Security
Headlines
HeadlinesLatestCVEs

Tag

#sql

CVE-2023-48813: CVE-ID-not-yet/slims/slims9_bulian-9.6.1-SQLI-fines_report.md at main · komangsughosa/CVE-ID-not-yet

Senayan Library Management Systems (Slims) 9 Bulian v9.6.1 is vulnerable to SQL Injection via admin/modules/reporting/customs/fines_report.php.

CVE
Open in Source
#sql#vulnerability#git#php
GHSA-fg29-37px-c7wm: RuoYi vulnerable to SQL injection vulnerability

RuoYi up to v4.6 was discovered to contain a SQL injection vulnerability via /system/dept/edit.

CVE-2023-49371: RuoYi-v4.6-vulnerability/Ruoyiv4.6.md at main · Maverickfir/RuoYi-v4.6-vulnerability

RuoYi up to v4.6 was discovered to contain a SQL injection vulnerability via /system/dept/edit.

Red Hat Security Advisory 2023-7616-01

Red Hat Security Advisory 2023-7616-01 - An update for postgresql is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include integer overflow and remote SQL injection vulnerabilities.

CVE-2023-48016: cves/CVE-2023-48016-restaurant-table-booking-system-SQLInjection.md at main · Serhatcck/cves

Restaurant Table Booking System V1.0 is vulnerable to SQL Injection in rtbs/admin/index.php via the username parameter.

CVE-2023-46956: bug_reports/packers-and-movers-management-system/SQL-1.md at main · geilihan/bug_reports

SQL injection vulnerability in Packers and Movers Management System v.1.0 allows a remote attacker to execute arbitrary code via crafted payload to the /mpms/admin/?page=user/manage_user&id file.

CVE-2021-35975: GitHub - fbkcs/CVE-2021-35975: Path Traversal Vulnerability in Systematica SMTP Adapter and other sub-products

Absolute path traversal vulnerability in the Systematica SMTP Adapter component (up to v2.0.1.101) in Systematica Radius (up to v.3.9.256.777) allows remote attackers to read arbitrary files via a full pathname in GET parameter "file" in URL. Also: affected components in same product - HTTP Adapter (up to v.1.8.0.15), MSSQL MessageBus Proxy (up to v.1.1.06), Financial Calculator (up to v.1.3.05), FIX Adapter (up to v.2.4.0.25)

CVE-2023-6360: SQL Injection in My Calendar WordPress Plugin

The 'My Calendar' WordPress Plugin, version < 3.4.22 is affected by an unauthenticated SQL injection vulnerability in the 'from' and 'to' parameters in the '/my-calendar/v1/events' rest route.

CVE-2023-6402

A vulnerability, which was classified as critical, was found in PHPGurukul Nipah Virus Testing Management System 1.0. This affects an unknown part of the file add-phlebotomist.php. The manipulation of the argument empid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-246423.

CVE-2023-6410: Multiple vulnerabilities in Voovi Social Networking Script

A vulnerability has been reported in Voovi Social Networking Script that affects version 1.0 and consists of a SQL injection via editprofile.php in multiple parameters. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all the information stored in the application.