Security
Headlines
HeadlinesLatestCVEs

Tag

#sql

CVE-2023-4673

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Sanalogy Turasistan allows SQL Injection.This issue affects Turasistan: before 20230911 .

CVE
Open in Source
#sql#vulnerability
CVE-2023-40982: Webmin

A stored cross-site scripting (XSS) vulnerability in Webmin v2.100 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the cloned module name parameter.

CVE-2023-39639

LeoTheme leoblog up to v3.1.2 was discovered to contain a SQL injection vulnerability via the component LeoBlogBlog::getListBlogs.

CVE-2023-40957: OdZoo/exploits/pdm/3 at main · luvsn/OdZoo

A SQL injection vulnerability in Didotech srl Engineering & Lifecycle Management (aka pdm) v.14.0, v.15.0 and v.16.0 fixed in pdm-14.0.1.0.0, pdm-15.0.1.0.0, and pdm-16.0.1.0.0 allows a remote authenticated attacker to execute arbitrary code via the request parameter in models/base_client.py component.

CVE-2023-40958: OdZoo/exploits/pdm/1 at main · luvsn/OdZoo

A SQL injection vulnerability in Didotech srl Engineering & Lifecycle Management (aka pdm) v.14.0, v.15.0 and v.16.0 fixed in pdm-14.0.1.0.0, pdm-15.0.1.0.0, and pdm-16.0.1.0.0 allows a remote authenticated attacker to execute arbitrary code via the query parameter in models/base_client.py component.

CVE-2023-40955: OdZoo/exploits/pdm/2 at main · luvsn/OdZoo

A SQL injection vulnerability in Didotech srl Engineering & Lifecycle Management (aka pdm) v.14.0, v.15.0 and v.16.0 fixed in pdm-14.0.1.0.0, pdm-15.0.1.0.0, and pdm-16.0.1.0.0 allows a remote authenticated attacker to execute arbitrary code via the select parameter in models/base_client.py component.

CVE-2023-40956: OdZoo/exploits/website_job_search at main · luvsn/OdZoo

A SQL injection vulnerability in Cloudroits Website Job Search v.15.0 allows a remote authenticated attacker to execute arbitrary code via the name parameter in controllers/main.py component.

CVE-2023-39641: [CVE-2023-39641] Improper neutralization of SQL parameter in Active Design - Full Affiliates module for PrestaShop

Active Design psaffiliate before v1.9.8 was discovered to contain a SQL injection vulnerability via the component PsaffiliateGetaffiliatesdetailsModuleFrontController::initContent().

CVE-2023-42405: [BUG] SQL injection vulnerability in list() method across multiple controllers · Issue #79 · fit2cloud/rackshift

SQL injection vulnerability in FIT2CLOUD RackShift v1.7.1 allows attackers to execute arbitrary code via the `sort` parameter to taskService.list(), bareMetalService.list(), and switchService.list().

CVE-2023-38891: modules/Reports/ReportRun.php · master · vtiger / vtigercrm · GitLab

SQL injection vulnerability in Vtiger CRM v.7.5.0 allows a remote authenticated attacker to escalate privileges via the getQueryColumnsList function in ReportRun.php.