST SMTP Mailer < 2.5.7 - Account Takeover via CSRF

The plugin does not have proper CSRF checks in some AJAX actions, which could allow attackers to make logged in users with the managepostmansmtp capability resend an email to an arbitrary address for example a password reset email could be resent to an attacker controlled email, and allow them to...

8.8CVSS7.1AI score0.00321EPSS
Exploits2Affected Software1
CVE
CVE
added 2023/02/16 2:11 p.m.138 views

CVE-2023-22578

CVE-2023-22578 affects the Sequelize JavaScript ORM. The issue is caused by improper attribute filtering, enabling a remote attacker to execute SQL injections via crafted queries that can view, add, modify, or delete data in the back-end database. Documented impacts in the IBM/Red Hat/OSS advisor...

10CVSS9.6AI score0.00831EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2023/02/16 2:11 p.m.49 views

CVE-2023-22578 Sequalize - Default support for “raw attributes” when using parentheses

Due to improper artibute filtering in the sequalize js library, can a attacker peform SQL injections...

10CVSS9.8AI score0.00831EPSS
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2023/01/24 4:38 a.m.3 views

Contec CONPROSYS HMI System (CHS) vulnerable to multiple SQL injections

Overview CONPROSYS HMI System CHS provided by CONTEC CO.,LTD. contains multiple SQL injection vulnerabilities CWE-89. Mosin from ELEX FEIGONG RESEARCH INSTITUTE of Elex CyberSecurity, Inc., reported these vulnerabilities to Contec Co., Ltd. Contec Co., Ltd. reported the issues to JPCERT/CC in ord...

6.5CVSS8AI score0.01327EPSS
Exploits0References6
NVD
NVD
added 2023/01/01 8:15 a.m.25 views

CVE-2022-34324

Multiple SQL injections in Sage XRT Business Exchange 12.4.302 allow an authenticated attacker to inject malicious data in SQL queries: Add Currencies, Payment Order, and Transfer History...

8.8CVSS8.8AI score0.11812EPSS
Exploits1References1
Cvelist
Cvelist
added 2023/01/01 12:0 a.m.26 views

CVE-2022-34324

Multiple SQL injections in Sage XRT Business Exchange 12.4.302 allow an authenticated attacker to inject malicious data in SQL queries: Add Currencies, Payment Order, and Transfer History...

9AI score0.11812EPSS
Exploits1References1
OpenVAS
OpenVAS
added 2022/11/03 12:0 a.m.22 views

phpIPAM < 1.5.0 Multiple Vulnerabilities

phpIPAM is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:phpipam:phpipam"; ifdescription...

8.8CVSS6.7AI score0.01015EPSS
Exploits2References1
ATTACKERKB
ATTACKERKB
added 2022/09/19 2:15 p.m.3 views

CVE-2022-2840

The Zephyr Project Manager WordPress plugin before 3.2.5 does not sanitise and escape various parameters before using them in SQL statements via various AJAX actions available to both unauthenticated and authenticated users, leading to SQL injections...

9.8CVSS5.9AI score0.09675EPSS
Exploits5References3
NVD
NVD
added 2022/09/19 2:15 p.m.33 views

CVE-2022-3142

The NEX-Forms WordPress plugin before 7.9.7 does not properly sanitise and escape user input before using it in SQL statements, leading to SQL injections. The attack can be executed by anyone who is permitted to view the forms statistics chart, by default administrators, however can be configured...

8.8CVSS0.10375EPSS
Exploits5References3
Positive Technologies
Positive Technologies
added 2022/09/19 12:0 a.m.5 views

PT-2022-19001 · WordPress · Zephyr Project Manager

Name of the Vulnerable Software and Affected Versions: Zephyr Project Manager WordPress plugin versions prior to 3.2.5 Description: The issue concerns the Zephyr Project Manager WordPress plugin, which does not properly sanitise and escape various parameters before using them in SQL statements vi...

9.8CVSS7.5AI score0.09675EPSS
Exploits5References7
NCSC
NCSC
added 2022/09/13 12:0 a.m.4 views

Vulnerabilities fixed in Microsoft Dynamics

Microsoft has fixed vulnerabilities in Microsoft Dynamics. A authenticated malicious person could exploit the vulnerabilities to execute SQL injections, and thus arbitrary code within the context of the database, with dbowner privileges. The tables below list the vulnerabilities fixed by Microsof...

8.8CVSS7.5AI score0.03076EPSS
Exploits0
NVD
NVD
added 2022/08/22 1:15 a.m.17 views

CVE-2022-36198

Multiple SQL injections detected in Bus Pass Management System 1.0 via buspassms/admin/view-enquiry.php, buspassms/admin/pass-bwdates-reports-details.php, buspassms/admin/changeimage.php, buspassms/admin/search-pass.php, buspassms/admin/edit-category-detail.php, and...

9.8CVSS0.00988EPSS
Exploits1References2
Cvelist
Cvelist
added 2022/08/22 12:31 a.m.21 views

CVE-2022-36198

Multiple SQL injections detected in Bus Pass Management System 1.0 via buspassms/admin/view-enquiry.php, buspassms/admin/pass-bwdates-reports-details.php, buspassms/admin/changeimage.php, buspassms/admin/search-pass.php, buspassms/admin/edit-category-detail.php, and...

9.9AI score0.00988EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2022/08/22 12:0 a.m.4 views

PT-2022-23255 · Unknown · Bus Pass Management System

Name of the Vulnerable Software and Affected Versions: Bus Pass Management System version 1.0 Description: Multiple SQL injections were detected in the Bus Pass Management System. The issue affects several API endpoints, including "buspassms/admin/view-enquiry.php",...

9.8CVSS9.7AI score0.00988EPSS
Exploits1References5
The Hacker News
The Hacker News
added 2022/08/18 1:33 p.m.62 views

China-backed APT41 Hackers Targeted 13 Organisations Worldwide Last Year

The Chinese advanced persistent threat APT actor tracked as Winnti has targeted at least 13 organizations geographically spanning across the U.S, Taiwan, India, Vietnam, and China against the backdrop of four different campaigns in 2021. "The targeted industries included the public sector,...

1.1AI score
Exploits0
NVD
NVD
added 2022/07/22 3:15 p.m.18 views

CVE-2022-2137

The affected product is vulnerable to two SQL injections that require high privileges for exploitation and may allow an unauthorized attacker to disclose information...

4.9CVSS0.00796EPSS
Exploits0References1
NVD
NVD
added 2022/07/22 3:15 p.m.25 views

CVE-2022-2135

The affected product is vulnerable to multiple SQL injections, which may allow an unauthorized attacker to disclose information...

7.5CVSS0.10085EPSS
Exploits0References1
Rows per page
Query Builder