CVE-2023-40610

Improper authorization check and possible privilege escalation on Apache Superset up to but excluding 2.1.2. Using the default examples database connection that allows access to both the examples schema and Apache Superset's metadata database, an attacker using a specially crafted CTE SQL stateme...

Authorization

Improper authorization check and possible privilege escalation on Apache Superset up to but excluding 2.1.2. Using the default examples database connection that allows access to both the examples schema and Apache Superset's metadata database, an attacker using a specially crafted CTE SQL stateme...

Seriously Simple Stats < 1.5.1 - Podcast Manager+ SQLi

Description The plugin does not properly sanitise and escape the orderby parameter before using it in a SQL statement, leading to a SQL injection exploitable by podcast manager roles and above...

Horizontal scrolling announcement <= 9.2 - Authenticated (subscriber+) Blind SQL Injection

Description The plugin did not sanitise its sid shortcode parameter before using it in a SQL statement, allowing low privilege users subscriber+ to perform Blind SQL Injection attack...

Security Bulletin: IBM® Db2® is vulnerable to denial of service with a specially crafted SQL statement using External Tables. (CVE-2023-40372)

Summary IBM® Db2® is vulnerable to denial of service with a specially crafted SQL statement using External Tables. Vulnerability Details CVEID:CVE-2023-40372 DESCRIPTION: IBM DB2 for Linux, UNIX and Windows includes Db2 Connect Server is vulnerable to denial of service with a specially crafted SQ...

Code injection

IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server 11.5 is vulnerable to denial of service with a specially crafted SQL statement using External Tables. IBM X-Force ID: 263499...

CVE-2023-40372 IBM Db2 denial of service

IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server 11.5 is vulnerable to denial of service with a specially crafted SQL statement using External Tables. IBM X-Force ID: 263499...

CVE-2023-38740 IBM Db2 denial of service

IBM Db2 for Linux, UNIX, and Windows includes Db2 Connect Server 11.5 is vulnerable to a denial of service with a specially crafted SQL statement. IBM X-Force ID: 262613...

CVE-2023-38740 IBM Db2 denial of service

IBM Db2 for Linux, UNIX, and Windows includes Db2 Connect Server 11.5 is vulnerable to a denial of service with a specially crafted SQL statement. IBM X-Force ID: 262613...

History Log by click5 < 1.0.13 - Admin+ Time-Based Blind SQL Injection

Description The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by admin users when using the Smash Balloon Social Photo Feed plugin alongside it. PoC 1 Navigate to Instagram Feed Settings Manage Sources, then cli...

History Log by click5 < 1.0.13 - Admin+ Time-Based Blind SQL Injection

Description The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by admin users when using the Smash Balloon Social Photo Feed plugin alongside it. 1 Navigate to Instagram Feed Settings Manage Sources, then click o...

CVE-2023-39359

Cacti is an open source operational monitoring and fault management framework. An authenticated SQL injection vulnerability was discovered which allows authenticated users to perform privilege escalation and remote code execution. The vulnerability resides in the graphs.php file. When dealing wit...

Sql injection

The User Activity Log WordPress plugin before 1.6.3 does not properly sanitise and escape the txtsearch parameter before using it in a SQL statement in some admin pages, leading to a SQL injection exploitable by high privilege users such as admin...

Sql injection

The ANGradeBook WordPress plugin through 5.0.1 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as subscriber...

Sql injection

The FormCraft WordPress plugin before 3.9.7 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin...

CVE-2023-2744 WP ERP < 1.12.4 - Admin+ SQL Injection

The ERP WordPress plugin before 1.12.4 does not properly sanitise and escape the type parameter in the erp/v1/accounting/v1/people REST API endpoint before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin...

QueryWall: Plug'n Play Firewall <= 1.1.1 - Admin+ SQLi

The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin. PoC 1. Send GET /wp-admin/admin.php?page=querywall=datetimegmt=desc%2cselectfromselectsleep20a 2. See SQL execution...

SQL Injection in Admin Search Find API

Impact SQL injection is a web security vulnerability that allows an attacker to interfere with the queries that an application makes to its database. It generally allows an attacker to view data that they are not normally able to retrieve. This might include data belonging to other users, or any...

Plugin for Google Reviews < 2.2.4 - Subscriber+ SQLi

The plugin does not properly sanitise and escape the placeid parameter before using it in a SQL statement via the grwoverviewajax AJAx action, leading to a SQL injection exploitable by any authenticated users, such as subscriber...

Sql injection

The GeoDirectory WordPress plugin before 2.2.24 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin...