CVE-2023-41891

FlyteAdmin’s list endpoints are vulnerable to SQL injection in versions prior to 1.1.124, where a malicious user can send REST requests with custom SQL statements as list filters. The attacker must have access to the FlyteAdmin installation (typically behind VPN or authenticated access). A patch ...

Flyte Admin SQL Injection in List Filters

Impact List endpoints on Flyte Admin has a SQL vulnerability where a malicious user can send a REST requests with custom SQL statements as list filters. Workarounds The attacker needs to have access to the flyteadmin installation typically either behind a VPN or authentication. References...

PT-2023-28148 · Unknown · Flyteadmin

Name of the Vulnerable Software and Affected Versions: FlyteAdmin versions prior to 1.1.124 Description: The issue concerns a SQL vulnerability in list endpoints on FlyteAdmin, where a malicious user can send a REST request with custom SQL statements as list filters. This requires the attacker to...

Sql injection

Election Services Co. ESC Internet Election Service is vulnerable to SQL injection in multiple pages and parameters. These vulnerabilities allow an unauthenticated, remote attacker to read or modify data for any elections that share the same backend database. ESC deactivated older and unused...

Important: libpq

Issue Overview: A man-in-the-middle attacker can inject false responses to the client's first few queries, despite the use of SSL certificate verification and encryption. CVE-2021-23222 A flaw was found in PostgreSQL. There is an issue with incomplete efforts to operate safely when a privileged...

CVE-2023-31617

An issue in the dksetdelete component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service DoS via crafted SQL statements...

CVE-2023-31628

An issue in the stricmp component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service DoS via crafted SQL statements...

CVE-2023-31629

An issue in the sqlounionscope component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service DoS via crafted SQL statements...

CVE-2023-30839 PrestaShop vulnerable to SQL filter bypass leading to arbitrary write requests using "SQL Manager"

PrestaShop is an Open Source e-commerce web application. Versions prior to 8.0.4 and 1.7.8.9 contain a SQL filtering vulnerability. A BO user can write, update, and delete in the database, even without having specific rights. PrestaShop 8.0.4 and 1.7.8.9 contain a patch for this issue. There are ...

Sql injection

Online Student Management System v1.0 was discovered to contain a SQL injection vulnerability via the searchdata parameter at /eduauth/student/search.php...

CVE-2022-48114

RuoYi up to v4.7.5 was discovered to contain a SQL injection vulnerability via the component /tool/gen/createTable...

CVE-2022-23510 SQl injection in cube-js

cube-js is a headless business intelligence platform. In version 0.31.23 all authenticated Cube clients could bypass SQL row-level security and run arbitrary SQL via the newly introduced /v1/sql-runner endpoint. This issue has been resolved in version 0.31.24. Users are advised to either upgrade ...

Sql injection

Billing System Project v1.0 was discovered to contain a SQL injection vulnerability via the endDate parameter at getOrderReport.php...

CVE-2022-44378

Automotive Shop Management System v1.0 is vulnerable to SQL via /asms/classes/Master.php?f=deletemechanic...

CVE-2022-44378

The CVE-2022-44378 entry pertains to Automotive Shop Management System v1.0 and describes an SQL injection vulnerability exploitable via /asms/classes/Master.php?f=delete_mechanic. Connected sources consistently identify a lack of input validation in the Master.php endpoint, enabling attackers to...

PT-2022-27201 · Unknown · Automotive Shop Management System

Name of the Vulnerable Software and Affected Versions: Automotive Shop Management System version 1.0 Description: The issue concerns a SQL vulnerability in the Automotive Shop Management System. The vulnerability can be exploited via the /asms/classes/Master.php?f=delete mechanic API endpoint...

CVE-2022-44378

Automotive Shop Management System v1.0 is vulnerable to SQL via /asms/classes/Master.php?f=deletemechanic...

CVE-2022-44378

Automotive Shop Management System v1.0 is vulnerable to SQL via /asms/classes/Master.php?f=deletemechanic...

CVE-2021-38732

SEMCMS SHOP v 1.1 is vulnerable to SQL via AntMessage.php...

Design/Logic Flaw

SEMCMS SHOP v 1.1 is vulnerable to SQL via AntMessage.php...