Security
Headlines
HeadlinesLatestCVEs

Tag

#sql

CVE-2023-46581: Code-Projects-Inventory-Management-1.0/CVE-2023-46581-Code-Projects-Inventory-Management-1.0-SQL-Injection-Vulnerability.md at main · ersinerenler/Code-Projects-Inventory-Management-1.0

SQL injection vulnerability in Inventory Management v.1.0 allows a local attacker to execute arbitrary code via the name, uname and email parameters in the registration.php component.

CVE
Open in Source
#sql#vulnerability#git#php
CVE-2023-46025: phpgurukul-Teacher-Subject-Allocation-Management-System-1.0/CVE-2023-46025-phpgurukul-Teacher-Subject-Allocation-Management-System-1.0-SQL-Injection-Vulnerability.md at main · ersinerenler/phpgurukul-

SQL Injection vulnerability in teacher-info.php in phpgurukul Teacher Subject Allocation Management System 1.0 allows attackers to obtain sensitive information via the 'editid' parameter.

CVE-2023-46582: Code-Projects-Inventory-Management-1.0/CVE-2023-46582-Code-Projects-Inventory-Management-1.0-SQL-Injection-Vulnerability.md at main · ersinerenler/Code-Projects-Inventory-Management-1.0

SQL injection vulnerability in Inventory Management v.1.0 allows a local attacker to execute arbitrary SQL commands via the id paramter in the deleteProduct.php component.

CVE-2023-46024: PHPGurukul-Teacher-Subject-Allocation-Management-System-1.0/CVE-2023-46024-phpgurukul-Teacher-Subject-Allocation-Management-System-1.0-SQL-Injection-Vulnerability.md at main · ersinerenler/PHPGurukul-

SQL Injection vulnerability in index.php in phpgurukul Teacher Subject Allocation Management System 1.0 allows attackers to run arbitrary SQL commands and obtain sensitive information via the 'searchdata' parameter.

CVE-2023-46023: Code-Projects-Simple-Task-List-1.0/CVE-2023-46023-Code-Projects-Simple-Task-List-1.0-SQL-Injection-Vulnerability.md at main · ersinerenler/Code-Projects-Simple-Task-List-1.0

SQL injection vulnerability in addTask.php in Code-Projects Simple Task List 1.0 allows attackers to obtain sensitive information via the 'status' parameter.

CVE-2023-36402

Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability

CVE-2023-34991: Fortiguard

A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 and 8.4.0 through 8.4.2 and 8.3.0 through 8.3.2 and 8.2.2 allows attacker to execute unauthorized code or commands via a crafted http request.

CVE-2023-45684: CVE-2023-45684 - Mission Portal SQL injection vulnerability

Northern.tech CFEngine Enterprise before 3.21.3 allows SQL Injection. The fixed versions are 3.18.6 and 3.21.3. The earliest affected version is 3.6.0. The issue is in the Mission Portal login page in the CFEngine hub.

Alert: OracleIV DDoS Botnet Targets Public Docker Engine APIs to Hijack Containers

Publicly-accessible Docker Engine API instances are being targeted by threat actors as part of a campaign designed to co-opt the machines into a distributed denial-of-service (DDoS) botnet dubbed OracleIV. "Attackers are exploiting this misconfiguration to deliver a malicious Docker container, built from an image named 'oracleiv_latest' and containing Python malware compiled as an ELF executable

CVE-2023-46601

A vulnerability has been identified in COMOS (All versions). The affected application lacks proper access controls in making the SQLServer connection. This could allow an attacker to query the database directly to access information that the user should not have access to.