CVE-2018-25358

D-Link DIR601 2.02NA contains a credential disclosure vulnerability that allows unauthenticated attackers to retrieve sensitive configuration data by manipulating the tablename parameter in POST requests. Attackers can send requests to /mycgi.cgi with tablename values like adminuser,...

CVE-2018-25358

The CVE-2018-25358 entry concerns the D-Link DIR-601 (firmware 2.02NA) where an unauthenticated attacker can disclose credentials via /my_cgi.cgi by manipulating the table_name parameter in POST requests. Affected data includes administrative credentials and wireless keys, exposed in cleartext. T...

DataEase 安全漏洞

DataEase is an open-source data visualization and analysis tool developed by DataEase. It helps users quickly analyze data and gain insights into business trends, thereby enabling improvements and optimizations in their businesses. DataEase versions 2.10.20 and earlier contain security...

CVE-2026-33980

Azure Data Explorer MCP Server is a Model Context Protocol MCP server that enables AI assistants to execute KQL queries and explore Azure Data Explorer ADX/Kusto databases through standardized interfaces. Versions up to and including 0.1.1 contain KQL Kusto Query Language injection vulnerabilitie...

CVE-2026-33980 Azure Data Explorer MCP Server: KQL Injection in multiple tools allows MCP client to execute arbitrary Kusto queries

Azure Data Explorer MCP Server is a Model Context Protocol MCP server that enables AI assistants to execute KQL queries and explore Azure Data Explorer ADX/Kusto databases through standardized interfaces. Versions up to and including 0.1.1 contain KQL Kusto Query Language injection vulnerabilitie...

Azure Data Explorer MCP Server 安全漏洞

The Azure Data Explorer MCP Server is a connection protocol server developed by Pavel Shklovsky, designed to connect AI assistants with data warehouses. Versions of the Azure Data Explorer MCP Server prior to 0.1.1 contain security vulnerabilities. These vulnerabilities stem from the tablename...

PT-2026-28582

Name of the Vulnerable Software and Affected Versions Azure Data Explorer MCP Server versions prior to commit 0abe0ee55279e111281076393e5e966335fffd30 Azure Data Explorer MCP Server versions up to and including 0.1.1 Description Azure Data Explorer MCP Server, a Model Context Protocol MCP server,...

WordPress WP Online Users Stats plugin <= 1.0.0 - Authenticated (Editor+) SQL Injection via table_name Parameter vulnerability

Authenticated Editor+ SQL Injection via tablename Parameter vulnerability discovered by rajanhoyr in WordPress Plugin WP Online Users Stats versions = 1.0.0...

DataEase SQL注入漏洞

DataEase is a set of Java-based development of open source data visualization and analysis tools to help users quickly analyze data and insight into business trends , so as to achieve business improvement and optimization . DataEase /de2api/datasetData/tableField processing tableName parameter...

CVE-2025-4964

The WP Online Users Stats plugin for WordPress is vulnerable to time-based SQL Injection via the ‘tablename’ parameter in all versions up to, and including, 1.0.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes i...

CVE-2025-2685

The TablePress – Tables in WordPress made easy plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘table-name’ parameter in all versions up to, and including, 3.0.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attacker...

WordPress plugin TablePress 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site...

wangmarket SQL注入漏洞

wangmarket is a privatized deployment of your own SAAS cloud website builder system for individual developers in China xnx3. A security vulnerability exists in wangmarket CMS version 4.10, which originates from an SQL injection vulnerability. A remote attacker can exploit this vulnerability to ru...

GO-2023-1295 SQL injection in github.com/square/squalor

There is a potential for SQL injection in the table name parameter...

PT-2023-11815

Name of the Vulnerable Software and Affected Versions square squalor versions prior to v0.0.0 Description A critical issue was found in square squalor, affecting an unknown part, leading to sql injection. The manipulation with the table name parameter is potentially vulnerable to SQL injection...

IBAX go-ibax SQL注入漏洞

IBAX go-ibax is a blockchain system platform from IBAX Corporation. IBAX go-ibax suffers from a SQL injection vulnerability that originates from some unknown functionality in file/api/v2/open/rowsInfo, where manipulation of the parameter tablename results in SQL injection...

CVE-2020-25253

An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. It allows SQL injection, as demonstrated by the TableName, ColumnName, Name, UserId, or Password parameter...

Multiple Cross-Site Scripting Vulnerabilities in MySql Lite Administrator beta-1

MySql Lite Administrator is a graphical tool for managing Mysql database files. A cross-site scripting vulnerability exists in MySql Lite Administrator beta-1. Due to the tabella.php, coloni.php, and insert.php scripts failing to adequately filter the 'tablename' parameter; the coloni.php script...

CVE-2015-5064

Multiple cross-site scripting XSS vulnerabilities in MySql Lite Administrator mysql-lite-administrator beta-1 allow remote attackers to inject arbitrary web script or HTML via the tablename parameter to 1 tabella.php, 2 coloni.php, or 3 insert.php or 4 numrow parameter to coloni.php...

CVE-2015-5064

Multiple cross-site scripting XSS vulnerabilities in MySql Lite Administrator mysql-lite-administrator beta-1 allow remote attackers to inject arbitrary web script or HTML via the tablename parameter to 1 tabella.php, 2 coloni.php, or 3 insert.php or 4 numrow parameter to coloni.php...