54 matches found
GHSA-PM8C-3QQ3-72W7 phpMyFAQ has SQL Injection in CurrentUser::setTokenData through unescaped OAuth token fields
Summary CurrentUser::setTokenData in phpmyfaq/src/phpMyFAQ/User/CurrentUser.php at lines 515-534 builds a SQL UPDATE statement with sprintf and interpolates OAuth token fields refreshtoken, accesstoken, codeverifier, and jsonencode$token'jwt' without calling $db-escape. Sibling methods...
CVE-2023-50395
SQL Injection Remote Code Execution Vulnerability was found using an update statement in the SolarWinds Platform. This vulnerability requires user authentication to be exploited...
EUVD-2021-33338
Malicious code in bioql PyPI...
BIT-MARIADB-MIN-2021-46662
MariaDB through 10.5.9 allows a setvar.cc application crash via certain uses of an UPDATE statement in conjunction with a nested subquery...
BIT-MYSQL-CLIENT-2021-46662
MariaDB through 10.5.9 allows a setvar.cc application crash via certain uses of an UPDATE statement in conjunction with a nested subquery...
BIT-MARIADB-2021-46662
MariaDB through 10.5.9 allows a setvar.cc application crash via certain uses of an UPDATE statement in conjunction with a nested subquery...
CVE-2023-50395 SQL Injection Remote Code Execution Vulnerability
SQL Injection Remote Code Execution Vulnerability was found using an update statement in the SolarWinds Platform. This vulnerability requires user authentication to be exploited...
CVE-2023-50395
CVE-2023-50395 concerns the SolarWinds Platform (Orion Platform) with a SQL Injection leading to Remote Code Execution via an update statement. Exploitation requires user authentication; impact is described as high (C/H/I/A) with CVSS v3.1 base score 8.0. Public references indicate multiple sourc...
PT-2024-1656 · Solarwinds · Solarwinds Orion Platform
Name of the Vulnerable Software and Affected Versions: SolarWinds Orion Platform affected versions not specified Description: A SQL Injection Remote Code Execution issue was discovered in the SolarWinds Platform, specifically using an update statement. This issue requires user authentication to b...
SQL Injection
Description GLPI 10.0.8 and are affected by an SQL injection on the page ajax/dashboard.php Proof of Concept I can provide you the POC written in python3.5 or higher. Just provide me a way to send it to you. Tested under the following environment: - Ubuntu 20.04 - GLPI 10.0.8 and 10.0.7 - Mysql...
EulerOS Virtualization 3.0.2.0 : mariadb (EulerOS-SA-2023-1704)
According to the versions of the mariadb packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - getsortbytable in MariaDB before 10.6.2 allows an application crash via certain subquery uses of ORDER BY. CVE-2021-46657 -...
SUSE CVE-2006-5540
backend/parser/analyze.c in PostgreSQL 8.1.x before 8.1.5 allows remote authenticated users to cause a denial of service daemon crash via certain aggregate functions in an UPDATE statement, which are not properly handled during a "MIN/MAX index optimization."...
EulerOS Virtualization 3.0.2.6 : mariadb (EulerOS-SA-2023-1071)
According to the versions of the mariadb packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - MariaDB through 10.5.9 allows an application crash in findfieldintables and findorderinlist via an unused common table expressio...
CVE-2022-2693 SourceCodester Electronic Medical Records System UPDATE Statement register.php sql injection
A vulnerability has been found in SourceCodester Electronic Medical Records System and classified as critical. This vulnerability affects unknown code of the file register.php of the component UPDATE Statement Handler. The manipulation of the argument pconsultation leads to sql injection. The...
Electronic Medical Records System SQL注入漏洞
Electronic Medical Records System is an electronic medical records system. SourceCodester Electronic Medical Records System suffers from a SQL injection vulnerability that stems from an unknown portion of the UPDATE Statement parameter handling code in its Register.php component where manipulatio...
mariadb: Crash in set_var.cc via certain UPDATE queries with nested subqueries
MariaDB through 10.5.9 allows a setvar.cc application crash via certain uses of an UPDATE statement in conjunction with a nested subquery...
EulerOS 2.0 SP3 : mariadb (EulerOS-SA-2022-1746)
According to the versions of the mariadb packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - MariaDB through 10.5.9 allows an application crash in findfieldintables and findorderinlist via an unused common table expression CTE...
EulerOS 2.0 SP5 : mariadb (EulerOS-SA-2022-1543)
According to the versions of the mariadb packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - MariaDB through 10.5.9 allows an application crash in findfieldintables and findorderinlist via an unused common table expression CTE...
SQL Injection
dolibarr/dolibarr is vulnerable to SQL Injection attacks. The vulnerability exists due to lack of sanitization in the UPDATE statement which allows a malicious attacker to execute arbitrary SQL queries on countryid parameter...
SQL Injection in Dolibarr
An SQL Injection vulnerability exists in Dolibarr ERP/CRM 13.0.2 fixed version is 14.0.0 via a POST request to the countryid parameter in an UPDATE statement...