70 matches found
SUSE CVE-2006-3388
Cross-site scripting XSS vulnerability in phpMyAdmin before 2.8.2 allows remote attackers to inject arbitrary web script or HTML via the table parameter...
CVE-2022-35148
maccms10 v2021.1000.1081 to v2022.1000.3031 was discovered to contain a SQL injection vulnerability via the table parameter at database/columns.html...
CVE-2022-35148
maccms10 v2021.1000.1081 to v2022.1000.3031 was discovered to contain a SQL injection vulnerability via the table parameter at database/columns.html...
CVE-2022-35148
The CVE-2022-35148 entry concerns maccms10 versions from v2021.1000.1081 to v2022.1000.3031, where a SQL injection exists via the table parameter on the database/columns.html endpoint. Root cause: unsafe handling of the table parameter leads to injection. Impact is described as SQL injection; no ...
PT-2022-22600 · Maccms10 · Maccms10
Name of the Vulnerable Software and Affected Versions: maccms10 versions v2021.1000.1081 through v2022.1000.3031 Description: A SQL injection issue was found via the table parameter at the "database/columns.html" endpoint. Recommendations: For versions v2021.1000.1081 through v2022.1000.3031, avo...
CVE-2020-21667
In fastadmin-tp6 v1.0, in the file app/admin/controller/Ajax.php the 'table' parameter passed is not filtered so a malicious parameter can be passed for SQL injection...
CVE-2008-5621
Cross-site request forgery CSRF vulnerability in phpMyAdmin 2.11.x before 2.11.9.4 and 3.x before 3.1.1.0 allows remote attackers to perform unauthorized actions as the administrator via a link or IMG tag to tblstructure.php with a modified table parameter. NOTE: other unspecified pages are also...
CVE-2019-16696
phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/edit.php table parameter when action=add is used...
CVE-2019-16694
phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/edit-result.php table parameter when action=add is used...
CVE-2019-16692
phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/filter-result.php table parameter when action=add is used...
CVE-2019-16693
phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/order.php table parameter when action=add is used...
CVE-2019-16694
phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/edit-result.php table parameter when action=add is used...
CVE-2019-16696
phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/edit.php table parameter when action=add is used...
Sql injection
Multiple SQL injection vulnerabilities in Kinsey Infor-Lawson formerly ESBUS allow remote attackers to execute arbitrary SQL commands via the 1 TABLE parameter to esbus/servlet/GetSQLData or 2 QUERY parameter to KKLS9ReportingPortal/GetData...
CVE-2017-6550
Multiple SQL injection vulnerabilities in Kinsey Infor-Lawson formerly ESBUS allow remote attackers to execute arbitrary SQL commands via the 1 TABLE parameter to esbus/servlet/GetSQLData or 2 QUERY parameter to KKLS9ReportingPortal/GetData...
phpLiteAdmin Cross-Site Scripting Vulnerability
phpLiteAdmin is a software developer Dane Iracleous developed a set of PHP implementation and Web-based open-source SQLite database management tool . A cross-site scripting vulnerability exists in phpLiteAdmin version 1.1, which stems from a failure of the phpliteadmin.php script to adequately...
CVE-2015-6518
Multiple cross-site scripting XSS vulnerabilities in phpLiteAdmin 1.1 allow remote attackers to inject arbitrary web script or HTML via the 1 PATHINFO, 2 droptable parameter, or 3 table parameter to phpliteadmin.php...
CVE-2012-5244
Multiple SQL injection vulnerabilities in Banana Dance B.2.6 and earlier allow remote attackers to execute arbitrary SQL commands via the 1 return, 2 display, 3 table, or 4 search parameter to functions/suggest.php; 5 the id parameter to functions/widgets.php, 6 the category parameter to...
CVE-2014-4735
Cross-site scripting XSS vulnerability in MyWebSQL 3.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the table parameter to index.php...
UBUNTU-CVE-2013-2226
Multiple SQL injection vulnerabilities in GLPI before 0.83.9 allow remote attackers to execute arbitrary SQL commands via the 1 usersidassign parameter to ajax/ticketassigninformation.php, 2 filename parameter to front/document.form.php, or 3 table parameter to ajax/comments.php...