49 matches found
CVE-2026-48231
Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in tables.php where the multiple POST parameters tablename, indexname, sortby are concatenated into table/column identifiers in dynamically constructed SELECT/UPDATE/DELETE statements without sanitization. Authenticated...
PT-2026-42509
Name of the Vulnerable Software and Affected Versions Open ISES Tickets versions prior to 3.44.2 Description An issue exists in the 'tables.php' endpoint where multiple POST parameters, specifically tablename, indexname, and sortby, are concatenated into table or column identifiers within...
CVE-2026-33207 DataEase SQL Injection Vulnerability
DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a SQL injection vulnerability in the /datasource/getTableField endpoint. The getTableFiledSql method in CalciteProvider.java incorporates the tableName parameter directly into SQL query string...
PT-2026-33359
DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a SQL injection vulnerability in the /datasource/getTableField endpoint. The getTableFiledSql method in CalciteProvider.java incorporates the tableName parameter directly into SQL query string...
CVE-2025-62422 DataEase SQL injection vulnerability
DataEase is an open source data visualization and analytics platform. In versions 2.10.13 and earlier, the /de2api/datasetData/tableField interface is vulnerable to SQL injection. An attacker can construct a malicious tableName parameter to execute arbitrary SQL commands. This issue is fixed in...
EUVD-2008-5863
Malware in sbrugna...
CVE-2024-29432
Alldata v0.4.6 was discovered to contain a SQL injection vulnerability via the tablename parameter at /data/masterdata/datas...
CVE-2021-43084
An SQL Injection vulnerability exists in Dreamer CMS 4.0.0 via the tableName parameter...
SQL Injection
Overview Affected versions of this package are vulnerable to SQL Injection in the processinsertquery function in the PostgresDB class. An attacker who can control the tablename used in a query, which is passed to the seqname argument without escaping, can cause SQL to be executed. Remediation The...
SQL Injection
com.jfinal, jfinal is vulnerable to SQL injection. The vulnerability is due to improper input validation in the DivDataControllerdata method, allowing attackers to execute arbitrary SQL commands by manipulating the tableName field of a custom div object. Attackers can exploit this flaw by creatin...
CVE-2024-29432
Alldata v0.4.6 was discovered to contain a SQL injection vulnerability via the tablename parameter at /data/masterdata/datas...
CVE-2024-29432
Alldata v0.4.6 was discovered to contain a SQL injection vulnerability via the tablename parameter at /data/masterdata/datas...
ALLDATA SQL注入漏洞
ALLDATA is an online resource for automotive original equipment manufacturer information from ALLDATA, Inc. It provides diagnostic and repair information for vehicle manufacturers. A SQL injection vulnerability exists in ALLDATA version V0.4.6, which stems from the tablename parameter in...
CVE-2024-29432
Alldata v0.4.6 was discovered to contain a SQL injection vulnerability via the tablename parameter at /data/masterdata/datas...
CVE-2024-29432
Summary: CVE-2024-29432 affects Alldata v0.4.6 and is a SQL injection flaw exploitable via the tablename parameter in /data/masterdata/datas. The vulnerability details are supported by multiple connected sources, all citing the same description. Affected component: Alldata v0.4.6 (data/masterdata...
CVE-2024-29432
Alldata v0.4.6 was discovered to contain a SQL injection vulnerability via the tablename parameter at /data/masterdata/datas...
CVE-2023-7096
A flaw has been found in code-projects Faculty Management System 1.0. The affected element is an unknown function of the file /admin/php/crud.php. This manipulation of the argument fieldname/tablename causes sql injection. The attack is possible to be carried out remotely. The exploit has been...
CVE-2023-26813
SQL injection vulnerability in com.xnx3.wangmarket.plugin.dataDictionary.controller.DataDictionaryPluginController.java in wangmarket CMS 4.10 allows remote attackers to run arbitrary SQL commands via the TableName parameter to /plugin/dataDictionary/tableView.do...
CVE-2023-26813
SQL injection vulnerability in com.xnx3.wangmarket.plugin.dataDictionary.controller.DataDictionaryPluginController.java in wangmarket CMS 4.10 allows remote attackers to run arbitrary SQL commands via the TableName parameter to /plugin/dataDictionary/tableView.do...
Sql injection
SQL injection vulnerability in com.xnx3.wangmarket.plugin.dataDictionary.controller.DataDictionaryPluginController.java in wangmarket CMS 4.10 allows remote attackers to run arbitrary SQL commands via the TableName parameter to /plugin/dataDictionary/tableView.do...