GHSA-F626-677R-J5VQ Withdrawn Advisory: Nette Database SQL injection

Withdrawn Advisory This advisory has been withdrawn as it was reported in error. This link is maintained to preserve external references. Original Description Nette Database through 3.2.4 allows SQL injection in certain situations involving an untrusted filter that is directly passed to the where...

Withdrawn Advisory: Nette Database SQL injection

Withdrawn Advisory This advisory has been withdrawn as it was reported in error. This link is maintained to preserve external references. Original Description Nette Database through 3.2.4 allows SQL injection in certain situations involving an untrusted filter that is directly passed to the where...

PT-2024-36561 · Nette · Nette Database

Name of the Vulnerable Software and Affected Versions: Nette Database versions 3.2.4 and earlier Description: The issue allows SQL injection in certain situations involving an untrusted filter that is directly passed to the where method. This occurs when there's an untrusted filter sent straight ...

CVE-2024-55586

CVE-2024-55586 (Nette Database) : Affected software is Nette Database up to version 3.2.4. The vulnerability is a SQL injection vulnerability where an untrusted filter is passed directly to the where method, enabling manipulation of query logic. The vendor states this is intended behavior. Public...

CVE-2023-32571

Dynamic Linq 1.0.7.10 through 1.2.25 before 1.3.0 allows attackers to execute arbitrary code and commands when untrusted input to methods including Where, Select, OrderBy is parsed...

Dynamic Linq 安全漏洞

Dynamic Linq is a free open source LINQ dynamic query library. A security vulnerability exists in Dynamic Linq versions 1.0.7.10 through 1.2.25 that could allow an attacker to execute arbitrary code and commands while parsing methods on untrusted inputs such as Where, Select, and OrderBy...

SUSE CVE-2017-17917

SQL injection vulnerability in the 'where' method in Ruby on Rails 5.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the 'id' parameter. NOTE: The vendor disputes this issue because the documentation states that this method is not intended for use with untrusted inpu...

CodeIgniter SQL注入漏洞

CodeIgniter is an open source web framework written in PHP. A SQL injection vulnerability exists in CodeIgniter version 3.1.13 and earlier versions, which stems from a SQL injection problem in the where method of the systemdatabaseDBquerybuilder.php location...

GHSA-M7H5-FJJQ-559F SQL Injection in topthink/thinkphp

ThinkPHP v3.2.3 and below contains a SQL injection vulnerability which is triggered when the array is not passed to the "where" and "query" methods...

SQL Injection in topthink/thinkphp

ThinkPHP v3.2.3 and below contains a SQL injection vulnerability which is triggered when the array is not passed to the "where" and "query" methods...

CVE-2020-20120

ThinkPHP v3.2.3 and below contains a SQL injection vulnerability which is triggered when the array is not passed to the "where" and "query" methods...

Sql injection

ThinkPHP v3.2.3 and below contains a SQL injection vulnerability which is triggered when the array is not passed to the "where" and "query" methods...

Ruby on Rails SQL Injection Vulnerability (CNVD-2018-01349)

Ruby on Rails is a web application development framework written in the Ruby language. A SQL injection vulnerability exists in the 'where' method in Ruby on Rails 5.1.4 and earlier. A remote attacker can exploit this vulnerability to execute arbitrary SQL commands via the 'id' parameter...

DEBIAN-CVE-2017-17917

SQL injection vulnerability in the 'where' method in Ruby on Rails 5.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the 'id' parameter. NOTE: The vendor disputes this issue because the documentation states that this method is not intended for use with untrusted inpu...

UBUNTU-CVE-2017-17917

DISPUTED SQL injection vulnerability in the 'where' method in Ruby on Rails 5.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the 'id' parameter. NOTE: The vendor disputes this issue because the documentation states that this method is not intended for use with...

PT-2017-15098 · Ruby +1 · Ruby On Rails +1

Name of the Vulnerable Software and Affected Versions: Ruby on Rails versions 5.1.4 and earlier Description: A SQL injection issue in the 'where' method allows remote attackers to execute arbitrary SQL commands via the id parameter. The vendor disputes this issue, citing that the method is not...

CVE-2013-1854

The Active Record component in Ruby on Rails 2.3.x before 2.3.18, 3.1.x before 3.1.12, and 3.2.x before 3.2.13 processes certain queries by converting hash keys to symbols, which allows remote attackers to cause a denial of service via crafted input to a where method...